aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/src (unfollow)
Commit message (Collapse)AuthorFilesLines
2019-12-19version: bump snapshotHEAD0.0.20191219masterJason A. Donenfeld2-2/+2
2019-12-19compat: ipv6_dst_lookup_flow was backported to 5.3 and 5.4Jason A. Donenfeld1-1/+1
2019-12-17wg-quick: linux: use already configured addresses instead of in-memoryJason A. Donenfeld1-6/+6
The ADDRESSES array might not have addresses added during PreUp. But moreover, nft(8) and iptables(8) don't like ip addresses in the form somev6prefix::someipv4suffix, such as fd00::1.2.3.4, while ip(8) can handle it. So by adding these first and then asking for them back, we always get normalized addresses suitable for nft(8) and iptables(8). Reported-by: Silvan Nagl <mail@53c70r.de>
2019-12-13tools: adjust wg.8 syntax for consistency in COMMANDS sectionKai Haberzettl1-1/+1
Signed-off-by: Kai Haberzettl <khaberz@gmail.com>
2019-12-12wg-quick: linux: try both iptables(8) and nft(8) on teardownJason A. Donenfeld1-1/+2
Daniel argues that technically a package manager could install nft(8) after previously having started wg-quick(8) using iptables(8). Suggested-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-12-12version: bump snapshot0.0.20191212Jason A. Donenfeld2-2/+2
2019-12-12main: remove unused include <linux/version.h>YueHaibing1-1/+0
Remove including <linux/version.h> that we don't need. Signed-off-by: YueHaibing <yuehaibing@huawei.com>
2019-12-12wg-quick: linux: support older nft(8)Jason A. Donenfeld1-5/+5
Older nft(8), such as that on Ubuntu, does not accept the - parameter to the -f argument and doesn't accept symbolic priority names. So instead use the canonical numeric priority forms and use <(echo) instead of -.
2019-12-12global: fix up spellingJosh Soref4-8/+8
Signed-off-by: Josh Soref <jsoref@gmail.com>
2019-12-12wg-quick: linux: add support for nft and prefer itJason A. Donenfeld1-20/+39
If nft(8) is installed, use it. These rules should be identical to the iptables-restore(8) ones, with the advantage that cleanup is easy because we use custom table names.
2019-12-12compat: support building for RHEL-8.1 instead of RHEL-8.0Sergey Ivanov1-2/+2
RedHat backported to their kernel 4.18.0-147.el8 a couple features. This patch enables compiling for this kernel. Signed-off-by: Sergey Ivanov <seriv@cs.umd.edu>
2019-12-12socket: convert to ipv6_dst_lookup_flow for 5.5Jason A. Donenfeld2-3/+8
Upstream changed the API, so we introduce this super insane compat hack to make everything work again.
2019-12-06version: bump snapshot0.0.20191206Jason A. Donenfeld2-2/+2
2019-12-06chacha20poly1305: double check the sgmiter logic with testJason A. Donenfeld1-8/+59
2019-12-06wg-quick: linux: ignore save warnings for iptables-nftJason A. Donenfeld1-1/+1
2019-12-06wg-quick: linux: suppress more warnings on weird kernelsJason A. Donenfeld1-4/+4
2019-12-05wg-quick: linux: some iptables don't like empty linesJason A. Donenfeld1-6/+6
Reported-by: Kenneth R. Crudup <kenny@panix.com>
2019-12-05crypto: use new assembler macros for 5.5Jason A. Donenfeld6-14/+19
2019-12-05chacha20poly1305: port to sgmitter for 5.5Jason A. Donenfeld6-122/+151
I'm not totally comfortable with these changes yet, and it'll require some more scrutiny. But it's a start.
2019-12-05netlink: prepare for removal of genl_family_attrbuf in 5.5Jason A. Donenfeld2-8/+20
2019-12-05version: bump snapshot0.0.20191205Jason A. Donenfeld2-2/+2
2019-12-05wg-quick: linux: iptables-* -w is not widely supportedJason A. Donenfeld1-2/+2
2019-12-05ipc: make sure userspace communication frees wgdeviceJason A. Donenfeld2-11/+16
2019-12-05send: avoid touching skb->{next,prev} directlyJason A. Donenfeld1-2/+2
This isn't quite the same, since mark_not_on_list doesn't touch skb->prev, but hopefully it doesn't matter.
2019-12-05device: prepare skb_list_walk_safe for upstreamingJason A. Donenfeld3-9/+13
2019-12-05send: use kfree_skb_listJason A. Donenfeld1-9/+2
2019-12-05wg-quick: linux: have remove_iptables return trueJason A. Donenfeld1-1/+1
Reported-by: Thomas Sattler <sattler@med.uni-frankfurt.de>
2019-12-05wg-quick: linux: ensure postdown hooks executeJason A. Donenfeld1-2/+2
Reported-by: Thomas Sattler <sattler@med.uni-frankfurt.de>
2019-11-27wg-quick: linux: suppress error when finding unused tableJason A. Donenfeld1-1/+1
2019-11-27version: bump snapshot0.0.20191127Jason A. Donenfeld2-2/+2
2019-11-27tools: add syncconf commandJason A. Donenfeld3-0/+97
2019-11-27qemu: bump versionJason A. Donenfeld1-1/+1
2019-11-27qemu: respect PATH when finding CBUILDJason A. Donenfeld1-1/+1
2019-11-27qemu: work around build bug with powerpc64leJason A. Donenfeld1-0/+1
2019-11-27wg-quick: linux: filter bogus injected packets and don't disable rpfilterJason A. Donenfeld1-8/+29
2019-11-26wg-quick: linux: only touch net.ipv4 for v4Jason A. Donenfeld1-3/+5
2019-11-26allowedips: avoid double lock in selftest error caseJason A. Donenfeld1-8/+9
2019-11-26socket: remove redundant check of new4Jason A. Donenfeld1-1/+1
2019-11-26allowedips: safely dereference rcu rootsJason A. Donenfeld1-6/+10
2019-10-30messages: recalculate rekey max based on a one minute floodJason A. Donenfeld1-1/+1
Discussed-with: Mathias Hall-Andersen <mathias@hall-andersen.dk>
2019-10-16wg-quick: android: check for null in binder cleanup functionsJason A. Donenfeld1-3/+6
2019-10-12version: bump snapshot0.0.20191012Jason A. Donenfeld2-2/+2
2019-10-12wg-quick: android: use Binder for setting DNS on Android 10Nicolas Douma1-7/+429
Signed-off-by: Nicolas Douma <nicolas@serveur.io>
2019-10-11noise: recompare stamps after taking write lockJason A. Donenfeld1-2/+6
2019-10-11netlink: allow preventing creation of new peers when updatingJason A. Donenfeld2-9/+12
This enables race-free updates for wg-dynamic and similar tools. Suggested-by: Thomas Gschwantner <tharre3@gmail.com>
2019-10-11netns: add test for failing 5.3 FIB changesJason A. Donenfeld2-1/+24
Reference: https://lore.kernel.org/netdev/20190924073615.31704-1-Jason@zx2c4.com/
2019-10-11qemu: bump default versionJason A. Donenfeld1-1/+1
2019-09-13version: bump snapshot0.0.20190913Jason A. Donenfeld2-2/+2
2019-09-13compat: support rhel/centos 7.7Jason A. Donenfeld1-1/+1
2019-09-13Kbuild: squelch warnings for stack limit on broken kernel configsJason A. Donenfeld1-0/+1
1280 is considered the absolute minimum for 64bit archs.