aboutsummaryrefslogtreecommitdiffstatshomepage
Commit message (Collapse)AuthorAgeFilesLines
...
* wg-quick: freebsd: export TMPDIR when restoring and don't make emptyJason A. Donenfeld2019-03-181-1/+2
| | | | | | Otherwise mktemp doesn't see it, and if it's empty we wind up in /. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg: add support for HaikuAlexander von Gluck IV2019-02-281-0/+3
| | | | | Signed-off-by: Alexander von Gluck IV <kallisti5@unixzen.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg: genkey: account for short reads of /dev/urandomJason A. Donenfeld2019-02-282-18/+35
| | | | | | | | | | | Apparently Haiku has a misbehaving /dev/urandom. While we're at it, simplify the function signature to completely succeed or completely fail and make sure the caller checks the result. Reported-by: Alexander von Gluck IV <kallisti5@unixzen.com> Nitpicked-by: Aaron Jones <aaronmdjones@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: freebsd: rebreak interface loopback, while fixing localhostJason A. Donenfeld2019-02-281-1/+1
| | | | | | | | | | | | The commit 7c833642 ("wg-quick: freebsd: allow loopback to work") was supposed to make things better, but actually it just started sending legitimate localhost traffic over the WireGuard interface, which is really quite bad. This reverts commit 7c833642dfa342218602ab18e7091e86408d2982. Reported-by: Matt Smith <matt.xtaz@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg: c_acc doesn't need to be initializedJason A. Donenfeld2019-02-081-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg: fight compiler slightly harderJason A. Donenfeld2019-02-052-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* noise: store clamped key instead of raw keyJason A. Donenfeld2019-02-032-4/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* highlighter: when subtracting char, cast to unsignedJason A. Donenfeld2019-01-311-2/+2
| | | | | | Windows. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* systemd: wg-quick should depend on nss-lookup.targetJason A. Donenfeld2019-01-301-2/+2
| | | | | | | | Since wg-quick(8) calls wg(8) which does hostname lookups, we should probably only run this after we're allowed to look up hostnames. Reported-by: Anton Castelli <anton.c42@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg: remove unused check phony declarationJason A. Donenfeld2019-01-241-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: freebsd: allow loopback to workJason A. Donenfeld2019-01-241-1/+1
| | | | | | | | | | | | | | FreeBSD adds a route for point-to-point destination addresses. We don't really want to specify any destination address, but unfortunately we have to. Before we tried to cheat by giving our own address as the destination, but this had the unfortunate effect of preventing loopback from working on our local ip address. We work around this with yet another kludge: we set the destination address to 127.0.0.1. Since 127.0.0.1 is already assigned to an interface, this has the same effect of not specifying a destination address, and therefore we accomplish the intended behavior. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* netlink: use __kernel_timespec for handshake timeJason A. Donenfeld2019-01-234-5/+17
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* contrib: introduce simple highlighter libraryJason A. Donenfeld2019-01-238-0/+904
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: normalize -> clampJason A. Donenfeld2019-01-235-9/+9
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* keygen-html: bring back pure javascript implementationJason A. Donenfeld2019-01-236-139/+186
| | | | | | | | | This reverts commit 9d5baf7d1d14ca7eb0852b41566330259229d489. Benoît Viguier has proofs that values will stay well within 2^53. We also have an improved carry function that's much simpler. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Kconfig: IPsec isn't IPSecJason A. Donenfeld2019-01-231-1/+1
| | | | | Reported-by: Raf Czlonka <rczlonka@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: update copyrightJason A. Donenfeld2019-01-0752-52/+52
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg: curve25519: handle unaligned loads/stores safelyJason A. Donenfeld2018-12-202-5/+19
| | | | | Reported-by: Chris Hewitt <chris@chrishewitt.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* makefile: use immediate expansion and use correct template patternsJason A. Donenfeld2018-12-182-0/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: bring interface up while setting MTUAaron Jones2018-12-181-9/+4
| | | | | | | | This avoids another ip(8) invocation for little benefit. Confirmed to work with iproute2 and busybox. Signed-off-by: Aaron Jones <aaronmdjones@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* embeddable-wg-library: do not warn on unrecognized netlink attributesJason A. Donenfeld2018-12-071-15/+1
| | | | | | This is a follow up of bcf8684c9ec90fe0d283a67d1654d05fb3eae019. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: various formatting tweeksJason A. Donenfeld2018-11-131-25/+25
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: android: do not choke on empty allowed-ipsJason A. Donenfeld2018-11-111-1/+4
| | | | | Reported-by: Samuel Holland <samuel@sholland.org> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* keygen-html: add missing glue macroJason A. Donenfeld2018-11-061-0/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg.8: AllowedIPs isn't actually requiredJason A. Donenfeld2018-10-191-1/+1
