aboutsummaryrefslogtreecommitdiffstatshomepage
Commit message (Collapse)AuthorAgeFilesLines
* extract-{handshakes,keys}: rework for upstream kernelJason A. Donenfeld2020-02-014-16/+6
| | | | | | | Now that WireGuard has been upstreamed and the repos split, we have to look elsewhere for these headers. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* man: document dynamic debug trick for LinuxJason A. Donenfeld2020-01-311-0/+9
| | | | | | | | This comes up occasionally, so it may be useful to mention its possibility in the man page. At least the Arch Linux and Ubuntu kernels support dynamic debugging, so this advise will at least help somebody. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: android: split uids into multiple commandsJason A. Donenfeld2020-01-311-1/+8
| | | | | | | | Different versions of netd have different limits on how many can be passed at once. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Reported-by: Alexey <zaranecc@bk.ru>
* version: bumpv1.0.20200121Jason A. Donenfeld2020-01-211-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Makefile: sort inputs to linker so that build is reproducibleJason A. Donenfeld2020-01-211-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* netlink: make sure to clear return value when trying againJason A. Donenfeld2020-01-111-1/+2
| | | | | | | Otherwise this runs in an infinite loop if at some point a dump was interrupted. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fuzz: add set and setconf fuzzersJason A. Donenfeld2020-01-114-2/+123
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Makefile: evaluate git version lazilyJason A. Donenfeld2020-01-081-3/+3
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fuzz: add generic command argument fuzzerJason A. Donenfeld2020-01-045-5/+82
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* ipc: simplify inflatable buffer and add fuzzerJason A. Donenfeld2020-01-045-65/+109
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Makefile: add standard 'all' targetJason A. Donenfeld2020-01-031-0/+2
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Reported-by: Bruno Wolff III <bruno@wolff.to>
* Makefile: remove pwd from compile outputJason A. Donenfeld2020-01-031-3/+3
| | | | | | | | | | We previously included $(pwd) in the compile output pretty printer, because it matched our parent out-of-tree module build. Since we're no longer coupled to the module, we can return to a prettier scheme of just using the object name. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Fixes: eb68ad07 ("Makefile: even prettier output")
* version: bumpv1.0.20200102Jason A. Donenfeld2020-01-021-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: bump copyrightJason A. Donenfeld2020-01-0266-66/+66
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: linux: quote ifname for nftJason A. Donenfeld2019-12-281-1/+1
| | | | | | | Otherwise nft(8) has strange ideas of what a string is. Suggested-by: RistiCore <RistiCore@mail.ee> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Makefile: rework automatic version.h manglingJason A. Donenfeld2019-12-272-9/+7
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Reported-by: Joe Doss <joe@solidadmin.com>
* fuzz: find bugs when parsing uapi inputJason A. Donenfeld2019-12-273-3/+64
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fuzz: find bugs in the config syntax parserJason A. Donenfeld2019-12-273-0/+86
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* man: add documentation about removing explicit listen-portDevin Smith2019-12-271-1/+1
| | | | | Signed-off-by: Devin Smith <thundza@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* dns-hatchet: adjust path for new repo layoutJason A. Donenfeld2019-12-261-1/+1
| | | | | Reported-by: Joe Doss <joe@solidadmin.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Makefile: port static analysis checkJason A. Donenfeld2019-12-261-1/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Makefile: DEBUG_TOOLS -> DEBUG and documentJason A. Donenfeld2019-12-262-1/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* systemd: update documentation URLJason A. Donenfeld2019-12-261-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* version: bumpv1.0.20191226Jason A. Donenfeld2019-12-261-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Makefile: add git versioning to dev buildsJason A. Donenfeld2019-12-261-1/+9
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* README: consolidate with INSTALL and rewriteJason A. Donenfeld2019-12-263-55/+71
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg: include tools versionJason A. Donenfeld2019-12-262-0/+6
