Commit message (Collapse)AuthorAgeFilesLines
* Revert "Simplify if_output to avoid queueing"HEADmasterJason A. Donenfeld5 days1-13/+48
| | | | | | It was slower. This reverts commit 5ff7590ac82239e902da7912eafadd5d0626b6f5.
* Simplify if_output to avoid queueingJason A. Donenfeld5 days1-48/+13
| | | | | fq_codel is done by copying the mbuf flow hash for the final egress, but not at the encapsulation stage.
* Separate wgtest.c into relevant filesMatt Dunwoodie6 days7-505/+640
| | | | | | | | | | | | | This also adds a test to ratelimiter based on the Linux selftest. These tests can be run by adding a -DWGTEST to the build options, either: * putting "option WGTEST" into sys/conf/GENERIC * run make as: COPTS="-DWGTEST" make They will run at boot time and output to the console. I think this is closer to what testing should look like on OpenBSD, but that is not really a decision for me to make. At least for the time being we can leave this here and get people to test it.
* wg_ratelimit_pool should be of type ratelimit_entryMatt Dunwoodie6 days1-1/+1
| | | | | | This didn't cause any issues in practice, as sizeof(struct ratelimit) was larger than sizeof(struct ratelimit_entry), however besides being incorrect, it means we're allocating more memory than necessary.
* Align ratelimit constants with other implementationsMatt Dunwoodie6 days2-4/+5
| | | | Additionally, ensure rl_table_num is zeroed.
* memcpy requires a header for chachaJason A. Donenfeld8 days1-3/+14
* Check the right pointer when validating response macsJason A. Donenfeld8 days1-2/+2
* Copy flow hash on encapsulating so fq_codel can do its thingJason A. Donenfeld8 days1-0/+5
* Keep nonces in native endian except for wire marshalling, and fix big endian cookiesJason A. Donenfeld10 days3-23/+25
| | | | | | | | | | | It's better to do marshalling when dealing with the wire format, in one place, and then pass around native endian numbers. Then, since chapoly needs its own encoding, we take care of encoding there, too. But we never touch this stuff in the middle. At the same time, on big endian systems, xchapoly was using the wrong endian nonce. And on systems with alignment traps, xchapoly was crashing.
* Change == to >= in mq_pushMatt Dunwoodie10 days1-1/+1
| | | | | This is just a precautionary check, and is not necessary if mbuf_queue is only being modified by the mq_* API, but we might as well include it.
* Set IFF_NOARP by defaultMatt Dunwoodie10 days1-1/+1
| | | | | | This really isn't used much in the base system, but we do want to indicate to userspace that we can't ARP. This has no effect on any kernel internals as we use wg_output, not ether_output.
* Add additional comments to clarify ioctl locksMatt Dunwoodie11 days2-1/+5
* Slight refactor to timersMatt Dunwoodie11 days1-13/+11
| | | | | This makes code a little bit neater, and makes it easier to audit side by side with other implementations.
* Add handshake_last_sent check to wg_send_initiationMatt Dunwoodie11 days1-7/+34
| | | | | | | | | | | | | | | Unfortunately in some earlier refactoring, I missed the handshake_last_sent check in wg_send_initiation. Maybe it wasn't in timers.c. This meant that initiation packets may be sent at a rate faster than 1 per 5 seconds. NOT GOOD. This also required a few helpers for the timeout as we don't want to use ratecheck in wg_timers_event_want_initiation as it may override t_handshake_last_sent. I'll also change the timer to nanoseconds because we can, and extra precision won't hurt.
* Remove function castsMatt Dunwoodie11 days1-71/+89
* Simple removal of WG_PEERS_FOREACH_*Matt Dunwoodie11 days1-15/+8
* We should use mq_push for the p_staged_queueMatt Dunwoodie11 days1-1/+1
* Remove unnecessary checks for integer overflowMatt Dunwoodie11 days1-4/+0
* Don't assume mbufs have 8-byte alignmentJason A. Donenfeld11 days1-3/+7
* Do not make unaligned writes on tai64nJason A. Donenfeld11 days1-2/+8
* Rename constants to match key typesJason A. Donenfeld11 days5-188/+190
* Remove __packed from print-wg, since structures are naturally alignedJason A. Donenfeld11 days1-4/+4
* Do not specify encoding in wg_noiseJason A. Donenfeld11 days4-101/+115
| | | | | | The packet layout is a wireguard property, and hence those fields should live in wireguard. This also helps us benefit from the natural struct alignment that wireguard packets have, so we don't need __packed.
* Import newer blake2s code instead of old crufty oneJason A. Donenfeld12 days4-61/+38
* cookie_macs contain char arrays and therefore do not need to be packedJason A. Donenfeld12 days1-1/+1
* Use better names for ioctl labelsJason A. Donenfeld12 days1-10/+9
* Ensure list is initialisedMatt Dunwoodie13 days1-0/+2
| | | | | | If it's not initialised, and there are no packets on if_snd, then the behaviour is undefined. In practice this resulted in a NULL pointer dereference in amd64/GENERIC.
* Fix typoMatt Dunwoodie2020-05-241-1/+1
* Setting port 0 makes senseMatt Dunwoodie2020-05-231-1/+1
| | | | | That is, let the interface choose the port. wg(8) allows this, so supposedly we should too.
