aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2020-05-18 22:56:08 -0600
committerJason A. Donenfeld <Jason@zx2c4.com>2020-05-19 17:21:12 -0600
commit7e10c0c7fd2d76417e38fd326943dd10812da8fd (patch)
treecf5f3c45f77d40dcdeb1043b9a501b43372a25e2
parentDo not bring interface down and up on port/rtable change (diff)
downloadwireguard-openbsd-7e10c0c7fd2d76417e38fd326943dd10812da8fd.tar.xz
wireguard-openbsd-7e10c0c7fd2d76417e38fd326943dd10812da8fd.zip
Mark as IFT_WIREGUARD rather than normal tunnel
-rw-r--r--src/Makefile8
-rwxr-xr-xsrc/clean_patch.sh2
-rw-r--r--src/if_wg.c6
-rw-r--r--src/patches/if_types.patch11
-rw-r--r--src/patches/ifconfig.patch26
-rw-r--r--src/patches/in6_ifattach.patch18
-rw-r--r--src/patches/man9_mbuf_tags.patch2
-rw-r--r--src/patches/mbuf.h.patch2
-rw-r--r--src/patches/tcpdump.patch8
9 files changed, 60 insertions, 23 deletions
diff --git a/src/Makefile b/src/Makefile
index ea04282..577b9f9 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -102,9 +102,15 @@ ifconfig: patch_ifconfig
/usr/src/share/man/man9/mbuf_tags.9: patches/man9_mbuf_tags.patch
patch -uN /usr/src/share/man/man9/mbuf_tags.9 < patches/man9_mbuf_tags.patch || touch /usr/src/share/man/man9/mbuf_tags.9
+/usr/src/sys/net/if_types.h: patches/if_types.patch
+ patch -uN /usr/src/sys/net/if_types.h < patches/if_types.patch || touch /usr/src/sys/net/if_types.h
+
+/usr/src/sys/netinet6/in6_ifattach.c: patches/in6_ifattach.patch
+ patch -uN /usr/src/sys/netinet6/in6_ifattach.c < patches/in6_ifattach.patch || touch /usr/src/sys/netinet6/in6_ifattach.c
+
.PHONY:
-patch_kernel: /usr/src/sys/crypto/blake2s.c /usr/src/sys/crypto/blake2s.h /usr/src/sys/crypto/curve25519.c /usr/src/sys/crypto/curve25519.h /usr/src/sys/crypto/chacha_private.h /usr/src/sys/crypto/chachapoly.h /usr/src/sys/crypto/chachapoly.c /usr/src/sys/conf/files /usr/src/sys/conf/GENERIC /usr/src/sys/netinet/in_pcb.h /usr/src/sys/netinet/udp_usrreq.c /usr/src/sys/net/if_wg.c /usr/src/sys/net/if_wg.h /usr/src/sys/sys/mbuf.h /usr/src/sys/crypto/wg_noise.c /usr/src/sys/crypto/wg_noise.h /usr/src/sys/crypto/wg_cookie.c /usr/src/sys/crypto/wg_cookie.h /usr/src/sys/net/wgtest.c
+patch_kernel: /usr/src/sys/crypto/blake2s.c /usr/src/sys/crypto/blake2s.h /usr/src/sys/crypto/curve25519.c /usr/src/sys/crypto/curve25519.h /usr/src/sys/crypto/chacha_private.h /usr/src/sys/crypto/chachapoly.h /usr/src/sys/crypto/chachapoly.c /usr/src/sys/conf/files /usr/src/sys/conf/GENERIC /usr/src/sys/netinet/in_pcb.h /usr/src/sys/netinet/udp_usrreq.c /usr/src/sys/net/if_wg.c /usr/src/sys/net/if_wg.h /usr/src/sys/sys/mbuf.h /usr/src/sys/crypto/wg_noise.c /usr/src/sys/crypto/wg_noise.h /usr/src/sys/crypto/wg_cookie.c /usr/src/sys/crypto/wg_cookie.h /usr/src/sys/net/wgtest.c /usr/src/sys/net/if_types.h /usr/src/sys/netinet6/in6_ifattach.c
.PHONY:
patch_userspace: /usr/src/usr.bin/kdump/mkioctls /usr/src/usr.bin/kdump/Makefile /usr/src/distrib/sets/lists/comp/mi
diff --git a/src/clean_patch.sh b/src/clean_patch.sh
index 7f0585d..64c6d17 100755
--- a/src/clean_patch.sh
+++ b/src/clean_patch.sh
@@ -13,6 +13,8 @@ patch -uN /usr/src/sbin/ifconfig/Makefile < $DIR/patches/ifconfig_Makefile.patch
patch -uN /usr/src/etc/netstart < $DIR/patches/netstart.patch
patch -uN /usr/src/sys/net/if.c < $DIR/patches/if_c.patch
+patch -uN /usr/src/sys/net/if_types.h < $DIR/patches/if_types.patch
