| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
| |
If the route monitor doesn't attempt to write more to stdout, then this
leaves a process hanging around. Kill it explicitly. We also switch to
using exec in the process substitution, to reduce a bash process.
Closes: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255286
Reported-by: Christos Chatzaras <chris@cretaforce.gr>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
| |
We no longer need the arp hack, as these bugs have been fixed in the
FreeBSD kernel.
This partially reverts 090639ae90fb45ac05e3158e1e31e5bf15fd9559.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
| |
FreeBSD's bash doesn't handle <(...) safely, creating a temporary file
instead of using /proc/self/fd/N like on Linux. Work around this by
using a simple pipeline with /dev/stdin.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
| |
ipc.c and terminal.c provide definitions for prototypes in their
respective headers, drag those in.
Signed-off-by: Kyle Evans <kevans@FreeBSD.org>
|
| |
|
|
|
|
| |
Fixes much of the noise from a FreeBSD WARNS=6 build of wg(8)
Signed-off-by: Kyle Evans <kevans@FreeBSD.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If we execute `wg --version` we get a different version string that does
not match with the version string in the openwrt makefile.
Current version string:
`wireguard-tools vreboot-13159-gac5caa2718 -https://git.zx2c4.com/wireguard-tools/`
Corrected versions string:
`wireguard-tools v1.0.20200319 -https://git.zx2c4.com/wireguard-tools/`
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
| |
If the stream is not closed, then this winds up hanging forever. So
remove the trailing \n\n and check manually after.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
| |
This makes little sense for unicast UDP sockets.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
| |
Elevation makes it detach from the console, which means the results are
hidden.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
With alignment between the kernel and userspace, along with userspace
packages, we can now rely on the kernel in the future always having
wg(4).
This also simplifies the interface selection logic, and stores the
wg-quick interface name as the description.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 26683f6c9ad18d9914b23312c221f27fd5ecab51, which
means the old problem comes back. That's an issue. But waiting on
process substitutions is not available with commonly used bash versions:
# wg-quick up demo
[#] ip link add demo type wireguard
[#] wg setconf demo /dev/fd/63
/usr/bin/wg-quick: line 251: wait: pid 2955 is not a child of this shell
[#] ip link delete dev demo
This means we have to wait a few years before fixing this issue. IOW,
bash limitation; can't fix.
Reported-by: Theodore Mozzo <theodore.mozzo@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
| |
Android 11's ndc regresses even more, but it turns out that netd doesn't
need to track up/down state via direct invocation, so just set the
interface up by way of normal iproute2.
Reported-by: Harsh Shandilya <me@msfjarvis.dev>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
| |
Bash does not propagate error values, which is a bummer, but process
substitutions are a useful feature. Introduce a new idiom to deal with
this: either "; wait $!" after the line to propagate the error, or "||
true" to indicate explicitly that we don't care about the error.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We also make these constant time, even though we're never distinguishing
between bits of a secret using them. From that perspective, though, this
is markedly better than the locale-specific table lookups in glibc, even
though base64 characters span two cache lines and valid private keys
must hit both.
Co-authored-by: Samuel Neves <sneves@dei.uc.pt>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
|
| |
|
|
|
|
| |
Therefore, there's no need to test both.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Users can now run `systemctl reload wg-quick@wgnet0`, as described in
the wg-quick(8) man page. Note that this won't adjust Address=, DNS=, or
the various other non-wg(8) fields.
Signed-off-by: Domonkos P. Tomcsanyi <domi@tomcsanyi.net>
[zx2c4: use exec for bash commands to reduce excess forks, and rewrite
commit message]
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
| |
Reported-by: Unit 193 <unit193@unit193.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Matt Dunwoodie <ncon@noconroy.net>
|
| |
|
|
|
|
| |
We also add a wg_if.h in the fallback include path.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Matt Dunwoodie <ncon@noconroy.net>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
| |
If DNS= has an IP in it, treat it as a DNS server. If DNS= has a non-IP
in it, treat it as a DNS search domain.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
| |
Add file wg-quick.target, which allows starting and stopping all
wg-quick@.service instances at once.
Signed-off-by: Martin Hauke <mardnh@gmx.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
| |
By specializing this to stdout, we can cache the isatty result.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
| |
Prior we only supported a blacklist, but actually a whitelist is an
easier algorithm because that's internally how netd considers it, so we
don't need to find range spans. This commit adds an IncludedApplications
key.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
Jason A. Donenfeld
Kyle Evans
Florian Eckert
Domonkos P. Tomcsanyi
Matt Dunwoodie
Martin Hauke