wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

	Commit message (Collapse)	Author	Age	Files	Lines
*	in pf_syncookie_validate, return early if we don't have syncookies in	henning	2018-09-10	1	-2/+6
\| \| \| \| \| \| \|	flight that can possibly match. there is a tiny but existing chance that a sequence number matches w/ our hash and we'd end up dropping traffic. unclear whether that has actually happened since the report chain is long :) report via haesbert via bluhm; ok bluhm
*	Refactor the six ways to find TCP options into one new function. As a result:	procter	2018-06-18	1	-37/+1
\| \| \| \| \| \| \|	- MSS and WSCALE option candidates must now meet their min type length. - 'max-mss' is now more tolerant of malformed option lists. These changes were immaterial to the live traffic I've examined. OK sashan@ mpi@
*	make the watermarks/thresholds for entering and leaving syncookie mode when	henning	2018-02-08	1	-3/+3
\| \| \| \|	syncookies are set to adaptive tunable, ok claudio benno
*	add DIOCGETSYNFLWATS to get current synflood detection watermarks,	henning	2018-02-08	1	-1/+9
\| \| \| \|	ok claudio benno procter
*	provide counters for # of synfloods detected, # of syncookies sent,	henning	2018-02-07	1	-1/+4
\| \| \| \|	# of syncookies successfuly validated, ok phessler
*	unbreak strict alignment archs by using SIPHASH_KEY for siphash	dlg	2018-02-07	1	-8/+9
\| \| \| \| \| \| \| \|	keys, not uint8_t array. found by sparc64. probably ok henning@, but he's at coffee
*	syncookies implementation to be used in pf, based on the FreeBSD one by	henning	2018-02-06	1	-0/+411
	Andre Oppermann, heavily adjusted for pf instead of stack use and with entirely rewritten timeout machinery and new hashing with bits from sashan, widely discussed with the other network hackers