| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
| |
FreeBSD adds a route for point-to-point destination addresses. We don't
really want to specify any destination address, but unfortunately we
have to. Before we tried to cheat by giving our own address as the
destination, but this had the unfortunate effect of preventing
loopback from working on our local ip address. We work around this with
yet another kludge: we set the destination address to 127.0.0.1. Since
127.0.0.1 is already assigned to an interface, this has the same effect
of not specifying a destination address, and therefore we accomplish the
intended behavior.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
This is a change for Linux 5.0.
|
| | |
|
| |
|
|
| |
Reported-by: Raf Czlonka <rczlonka@gmail.com>
|
| |
|
|
| |
Reported-by: Alex Xu <alex@alxu.ca>
|
| |
|
|
|
|
|
|
|
| |
The former was just a wrapper around the latter, and so upstream is now
removing it.
Also adjust the compat kludge to deal with this.
Reported-by: Alex Xu <alex@alxu.ca>
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In WireGuard, the underlying UDP socket lives in the namespace where the
interface was created and doesn't move if the interface is moved. This
allows one to create the interface in some privileged place that has
Internet access, and then move it into a container namespace that only
has the WireGuard interface for egress. Consider the following
situation:
1. Interface created in namespace A. Socket therefore lives in namespace A.
2. Interface moved to namespace B. Socket remains in namespace A.
3. Namespace B now has access to the interface and changes the listen
port and/or fwmark of socket. Change is reflected in namespace A.
This behavior is arguably _fine_ and perhaps even expected or
acceptable. But there's also an argument to be made that B should have
A's cred to do so. So, this patch adds a simple ns_capable check.
|
| |
|
|
| |
Reported-by: Chris Hewitt <chris@chrishewitt.net>
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
This avoids another ip(8) invocation for little benefit.
Confirmed to work with iproute2 and busybox.
Signed-off-by: Aaron Jones <aaronmdjones@gmail.com>
|
| | |
|
| |
|
|
|
|
| |
This causes RAP to be unhappy, and we're not using it anyway.
Reported-by: Ivan J. <parazyd@dyne.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This has been fixed upstream. To keep this hack working for toolchains
that don't have it, use CONFIG_CLANG_VERSION, which was added in commit
469cb7376c06 ("kconfig: add CC_IS_CLANG and CLANG_VERSION"), introduced
in 4.18. I have added the '!defined(CONFIG_CLANG_VERSION)' to keep the
hack around for Android. Most custom kernel developers are using AOSP's
Clang, which currently does not have the fix and might not for a while
(although it is probably on Google's mind given that it has been an
issue for ChromeOS on 4.19: https://crbug.com/897215).
I have verified this change against my Pixel 2 kernel and 4.20-rc3 with
the latest ToT Clang.
Link: https://github.com/ClangBuiltLinux/linux/issues/7
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
|
| | |
|
| | |
|
| |
|
|
|
| |
We also move to .SECONDARY, since older kernels don't use targets like
that.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
These don't help us, but it is important to keep this working for when
it's re-added to cryptogams.
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
|
| | |
|
| |
|
|
|
|
|
|
| |
The original hardcodes returns as .byte 0xf3,0xc3, aka "rep ret".
We replace this by "ret". "rep ret" was meant to help with AMD K8
chips, cf. http://repzret.org/p/repzret. It makes no sense to
continue to use this kludge for code that won't even run on ancient
AMD chips.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
|
| |
|
|
| |
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
|
| |
|
|
| |
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
|
| |
|
|
|
|
| |
We don't need to do this for kernel purposes, but it's polite to leave things unbroken.
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
|
| |
|
|
|
|
| |
objtool did not quite understand the stack arithmetic employed here.
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
|
| |
|
|
|
|
| |
This effectively means swapping the usage of %r9 and %r10 globally.
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
|
| |
|
|
| |
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
|
| |
|
|
| |
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
|
| |
|
|
| |
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
|
| |
|
|
|
|
| |
While Andy is right to desire a separation between compiler defines and
project defines, there are simply too many odd kernel configurations and
we require testing for CONFIG_KERNEL_MODE_NEON.
|
| |
|
|
|
| |
We also separate out Eric Biggers' Cortex A7 implementation into its own
file.
|
| | |
|
| |
|
|
| |
Reported-by: Samuel Holland <samuel@sholland.org>
|
| | |
|
Jason A. Donenfeld
Aaron Jones
Nathan Chancellor
Samuel Neves