path: root/src (unfollow)
Commit message (Collapse)AuthorFilesLines
2018-12-30netlink: auth socket changes against namespace of socketJason A. Donenfeld1-0/+7
In WireGuard, the underlying UDP socket lives in the namespace where the interface was created and doesn't move if the interface is moved. This allows one to create the interface in some privileged place that has Internet access, and then move it into a container namespace that only has the WireGuard interface for egress. Consider the following situation: 1. Interface created in namespace A. Socket therefore lives in namespace A. 2. Interface moved to namespace B. Socket remains in namespace A. 3. Namespace B now has access to the interface and changes the listen port and/or fwmark of socket. Change is reflected in namespace A. This behavior is arguably _fine_ and perhaps even expected or acceptable. But there's also an argument to be made that B should have A's cred to do so. So, this patch adds a simple ns_capable check.
2018-12-20tools: curve25519: handle unaligned loads/stores safelyJason A. Donenfeld2-5/+19
Reported-by: Chris Hewitt <chris@chrishewitt.net>
2018-12-18version: bump snapshot0.0.20181218Jason A. Donenfeld2-2/+2
2018-12-18makefile: use immediate expansion and use correct template patternsJason A. Donenfeld2-7/+7
2018-12-18netns: nmap != ncatJason A. Donenfeld1-4/+4
2018-12-18wg-quick: bring interface up while setting MTUAaron Jones1-9/+4
This avoids another ip(8) invocation for little benefit. Confirmed to work with iproute2 and busybox. Signed-off-by: Aaron Jones <aaronmdjones@gmail.com>
2018-12-12compat: account for Clang CFIJason A. Donenfeld1-1/+1
2018-12-07chacha20: do not define unused asm functionJason A. Donenfeld1-4/+2
This causes RAP to be unhappy, and we're not using it anyway. Reported-by: Ivan J. <parazyd@dyne.org>
2018-12-07compat: don't undef BUILD_BUG_ON for Clang >=8Nathan Chancellor1-1/+1
This has been fixed upstream. To keep this hack working for toolchains that don't have it, use CONFIG_CLANG_VERSION, which was added in commit 469cb7376c06 ("kconfig: add CC_IS_CLANG and CLANG_VERSION"), introduced in 4.18. I have added the '!defined(CONFIG_CLANG_VERSION)' to keep the hack around for Android. Most custom kernel developers are using AOSP's Clang, which currently does not have the fix and might not for a while (although it is probably on Google's mind given that it has been an issue for ChromeOS on 4.19: https://crbug.com/897215). I have verified this change against my Pixel 2 kernel and 4.20-rc3 with the latest ToT Clang. Link: https://github.com/ClangBuiltLinux/linux/issues/7 Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
2018-12-07chacha20,poly1305: simplify perlasm fancinessJason A. Donenfeld3-75/+69
2018-11-19version: bump snapshot0.0.20181119Jason A. Donenfeld2-2/+2
2018-11-19chacha20,poly1305: do not use xlateJason A. Donenfeld3-1496/+73
2018-11-17poly1305: make frame pointers for auxiliary callsSamuel Neves1-31/+43
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
2018-11-16crypto: better path resolution and more specific generated .SJason A. Donenfeld2-14/+9
2018-11-15chacha20,poly1305: don't do compiler testing in generator and remove xor helperJason A. Donenfeld2-30/+39
2018-11-15crypto: resolve target prefix on buggy kernelsJason A. Donenfeld1-1/+6
We also move to .SECONDARY, since older kernels don't use targets like that.
2018-11-15poly1305: cleanup leftover debugging changesJason A. Donenfeld1-3/+3
2018-11-15poly1305: only export neon symbols when in useJason A. Donenfeld1-2/+6
2018-11-15chacha20,poly1305: fix up for win64Samuel Neves2-27/+29
These don't help us, but it is important to keep this working for when it's re-added to cryptogams. Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
2018-11-15version: bump snapshot0.0.20181115Jason A. Donenfeld2-2/+2
2018-11-15perlasm: avoid rep retJason A. Donenfeld1-1/+1
The original hardcodes returns as .byte 0xf3,0xc3, aka "rep ret". We replace this by "ret". "rep ret" was meant to help with AMD K8 chips, cf. http://repzret.org/p/repzret. It makes no sense to continue to use this kludge for code that won't even run on ancient AMD chips.
2018-11-15poly1305: specialize to wireguardJason A. Donenfeld1-11/+20
2018-11-15chacha20: specialize to wireguardJason A. Donenfeld2-20/+38
2018-11-15perlasm: cleanup whitespaceJason A. Donenfeld1-5/+5
2018-11-15poly1305: adjust to kernelSamuel Neves1-220/+291
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
2018-11-14chacha20: cleaner function declarationsSamuel Neves1-23/+23
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
2018-11-14chacha20: normalize namesSamuel Neves1-71/+71
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
2018-11-14chacha20: fixup win64 stack offsetsSamuel Neves1-129/+129
We don't need to do this for kernel purposes, but it's polite to leave things unbroken. Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
2018-11-14chacha20: simplify stack unwinding on ChaCha20_ctr32Samuel Neves1-10/+8
objtool did not quite understand the stack arithmetic employed here. Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
2018-11-14chacha20: use DRAP idiomSamuel Neves1-236/+235
This effectively means swapping the usage of %r9 and %r10 globally. Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
2018-11-14chacha20: add hchacha_ssse3Samuel Neves1-0/+39
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
2018-11-14chacha20: begin adapting to kernel settingSamuel Neves2-68/+116
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
2018-11-14chacha20,poly1305: switch to perlasm originals on x86_64Samuel Neves5-5424/+9596
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
2018-11-14chacha20,poly1305: use CONFIG_KERNEL_MODE_NEON in .pl on armJason A. Donenfeld4-8/+11
While Andy is right to desire a separation between compiler defines and project defines, there are simply too many odd kernel configurations and we require testing for CONFIG_KERNEL_MODE_NEON.