+patch -uN /usr/src/sys/netinet6/in6_ifattach.c < $DIR/patches/in6_ifattach.patch
patch -uN /usr/src/sys/conf/GENERIC < $DIR/patches/CONFIG.patch
patch -uN /usr/src/sys/conf/files < $DIR/patches/files.patch
patch -uN /usr/src/sys/crypto/chacha_private.h < $DIR/patches/chacha_private.h.patch
diff --git a/src/if_wg.c b/src/if_wg.c
index 73c2a0f..4750d60 100644
--- a/src/if_wg.c
+++ b/src/if_wg.c
@@ -846,8 +846,8 @@ wg_tag_get(struct mbuf *m)
{
struct m_tag *mtag;
- if ((mtag = m_tag_find(m, PACKET_TAG_WG, NULL)) == NULL) {
- mtag = m_tag_get(PACKET_TAG_WG, sizeof(struct wg_tag),
+ if ((mtag = m_tag_find(m, PACKET_TAG_WIREGUARD, NULL)) == NULL) {
+ mtag = m_tag_get(PACKET_TAG_WIREGUARD, sizeof(struct wg_tag),
M_NOWAIT);
if (mtag == NULL)
return (NULL);
@@ -2551,7 +2551,7 @@ wg_clone_create(struct if_clone *ifc, int unit)
ifp->if_start = wg_start;
ifp->if_output = wg_output;
- ifp->if_type = IFT_TUNNEL;
+ ifp->if_type = IFT_WIREGUARD;
IFQ_SET_MAXLEN(&ifp->if_snd, IFQ_MAXLEN);
if_attach(ifp);
diff --git a/src/patches/if_types.patch b/src/patches/if_types.patch
new file mode 100644
index 0000000..7b5075f
--- /dev/null
+++ b/src/patches/if_types.patch
@@ -0,0 +1,11 @@
+diff --git a/sys/net/if_types.h b/sys/net/if_types.h
+index dbd9e84a7fe..8dd86461d3e 100644
+--- a/sys/net/if_types.h
++++ b/sys/net/if_types.h
+@@ -269,5 +269,6 @@
+ #define IFT_BLUETOOTH 0xf8 /* Bluetooth */
+ #define IFT_PFLOW 0xf9 /* pflow */
+ #define IFT_MBIM 0xfa /* Mobile Broadband Interface Model */
++#define IFT_WIREGUARD 0xfb /* WireGuard tunnel */
+
+ #endif /* _NET_IF_TYPES_H_ */
diff --git a/src/patches/ifconfig.patch b/src/patches/ifconfig.patch
index 10e3c7b..28e9e67 100644
--- a/src/patches/ifconfig.patch
+++ b/src/patches/ifconfig.patch
@@ -53,7 +53,7 @@ index aefa23d157a..ee6d51aadb3 100644
#define A_MEDIAINST 0x0008 /* instance or inst command */
#define A_MEDIAMODE 0x0010 /* mode command */
#define A_JOIN 0x0020 /* join */
-+#define A_WG 0x0040 /* any wg command */
++#define A_WIREGUARD 0x0040 /* any WireGuard command */
#define A_SILENT 0x8000000 /* doing operation, do not print */
#define NEXTARG0 0xffffff
@@ -62,17 +62,17 @@ index aefa23d157a..ee6d51aadb3 100644
{ "sff", NEXTARG0, 0, transceiver },
{ "sffdump", 0, 0, transceiverdump },
+
-+ { "wgpeer", NEXTARG, A_WG, setwgpeer},
-+ { "wgendpoint", NEXTARG2, A_WG, NULL, setwgpeerep},
-+ { "wgaip", NEXTARG, A_WG, setwgpeeraip},
-+ { "wgpsk", NEXTARG, A_WG, setwgpeerpsk},
-+ { "wgpka", NEXTARG, A_WG, setwgpeerpka},
-+ { "wgport", NEXTARG, A_WG, setwgport},
-+ { "wgkey", NEXTARG, A_WG, setwgkey},
-+ { "wgrtable", NEXTARG, A_WG, setwgrtable},
-+ { "-wgpeer", NEXTARG, A_WG, unsetwgpeer},
-+ { "-wgpsk", 0, A_WG, unsetwgpeerpsk},
-+ { "-wgpeerall", 0, A_WG, unsetwgpeerall},
++ { "wgpeer", NEXTARG, A_WIREGUARD, setwgpeer},
++ { "wgendpoint", NEXTARG2, A_WIREGUARD, NULL, setwgpeerep},
++ { "wgaip", NEXTARG, A_WIREGUARD, setwgpeeraip},
++ { "wgpsk", NEXTARG, A_WIREGUARD, setwgpeerpsk},
++ { "wgpka", NEXTARG, A_WIREGUARD, setwgpeerpka},
++ { "wgport", NEXTARG, A_WIREGUARD, setwgport},
++ { "wgkey", NEXTARG, A_WIREGUARD, setwgkey},
++ { "wgrtable", NEXTARG, A_WIREGUARD, setwgrtable},
++ { "-wgpeer", NEXTARG, A_WIREGUARD, unsetwgpeer},
++ { "-wgpsk", 0, A_WIREGUARD, unsetwgpeerpsk},
++ { "-wgpeerall", 0, A_WIREGUARD, unsetwgpeerall},
+
#else /* SMALL */
{ "powersave", NEXTARG0, 0, setignore },
@@ -306,7 +306,7 @@ index aefa23d157a..ee6d51aadb3 100644
