aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* send: account for route-based MTUJason A. Donenfeld2018-04-155-3/+26
| | | | | | | | | | It might be that a particular route has a different MTU than the interface, via `ip route add ... dev wg0 mtu 1281`, for example. In this case, it's important that we don't accidently pad beyond the end of the MTU. We accomplish that in this patch by carrying forward the MTU from the dst if it exists. We also add a unit test for this issue. Reported-by: Roman Mamedov <rm.wg@romanrm.net>
* wg-quick: account for specified fwmark in auto routing modeJason A. Donenfeld2018-04-151-19/+23
| | | | | | | | | | | If we're doing automatic routing with default routes, but the config has also specified an explicit fwmark, then use that explicit fwmark, even if it's conflicting, since the administrator has explicitly opted into using it. Also, when shutting down the interface, we only now remove the fancy rules if we're in automatic routing mode with default routes. Suggested-by: Luis Ressel <aranea@aixah.de> Reported-by: Saeid Akbari <saeidscorp@yahoo.com>
* qemu: bump default versionJason A. Donenfeld2018-04-151-1/+1
|
* version: bump snapshot0.0.20180413Jason A. Donenfeld2018-04-132-2/+2
|
* chacha20poly1305: put magic constant behind macroJason A. Donenfeld2018-04-052-3/+5
|
* chacha20poly1305: add self tests from wycheproofJason A. Donenfeld2018-04-051-3/+1026
|
* curve25519: add self tests from wycheproofJason A. Donenfeld2018-04-041-0/+504
|
* wg-quick.8: fix typoJason A. Donenfeld2018-04-041-1/+1
| | | | Reported-by: Mike Pechkin <mike.pechkin@gmail.com>
* curve25519: precomp const correctnessJason A. Donenfeld2018-03-091-24/+22
|
* curve25519: memzero in batchesJason A. Donenfeld2018-03-091-140/+124
|
* curve25519: use cmov instead of xor for cswapJason A. Donenfeld2018-03-091-12/+39
| | | | Also add cselect optimization.
* curve25519: use precomp implementation instead of sandy2xJason A. Donenfeld2018-03-094-3438/+2071
| | | | It's faster and doesn't use the FPU.
* compat: support OpenSUSE 15Jason A. Donenfeld2018-03-091-3/+6
|
* compat: silence warning on frankenkernelsJason A. Donenfeld2018-03-091-0/+3
| | | | Some Android 3.18 devices backport this macro.
* compat: stable kernels are now receiving b87b619Jason A. Donenfeld2018-03-071-1/+1
|
* wg-quick: hide errors on saveJason A. Donenfeld2018-03-041-1/+1
|
* version: bump snapshot0.0.20180304Jason A. Donenfeld2018-03-042-2/+2
|
* wg-quick: if resolvconf/run/iface exists, use itJason A. Donenfeld2018-03-041-1/+1
| | | | | Some older broken resolvconfs don't support resolvconf -l, but do have a file in a standard location, so use it.
* wg-quick: if resolvconf/interface-order exists, use itJason A. Donenfeld2018-03-041-3/+12
| | | | | | | Some older broken resolvconf implementations ignore -m, but do have an interface-order list. It's better to use this list dynamically, in case it changes, or in case it's not used by the OS's resolvconf implementation, such as in the case of systemd or openresolv.