2018-11-14chacha20,poly1305: switch to perlasm originals on mips and armJason A. Donenfeld14-6106/+5572
We also separate out Eric Biggers' Cortex A7 implementation into its own file.
2018-11-13global: various formatting tweeksJason A. Donenfeld9-22/+19
2018-11-11wg-quick: android: do not choke on empty allowed-ipsJason A. Donenfeld1-1/+4
Reported-by: Samuel Holland <samuel@sholland.org>
2018-11-05compat: csum_levels is new in 3.18 but backported to RHELJason A. Donenfeld2-0/+3
2018-10-27qemu: bump default kernelJason A. Donenfeld1-1/+1
2018-10-27send: calculate inner checksums for all protocolsAndrejs Hanins1-5/+4
I'm using GRE tunnel (transparent Ethernet bridging flavor) over WireGuard interface to be able to bridge L2 network segments. The typical protocol chain looks like this IP->GRE->EthernetHeader->IP->UDP. UDP here is the packet sent from the L2 network segment which is tunneled using GRE over Wireguard. Indeed, there is a checksum inside UDP header which is, as a rule, kept partially calculated while packet travels through network stack and outer protocols are added until the packet reaches WG device which exposes NETIF_F_HW_CSUM feature meaning it can handle checksum offload for all protocols. But the problem here is that skb_checksum_setup called from encrypt_packet handles only TCP/UDP protocols under top level IP, but in my case there is a GRE protocol there, so skb_checksum_help is not called and packet continues its life with unfinished (broken) checksum and gets encrypted as-is. When such packet is received by other side and reaches L2 networks it's seen there with a broken checksum inside the UDP header. The fact that Wireguard on the receiving side sets skb->ip_summed to CHECKSUM_UNNECESSARY partially mitigates the problem by telling network stack on the receiving side that validation of the checksum is not necessary, so local TCP stack, for example, works fine. But it doesn't help in situations when packet needs to be forwarded further (sent out from the box). In this case there is no way we can tell next hop that checksum verification for this packet is not necessary, we just send it out with bad checksum and packet gets dropped on the next hop box. I think the issue of the original code was the wrong usage of skb_checksum_setup, simply because it's not needed in this case. Instead, we can just rely on ip_summed skb field to see if partial checksum needs to be finalized or not. Note that many other drivers in kernel follow this approach. In summary: - skb_checksum_setup can only handle TCP/UDP protocols under top level IP header, packets with other protocols (like GRE) are sent out by Wireguard with unfinished partial checksums which causes problems on receiving side (bad checksums). - encrypt_packet gets skb prepared by network stack, so there is no need to setup the checksum from scratch, but just perform hw checksum offload using software helper skb_checksum_help for packet which explicitly require it as denoted by CHECKSUM_PARTIAL. Signed-off-by: Andrejs Hanins <ahanins@gmail.com>
2018-10-27receive: assume all levels have been checksumed, not just outerJason A. Donenfeld1-0/+7
This means we do less computation on encapsulated payloads.
2018-10-27device: do not clear keys on sleep for PM_AUTOSLEEPJason A. Donenfeld1-4/+11
This way other devices that use Android style wakelocks will also have the same semantics. We also move this logic into the handler so that it's slightly cleaner and gives us some opportunity to leave a normal comment. Suggested-by: Theodore Ts'o <tytso@mit.edu> Suggested-by: Andrew Lunn <andrew@lunn.ch> Suggested-by: Sultan Alsawaf <sultanxda@gmail.com>
2018-10-27curve25519-x86_64: this was relicensed to BSD-3-Clause upstreamJason A. Donenfeld1-1/+1
2018-10-27timers: it is always reasonable to remove a timerJason A. Donenfeld3-17/+6
If struct timer_list has not been setup, it is zeroed, in which case timer_pending is false, so calling del_timer is safe. Calling del_timer is also safe on a timer that has already been del_timer'd. And calling del_timer is safe after a peer is dead, since the whole point of it being dead is that no more timers are created and all contexts eventually stop. Finally del_timer uses a lock, which means it's safe to call it concurrently. Therefore, we do not need any guards around calls to del_timer. While we're at it, we can get rid of the old lingering timers_enabled boolean which wasn't doing anything anyway anymore.
2018-10-27ratelimiter: make hash calls explicitJason A. Donenfeld1-11/+14
2018-10-27makefile: include selftests in style checkJason A. Donenfeld1-1/+1
2018-10-27timers: do not use wg_peer_get_maybe_zeroJason A. Donenfeld1-35/+13
peer_remove calls sets is_dead to true and calls timers_stop before putting the last reference, which means whenever timers do actually trigger, they should only trigger with a reference, and therefore we don't need the maybe_zero dance. This also narrows the scope of using maybe_zero to just be lookup structures (the two hashtables and allowedips), which is what the idiom is actually meant for.
2018-10-27allowedips: fix sparse warnings in optional selftestsJason A. Donenfeld1-12/+14
2018-10-27poly1305-donna64: mark large constants as ULLJason A. Donenfeld1-24/+24
2018-10-27send: consider dropped stage packets to be droppedJason A. Donenfeld5-4/+15
Suggested-by: Andrew Lunn <andrew@lunn.ch>