+void
+process_wg_commands(void)
+{
-+ if (actions & A_WG) {
++ if (actions & A_WIREGUARD) {
+ strlcpy(wgdata.wgd_name, ifname, sizeof(wgdata.wgd_name));
+
+ if (ioctl(sock, SIOCSWG, (caddr_t)&wgdata) == -1)
diff --git a/src/patches/in6_ifattach.patch b/src/patches/in6_ifattach.patch
new file mode 100644
index 0000000..2334e65
--- /dev/null
+++ b/src/patches/in6_ifattach.patch
@@ -0,0 +1,18 @@
+diff --git a/sys/netinet6/in6_ifattach.c b/sys/netinet6/in6_ifattach.c
+index 48e65e2186f..ece83548f9c 100644
+--- a/sys/netinet6/in6_ifattach.c
++++ b/sys/netinet6/in6_ifattach.c
+@@ -389,6 +389,13 @@ in6_ifattach(struct ifnet *ifp)
+ return (error);
+ }
+
++ /* Interfaces that rely on strong a priori cryptographic binding of
++ * IP addresses are incompatible with automatically assigned llv6. */
++ switch (ifp->if_type) {
++ case IFT_WIREGUARD:
++ return (0);
++ }
++
+ /* Assign a link-local address, if there's none. */
+ if (in6ifa_ifpforlinklocal(ifp, 0) == NULL) {
+ if (in6_ifattach_linklocal(ifp, NULL) != 0) {
diff --git a/src/patches/man9_mbuf_tags.patch b/src/patches/man9_mbuf_tags.patch
index bb8e6ae..22cf71a 100644
--- a/src/patches/man9_mbuf_tags.patch
+++ b/src/patches/man9_mbuf_tags.patch
@@ -7,7 +7,7 @@ index f402b415286..271b6448193 100644
This tag is primarily used to detect and avoid loops in IPsec
processing on output.
-.It PACKET_TAG_GIF
-+.It PACKET_TAG_WG
++.It PACKET_TAG_WIREGUARD
Used by the
-.Xr gif 4
-interface to detect loops in processing.
diff --git a/src/patches/mbuf.h.patch b/src/patches/mbuf.h.patch
index 43d84f2..f72b3eb 100644
--- a/src/patches/mbuf.h.patch
+++ b/src/patches/mbuf.h.patch
@@ -7,7 +7,7 @@ index a54b003754d..dd2383ddd8b 100644
#define PACKET_TAG_IPSEC_IN_DONE 0x0001 /* IPsec applied, in */
#define PACKET_TAG_IPSEC_OUT_DONE 0x0002 /* IPsec applied, out */
-#define PACKET_TAG_GIF 0x0040 /* GIF processing done */
-+#define PACKET_TAG_WG 0x0040 /* WireGuard data */
++#define PACKET_TAG_WIREGUARD 0x0040 /* WireGuard data */
#define PACKET_TAG_GRE 0x0080 /* GRE processing done */
#define PACKET_TAG_DLT 0x0100 /* data link layer type */
#define PACKET_TAG_PF_DIVERT 0x0200 /* pf(4) diverted packet */
diff --git a/src/patches/tcpdump.patch b/src/patches/tcpdump.patch
index 0173b0b..e090966 100644
--- a/src/patches/tcpdump.patch
+++ b/src/patches/tcpdump.patch
@@ -19,7 +19,7 @@ index 5836e64ce12..72364274886 100644
#define PT_TFTP 11 /* Trivial File Transfer Protocol */
#define PT_VXLAN 12 /* Virtual eXtensible Local Area Network */
#define PT_ERSPAN 13 /* GRE ERSPAN Type I or II */
-+#define PT_WG 14 /* WireGuard VPN protocol */
++#define PT_WIREGUARD 14 /* WireGuard tunnel */
#ifndef min
#define min(a,b) ((a)>(b)?(b):(a))
@@ -45,7 +45,7 @@ index 81eb57283c4..2ab2f06491b 100644
case PT_TFTP:
tftp_print(cp, length);
break;
-+ case PT_WG:
++ case PT_WIREGUARD:
+ wg_print(cp, length);
+ break;
}
@@ -69,7 +69,7 @@ index e17012bba36..3dd77500e47 100644
.It Cm wb
distributed White Board
+.It Cm wg
-+WireGuard VPN protocol
++WireGuard tunnel
.El
.It Fl t
Do not print a timestamp on each dump line.
@@ -82,7 +82,7 @@ index 34d7de738ad..8492a088ef3 100644
else if (strcasecmp(optarg, "tftp") == 0)
packettype = PT_TFTP;
+ else if (strcasecmp(optarg, "wg") == 0)
-+ packettype = PT_WG;
++ packettype = PT_WIREGUARD;
else if (strcasecmp(optarg, "sack") == 0)
/*
* kept for compatibility; DEFAULT_SNAPLEN