summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2019-02-05tai64n: whiten nano secondsJason A. Donenfeld
Avoid being too precise of a time oracle.
2019-02-05uapi: Simpler function signatureJason A. Donenfeld
2019-02-05Extend structs rather than embed, when possibleJason A. Donenfeld
2019-02-05Update copyrightJason A. Donenfeld
2018-12-25Properly bubble up setsockopt error from closureJason A. Donenfeld
2018-12-22version: bump snapshotJason A. Donenfeld
2018-12-19Make error messages consistentJason A. Donenfeld
2018-12-11Freebsd is finally normal in sys/unixJason A. Donenfeld
2018-12-11Separate out mark setting for WindowsJason A. Donenfeld
2018-12-10Use upstream's xchacha20poly1305Jason A. Donenfeld
2018-12-10Update go x/ librariesJason A. Donenfeld
Android 9's Bionic disallows inotify_init with seccomp, so we want the latest unix change, and while we're at it, we update the others too. Reported-by: Berk D. Demir <bdd@mindcast.org> Go CL: https://go-review.googlesource.com/c/sys/+/153318 Fixes: https://lists.zx2c4.com/pipermail/wireguard/2018-December/003642.html
2018-12-06tun: remove nonblock hack for linuxJason A. Donenfeld
This is no longer necessary and actually breaks things Reported-by: Chris Branch <cbranch@cloudflare.com>
2018-11-08tai64n: use proper nanoseconds offsetJason A. Donenfeld
The code before was obviously wrong. Reported-by: Vlad Krasnov <vlad@cloudflare.com>
2018-11-06Use darwin tun on iosJason A. Donenfeld
2018-11-05uapi: typoJason A. Donenfeld
2018-11-01receive: make started status uniformJason A. Donenfeld
2018-10-18send: do not unlock already freed objectJason A. Donenfeld
2018-10-18version: bump snapshotJason A. Donenfeld
2018-10-17Makefile: rename default to allJason A. Donenfeld
2018-10-17tun: only call .Fd() onceJason A. Donenfeld
Doing so tends to make the tunnel blocking, so we only retrieve it once before we call SetNonblock, and then cache the result.
2018-10-12Use go modules alwaysJason A. Donenfeld
2018-10-12Do not build if nothing to doJason A. Donenfeld
2018-10-09Switch to go modulesJason A. Donenfeld
2018-10-01version: bump snapshotJason A. Donenfeld
2018-10-01Adding missing queueconstants fileJason A. Donenfeld
2018-09-25Fix transport message length checkChris Branch
wireguard-go has a bad length check in its transport message handling. Although it cannot be exploited because of another length check earlier in the function, this should be fixed regardless.
2018-09-25Make it easy to restrict queue sizes moreJason A. Donenfeld
2018-09-24Fix shutdown racesJason A. Donenfeld
2018-09-24More poolingJason A. Donenfeld
2018-09-22Fixup buffer freeingJason A. Donenfeld
2018-09-16send: more precise padding calculationJason A. Donenfeld
2018-09-16device: preallocated buffers schemeJason A. Donenfeld
Not useful now but quite possibly later.
2018-09-16Change queueing drop order and fix memory leaksJason A. Donenfeld
If the queues are full, we drop the present packet, which is better for network traffic flow. Also, we try to fix up the memory leaks with not putting buffers from our shared pool.
2018-09-16send: use accessor function for buffer poolJason A. Donenfeld
2018-09-16Fixed port overwrite issue on kernels without ipv6Mathias Hall-Andersen
Fixed an issue in CreateBind for Linux: If ipv6 was not supported the error code would be correctly identified as EAFNOSUPPORT and ipv4 binding attempted. However the port would be set to 0, which results in the subsequent create4 call requesting a random port rather than the one provided to CreateBind. This issue was identified by: Kent Friis <leeloored@gmx.com>
2018-09-16global: fix up copyright headersJason A. Donenfeld
2018-09-02uapi: insert peer version placeholderJason A. Donenfeld
While we don't want people to ever use old protocols, people will complain if the API "changes", so explicitly make the unset protocol mean the latest, and add a dummy mechanism of specifying the protocol on a per-peer basis, which we hope nobody actually ever uses.
2018-07-30Fix duplicate copyright lineJason A. Donenfeld
2018-07-24uapi: allow overriding socket directory at compile timeJason A. Donenfeld
2018-07-16send: better debug message for failed data packetJason A. Donenfeld
2018-06-13version: bump snapshotJason A. Donenfeld
2018-06-12Support IPv6-less kernelsJason A. Donenfeld
2018-06-09Do not build tun device on iosJason A. Donenfeld
2018-06-02Fix duplicated wordingJason A. Donenfeld
2018-06-02Makefile: export PWD for OpenBSD's ksh(1)Jason A. Donenfeld
Interestingly, ksh(1) on OpenBSD does not export PWD by default, and it also has a notion of the "logical cwd" vs the "physical cwd", with the latter being passed to chdir, but the former being stored in the non-exported PWD and displayed to the user. This means that if you `cd` into a directory that's comprised of symlinks, exec'd processes will see the physical path. Observe: # ksh # mkdir a # ln -s a b # cd b # pwd /root/b # ksh -c pwd /root/a The fact of separating physical and logical paths is not too uncommon for shells (bash does it too), but not exporting PWD is very odd. Since this is common behavior for many shells, libraries that return the working directory will do something strange: they `stat(".")` and then `stat(getenv("PWD"))`, and if these point to the same inode, they roll with the value of `getenv("PWD")`, or otherwise fallback to asking the kernel for the cwd. Since PWD was not exported by ksh(1), Go's dep utility did not understand it was operating inside of our faked GOPATH and became upset. This patch works around the whole situation by simply exporting PWD before executing dep.
2018-05-31version: bump snapshotJason A. Donenfeld
2018-05-30Print version number in logJason A. Donenfeld
2018-05-28Update depsJason A. Donenfeld
2018-05-27Fix typo in timersJason A. Donenfeld
2018-05-27Disable broadcast mode on *BSDJason A. Donenfeld
Keeping it on makes IPv6 problematic and confuses routing daemons.