* noise: align static_identity keysJason A. Donenfeld2018-03-021-1/+1
|
* compat: use correct -include pathJason A. Donenfeld2018-03-021-5/+6
|
* noise: fix function prototypeJason A. Donenfeld2018-03-021-1/+1
|
* global: in gnu code, use un-underscored asmJason A. Donenfeld2018-03-023-3/+3
|
* messages: MESSAGE_TOTAL is unusedJason A. Donenfeld2018-03-021-2/+1
|
* crypto: read only after initJason A. Donenfeld2018-03-024-10/+11
|
* Kconfig: require DST_CACHE explicitlyJason A. Donenfeld2018-03-021-0/+1
|
* compat: workaround netlink refcount bugJason A. Donenfeld2018-03-021-1/+1
| | | | | | | For now it looks like only 4.16 has this, but we'll keep track in case others add it too. Upstream-fix: b87b6194be63 ("netlink: put module reference if dump start fails")
* allowedips: fix comment styleJason A. Donenfeld2018-02-211-1/+2
|
* queueing: skb_reset: mark as xnetJason A. Donenfeld2018-02-201-1/+1
| | | | | | | | This was avoided for a long time, because I wanted the packet to be charged to the original socket for as long as possible. However, this broke net_cls, which looks at skb->sk for additional late-stage routing decisions. So we had no choice but to ensure that skb->sk is NULL by the time of xmit, and this means calling the skb destructor.
* version: bump snapshot0.0.20180218Jason A. Donenfeld2018-02-182-2/+2
|
* tools: fixup errno handlingJason A. Donenfeld2018-02-172-8/+8
|
* tools: FreeBSD doesn't have EAI_NODATAJason A. Donenfeld2018-02-171-2/+15
|
* tools: do not collide types with libc clashesJason A. Donenfeld2018-02-171-4/+10
|
* wg(8): clarify phrasingJason A. Donenfeld2018-02-171-3/+3
|
* tools: allow in-line commentsJason A. Donenfeld2018-02-173-11/+17
|
* tools: normalize strncpy/snprintf usageJason A. Donenfeld2018-02-144-18/+22
|
* blake2s: use union instead of castingJason A. Donenfeld2018-02-142-19/+17
| | | | | This deals with alignment more easily and also helps squelch a clang-analyzer warning.
* allowedips: indicate to clang-analyzer that trie is non-nullJason A. Donenfeld2018-02-141-0/+1
| | | | | We check it in the block just above the only call to node_placement, so we're certain this is the case.
* socket: free skb if there isn't an endpointJason A. Donenfeld2018-02-121-0/+2
| | | | | | | | | | | | | | Because the packet transmission interface in Linux, in general, has the characteristic of "consuming" skbs, our own socket_send family too must always consume skbs. This means that when a caller passes an skb to a socket_send function, he looses ownership and expects for the skb to be freed by the socket_send function, not by himself. Therefore, it's important that we actually carry out this contract under all circumstances, even when there's no endpoint available. This condition could be hit by setting up a peer with a persistent keepalive but no endpoint, or by removing an endpoint once packets were queued up to be sent already.
* qemu: more granular memleak detectionJason A. Donenfeld2018-02-121-2/+15
|
* netns: replace n0 ip with ip0, per customJason A. Donenfeld2018-02-121-2/+2
|
* poly1305: fix up selftest counterJason A. Donenfeld2018-02-081-1/+1
|
* qemu: add support for powerpcJason A. Donenfeld2018-02-072-2/+21
|
* wg-quick: match from beginning rather than shift rightJason A. Donenfeld2018-02-061-2/+2
| | | | | Before, this meant that it simply took the last 15 characters, instead of erroring out when there's more than 15 chars.
* tools: endian.h is not portableJason A. Donenfeld2018-02-051-4/+9
|
* version: bump snapshot0.0.20180202Jason A. Donenfeld2018-02-022-2/+2
|
* qemu: update base versionsJason A. Donenfeld2018-02-021-2/+2
|
* curve25519: break more things with more test casesJason A. Donenfeld2018-02-011-0/+12
|
* curve25519: replace fiat64 with faster hacl64Jason A. Donenfeld2018-02-015-474/+887
| | | | | This reverts commit da4ff396cc5d5e0ff21f9ecbc2f951c048c63fff and adds some optimizations to hacl64.
* curve25519: replace hacl64 with fiat64Jason A. Donenfeld2018-02-015-880/+474
| | | | | | | | | | For now, it's faster: hacl64: 109782 cycles per call fiat64: 108984 cycles per call It's quite possible this commit will be reverted with nice changes from INRIA, though.
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.