| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
It insta-crashes on x86.
|
| | |
|
| |
|
|
|
|
|
| |
Apparently cdd750bfb1f76fe9be8cfb53cbe77b2e811081ab changed things, so
we fall back onto this hack.
Reported-by: Alex Xu <alex@alxu.ca>
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Reported-by: Bruno Wolff III <bruno@wolff.to>
|
| |
|
|
|
|
| |
This was never really correct, and then 5.1 broke it entirely.
Reported-by: piraty1@inbox.ru
|
| | |
|
| |
|
|
|
|
|
| |
This allows the kernel to generate ipv6 fragments. Apply the same
to ipv4 for consistency.
Signed-off-by: Joe Holden <jwh@zorins.us>
|
| | |
|
| | |
|
| |
|
|
| |
Reference: https://lists.zx2c4.com/pipermail/wireguard/2019-April/004081.html
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Otherwise if this list item is later reused, we'll crash on list poison
or worse.
Also, add a version of Mimka's reproducer to netns.sh to catch these
types of bugs in the future.
Reported-by: Mimka <mikma.wg@lists.m7n.se>
|
| | |
|
| | |
|
| |
|
|
| |
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
|
| | |
|
| |
|
|
| |
Suggested-by: David Miller <davem@davemloft.net>
|
| |
|
|
|
|
| |
DaveM doth forbid.
Suggested-by: David Miller <davem@davemloft.net>
|
| | |
|
| |
|
|
| |
Signed-off-by: Luis Ressel <aranea@aixah.de>
|
| |
|
|
|
|
|
|
|
| |
`wg-quick strip` prints the config file to stdout after stripping it of
all wg-quick-specific options.
This enables tricks such as `wg addconf $DEV <(wg-quick strip $DEV)`.
Signed-off-by: Luis Ressel <aranea@aixah.de>
|
| |
|
|
| |
Signed-off-by: Luis Ressel <aranea@aixah.de>
|
| |
|
|
| |
Otherwise mktemp doesn't see it, and if it's empty we wind up in /.
|
| | |
|
| |
|
|
|
|
|
| |
In d2c5c103b133 ("netfilter: nat: remove nf_nat_l3proto.h and
nf_nat_core.h").
Signed-off-by: Bruno Wolff III <bruno@wolff.to>
|
| |
|
|
| |
Signed-off-by: Alexander von Gluck IV <kallisti5@unixzen.com>
|
| |
|
|
|
|
|
|
|
|
| |
Apparently Haiku has a misbehaving /dev/urandom.
While we're at it, simplify the function signature to completely succeed
or completely fail and make sure the caller checks the result.
Reported-by: Alexander von Gluck IV <kallisti5@unixzen.com>
Nitpicked-by: Aaron Jones <aaronmdjones@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The commit 7c833642 ("wg-quick: freebsd: allow loopback to work") was
supposed to make things better, but actually it just started sending
legitimate localhost traffic over the WireGuard interface, which is
really quite bad.
This reverts commit 7c833642dfa342218602ab18e7091e86408d2982.
Reported-by: Matt Smith <matt.xtaz@gmail.com>
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
This makes `wg show` and `wg showconf` and the like significantly
faster, since we don't have to iterate through every node of the trie
for every single peer. It also makes netlink cursor resumption much less
problematic, since we're just iterating through a list, rather than
having to save a traversal stack.
|
| | |
|
| |
|
|
| |
This causes needless traversal of the trie.
|
| |
|
|
| |
Signed-off-by: Luis Ressel <aranea@aixah.de>
|
| |
|
|
| |
Signed-off-by: Luis Ressel <aranea@aixah.de>
|
| | |
|
| |
|
|
|
|
|
| |
On ancient kernels, ipv6_stub is sometimes null in cases where IPv6 has
been disabled with a command line flag or other failures.
Reported-by: Anatoli <me@anatoli.ws>
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
The map allocations required to fix this are mostly slower than
unaligned paths.
Reported-by: Louis Sautier <sbraz@gentoo.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The hashtable allocations are quite large, and cause the device allocation in
the net framework to stall sometimes while it tries to find a contiguous region
that can fit the device struct:
[<0000000000000000>] __switch_to+0x94/0xb8
[<0000000000000000>] __alloc_pages_nodemask+0x764/0x7e8
[<0000000000000000>] kmalloc_order+0x20/0x40
[<0000000000000000>] __kmalloc+0x144/0x1a0
[<0000000000000000>] alloc_netdev_mqs+0x5c/0x368
[<0000000000000000>] rtnl_create_link+0x48/0x180
[<0000000000000000>] rtnl_newlink+0x410/0x708
[<0000000000000000>] rtnetlink_rcv_msg+0x190/0x1f8
[<0000000000000000>] netlink_rcv_skb+0x4c/0xf8
[<0000000000000000>] rtnetlink_rcv+0x30/0x40
[<0000000000000000>] netlink_unicast+0x18c/0x208
[<0000000000000000>] netlink_sendmsg+0x19c/0x348
[<0000000000000000>] sock_sendmsg+0x3c/0x58
[<0000000000000000>] ___sys_sendmsg+0x290/0x2b0
[<0000000000000000>] __sys_sendmsg+0x58/0xa0
[<0000000000000000>] SyS_sendmsg+0x10/0x20
[<0000000000000000>] el0_svc_naked+0x34/0x38
[<0000000000000000>] 0xffffffffffffffff
To fix the allocation stalls, decouple the hashtable allocations from the device
allocation and allocate the hashtables with kvmalloc's implicit __GFP_NORETRY
so that the allocations fall back to vmalloc with little resistance.
Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com>
|
| | |
|
| |
|
|
|
| |
This mitigates unrelated sidechannel attacks that think they can turn
WireGuard into a useful time oracle.
|
| |
|
|
|
|
|
| |
Since wg-quick(8) calls wg(8) which does hostname lookups, we should
probably only run this after we're allowed to look up hostnames.
Reported-by: Anton Castelli <anton.c42@gmail.com>
|
| | |
|
Jason A. Donenfeld
Joe Holden
Samuel Neves
Luis Ressel
Bruno Wolff III
Alexander von Gluck IV
Sultan Alsawaf