| | | | | | | | An empty allowed IPs is totally valid, for folks wishing to move IP addresses between multiple peers atomically. Suggested-by: Comex <comexk@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg.8: specify that wg(8) shows runtime info tooJason A. Donenfeld2018-10-191-1/+1
| | | | | Suggested-by: Comex <comexk@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: wait for interface to disappear on freebsdJason A. Donenfeld2018-10-131-0/+9
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg: don't fail if a netlink interface dump is inconsistentJason A. Donenfeld2018-10-132-4/+18
| | | | | | | | | | | Netlink returns NLM_F_DUMP_INTR if the set of all tunnels changed during the dump. That's unfortunate, but is pretty common on busy systems that are adding and removing tunnels all the time. Rather than retrying, potentially indefinitely, we just work with the partial results. Reported-by: Robert Gerus <ar@is-a.cat> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg: compile on gnu99Jason A. Donenfeld2018-10-091-1/+1
| | | | | | | | We don't actually use any C11 features, so we can at least compile with ancient gcc. Reported-by: Aaron M. D. Jones <aaronmdjones@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg: use libc's endianness macro if no compiler macroJason A. Donenfeld2018-10-091-0/+10
| | | | | | | This lets us be compiled with ancient gcc. Reported-by: Jeff Brandt <jeff@jeffcolo.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: rename struct wireguard_ to struct wg_Jason A. Donenfeld2018-10-081-5/+5
| | | | | | | This required a bit of pruning of our christmas trees. Suggested-by: Jiri Pirko <jiri@resnulli.us> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* netlink: do not stuff index into nla typeJason A. Donenfeld2018-10-082-10/+8
| | | | | | | | It's not used for anything, and LKML doesn't like the type being used as an index value. Suggested-by: Eugene Syromiatnikov <esyr@redhat.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* crypto: clean up remaining .h->.cJason A. Donenfeld2018-10-072-3/+3
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick.8: add policy routing exampleJason A. Donenfeld2018-10-051-0/+26
| | | | | | Suggested-by: Toke Høiland-Jørgensen <toke@toke.dk> Suggested-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* crypto: make constant naming scheme consistentJason A. Donenfeld2018-09-253-9/+9
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: put SPDX identifier on its own lineJason A. Donenfeld2018-09-2032-64/+64
| | | | | | | The kernel has very specific rules correlating file type with comment type, and also SPDX identifiers can't be merged with other comments. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: prefer sizeof(*pointer) when possibleJason A. Donenfeld2018-09-043-13/+13
| | | | | Suggested-by: Sultan Alsawaf <sultanxda@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* crypto: import zincJason A. Donenfeld2018-09-032-3/+3
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg: ipc: do not warn on unrecognized netlink attributesJason A. Donenfeld2018-09-021-17/+0
| | | | | | It makes extending things more difficult. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* crypto: use unaligned helpersJason A. Donenfeld2018-08-281-0/+3
| | | | | | | | This is not useful for WireGuard, but for the general use case we probably want it this way, and the speed difference is mostly lost in the noise. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: check correct variable for route deduplicationJason A. Donenfeld2018-08-211-1/+1
| | | | | Reported-by: John Sager <john@sager.me.uk> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: darwin: prefer system paths for toolsJason A. Donenfeld2018-08-121-1/+1
| | | | | | | | | | | | | The only things wg-quick(8) needs from Homebrew are bash(1) and wg(8). Other than that, it's explicitly coded against the native system utilities. Since wg-quick(8) and bash(1) are invoked in auto_su by their full absolute path (via $SELF and $BASH, respectively), we can simply set the $PATH to be prefixed by the default system binary paths. This way, if users install tools that conflict with system tools -- such as GNU coreutils -- we won't accidently call those. Reported-by: Deirdre Connolly <durumcrustulum@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: android: remove compat codeJason A. Donenfeld2018-07-241-10/+0
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: android: allow package to be overriddenJason A. Donenfeld2018-07-241-4/+9
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* embeddable-wg-library: do not left shift negative numbersJason A. Donenfeld2018-07-241-7/+2
| | | | | | Otherwise we incur undefined behavior. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: allow link local default gatewayJason A. Donenfeld2018-07-163-3/+0
| | | | | | | | It's unclear why it was like this in the first place, but it apparently broke certain IPv6 setups. Reported-by: Jonas Blahut <j@die-blahuts.de> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg: only error on wg show if all interfaces failJason A. Donenfeld2018-07-081-1/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: android: support excluding applicationsJason A. Donenfeld2018-07-051-9/+102
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: android: prevent outgoing handshake packets from being droppedJason A. Donenfeld2018-06-251-0/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg: fix misspelling of strchrnul in commentJonathan Neuschäfer2018-06-221-1/+1
| | | | | Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.