* Refactor binding interface.Matt Dunwoodie2020-05-231-118/+103
| | | | | | | | | | | | | | | | | | | | | I always like it when we take away lines, and remove bugs at the same time Some things that are here now: * Don't update sockets until new ones are ready. This means if you try to set the port to an address already in use, then it won't kill the current sockets. * Retry AF_INET6 if the port that AF_INET chose was in use for AF_INET6. This copies the retries (100) from Linux, not sure where that came from but is a reasonable number. Personally, I'd prefer a power of 2 number, and for it to be a bit smaller, but there isn't much difference by this point. If you can't bind to a port 64 vs 100 times in a row, something else is the issue. Bugfixes: * Need to create a new socket if changing rtable, will return EBUSY if socket is bind'ed and you attempt to change the rtable.
* Use atomic counter operation when availableJason A. Donenfeld2020-05-201-1/+5
* Use codel limits for ooo counterJason A. Donenfeld2020-05-191-1/+1
* Mark as IFT_WIREGUARD rather than normal tunnelJason A. Donenfeld2020-05-199-23/+60
* Do not bring interface down and up on port/rtable changeJason A. Donenfeld2020-05-191-34/+55
* Update ifconfig.8 and wg.4Matt Dunwoodie2020-05-182-195/+170
* Use distinct hashtables for rate limiting v4/v6Matt Dunwoodie2020-05-182-17/+43
* Line up constants with LinuxMatt Dunwoodie2020-05-182-5/+5
* Restore Jason's original growwgdata function, still keep == NULLMatt Dunwoodie2020-05-181-11/+10
* Align handshake_touch to last_sentMatt Dunwoodie2020-05-181-11/+12
* Timer alignment with LinuxMatt Dunwoodie2020-05-182-76/+46
| | | | | | | | | | A few changes to align with Linux: * Don't want_initiation when noise_remote_encrypt fails * Don't clear current keypairs with wg_new_handshake * Remove 'ready' vars * Remove ratecheck in run_retry_handshake * Ensure any packets that are queued are sent after wg_up * Match keep_key_fresh functions in noise_remote_{encrypt,decrypt}
* Add padding limit to encrypted packet.Matt Dunwoodie2020-05-181-4/+7
| | | | | | ifp->if_mtu must be >= m->m_pkthdr.len, otherwise the packet will be truncated. This seems to be the case with pf_route, pf_route6 and pf_refragment6
* Fix mbuf leak in wg_queue_inMatt Dunwoodie2020-05-181-0/+1
| | | | Reported-by: Matthew Macy <mat.macy@gmail.com>
* Address mailing list comments on ifconfig.cMatt Dunwoodie2020-05-171-91/+59
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1) Use proper address identification for allowed IPs While this originally came from ifconfig.c:settunnel, I do believe it is hacky. Now, we see if inet_net_pton correctly parses an IPv4 address, and if not, attempt IPv6. The address would be invalid if both fail. This was seen (for example, but not limited to) these files: src/usr.sbin/smtpd/to.c:text_to_netaddr src/sbin/isakmpd/ui.c:ui_teardown 2) if( in WG_LOAD_KEY This is an easy fix, however with a bit more modification, we can make the whole block look nicer. 3) setwgconf setwgconf wasn't great. It also implemented functionaliy that is debatable whether we want to have in an initial release. It was new functionality to ifconfig (read from stdin), maybe it would be better to do this for all command arguments instead? wgtools provides a way to load large numbers of peers in automatically. It also seems OpenBSD isn't as worried about secrets on the command line as by default ksh history isn't logged. 4) General BSDisms check == NULL Add some comments to growwgdata 80 col line wraps
* Fix some minor bugsMatt Dunwoodie2020-05-172-9/+20
| | | | | | | | | | * in wg_timers_run_new_handshake, the two task_add's would race on the taskq, potentially noise_remote_clear'ing the wg_send_initiation. Now we run a specific task for it, ensuring that it is run serially. * don't count dropped keepalive packets. * we needed to NULL the keypair pointers in noise_remote_clear * indentation change on noise_remote_decrypt * we also don't need to check kp_ctr.c_send when receiving packets.
* More closely match other implementations send packet error handlingMatt Dunwoodie2020-05-171-36/+27
| | | | | | | | | | wireguard-go, Linux kernel will do all timer stuff before sending the response. They will also begin_session before sending too, so match that as well. Also, we rely on wg_send_buf to handle any error cases it can handle, rather than depending on it's result to signal the timer system. If we cannot send a packet, then print an error message.
* Run wg_{up,down} in ioctlMatt Dunwoodie2020-05-171-40/+33
| | | | | | | | | | | | | | | | | | | | | | | This required a few changes, first wg_{up,down} no longer run in nettq, meaning they are not necessarily serialised. That means, we now use IFF_RUNNING as a serialiser. We also need a "need_lock" as this is called from two contexts, one in the SIOCSIFFLAGS and the other in SIOCSWG. The latter already holds an exclusive sc_lock, so we don't want to recurse. Since we want to bring up the interface if someone assigns an address, we also fallthrough on the SIOCSIFADDR ioctl. Also, it means we need to NET_UNLOCK() in SIOCSIFFLAGS (and by extension SIOCSIFADDR), which from what I can see is OK, but there may be hidden cases I'm not aware of. The benefits now mean that if someone runs the following command, they get immediate feedback that the interface is working or not. # ifconfig wg0 up ifconfig: SIOCSIFFLAGS: Address already in use
* wireguard-tools is now in portsJason A. Donenfeld2020-05-161-10/+1
* Remove hacl64 implementation because -msave-args is broken with uint128_tJason A. Donenfeld2020-05-161-800/+3
* Replicate expire_currentMatt Dunwoodie2020-05-163-14/+43
* Use NOISE_SYMMETRIC_SIZE where appropriateMatt Dunwoodie2020-05-161-28/+34