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg: add back source formerly shared with kernel moduleJason A. Donenfeld2019-12-267-5/+1845
| | | | | | | | | | We used to reach back into parent directories for this, but with the repo split, we now require our own copy. We use -idirafter in case system headers are installed for the wireguard.h netlink definitions. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* gitignore: trim down to basicsJason A. Donenfeld2019-12-261-12/+3
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: linux: use already configured addresses instead of in-memoryJason A. Donenfeld2019-12-171-6/+6
| | | | | | | | | | | The ADDRESSES array might not have addresses added during PreUp. But moreover, nft(8) and iptables(8) don't like ip addresses in the form somev6prefix::someipv4suffix, such as fd00::1.2.3.4, while ip(8) can handle it. So by adding these first and then asking for them back, we always get normalized addresses suitable for nft(8) and iptables(8). Reported-by: Silvan Nagl <mail@53c70r.de> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg: adjust wg.8 syntax for consistency in COMMANDS sectionKai Haberzettl2019-12-131-1/+1
| | | | | Signed-off-by: Kai Haberzettl <khaberz@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: linux: try both iptables(8) and nft(8) on teardownJason A. Donenfeld2019-12-121-1/+2
| | | | | | | | Daniel argues that technically a package manager could install nft(8) after previously having started wg-quick(8) using iptables(8). Suggested-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: linux: support older nft(8)Jason A. Donenfeld2019-12-121-5/+5
| | | | | | | | Older nft(8), such as that on Ubuntu, does not accept the - parameter to the -f argument and doesn't accept symbolic priority names. So instead use the canonical numeric priority forms and use <(echo) instead of -. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: fix up spellingJosh Soref2019-12-122-4/+4
| | | | | Signed-off-by: Josh Soref <jsoref@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: linux: add support for nft and prefer itJason A. Donenfeld2019-12-121-20/+39
| | | | | | | | If nft(8) is installed, use it. These rules should be identical to the iptables-restore(8) ones, with the advantage that cleanup is easy because we use custom table names. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: linux: ignore save warnings for iptables-nftJason A. Donenfeld2019-12-061-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: linux: suppress more warnings on weird kernelsJason A. Donenfeld2019-12-061-4/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: linux: some iptables don't like empty linesJason A. Donenfeld2019-12-051-6/+6
| | | | | Reported-by: Kenneth R. Crudup <kenny@panix.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: linux: iptables-* -w is not widely supportedJason A. Donenfeld2019-12-051-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* ipc: make sure userspace communication frees wgdeviceJason A. Donenfeld2019-12-052-11/+16
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: linux: have remove_iptables return trueJason A. Donenfeld2019-12-051-1/+1
| | | | | Reported-by: Thomas Sattler <sattler@med.uni-frankfurt.de> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: linux: ensure postdown hooks executeJason A. Donenfeld2019-12-051-2/+2
| | | | | Reported-by: Thomas Sattler <sattler@med.uni-frankfurt.de> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: linux: suppress error when finding unused tableJason A. Donenfeld2019-11-271-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg: add syncconf commandJason A. Donenfeld2019-11-273-0/+97
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* reresolve-dns: remove invalid anchors on regex matchJason A. Donenfeld2019-11-271-1/+1
| | | | | Reported-by: Conrad Meyer <cem@freebsd.org> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: linux: filter bogus injected packets and don't disable rpfilterJason A. Donenfeld2019-11-271-8/+29
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: linux: only touch net.ipv4 for v4Jason A. Donenfeld2019-11-261-3/+5
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: android: check for null in binder cleanup functionsJason A. Donenfeld2019-10-161-3/+6
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: android: use Binder for setting DNS on Android 10Nicolas Douma2019-10-121-7/+429
| | | | | Signed-off-by: Nicolas Douma <nicolas@serveur.io> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg: windows: enforce named pipe ownership and use protected prefixJason A. Donenfeld2019-08-312-22/+40
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.