| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
This allows for nearly 1 million peers per interface, which should be
more than enough. If needed later, this number could easily be increased
beyond this.
We also increase the size of the hashtables to accommodate this upper
bound. In the future, it might be smart to dynamically expand the
hashtable instead of this hard coded compromise value between small
systems and large systems.
Ongoing work includes figuring out the most optimal scheme for these
hashtables and for the insertion to mask their order from timing
inference.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Some SMP kernels don't have PADATA enabled, which means we actually ship
our own copy of it, lifted right out of the kernel. This is completely
insane and stupid, but so it goes with really grotesque "compat/" layers
such as this one. What this amounts to is having to make this upstream
file compile on all kernels back to 3.10. Ouch.
It also means making it compile with whatever other kernels people are
using, such as Grsecurity.
This patch _should_ make this part of the compat layer work with
Grsecurity, but unfortunately I really have no way of knowing, since I
don't actually have access to their source code. I assume, though, if
this doesn't work, I'll receive more complaints and will take another
stab in the dark. The general situation saddens me, as I really liked
that project and wish I could still play with it. Alas.
Fortunately this entire problem with padata will go away, anyway, when we
stop using padata, and move to a better form of multicore processing. But
for now, we add this to work around the issue.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
It's possible that a persistent keepalive that comes before a normal
keepalive will not invalidate the normal keepalive, and then we'll
needlessly send two keepalives.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Suggested-by: Mathias Hall-Andersen <mathias@hall-andersen.dk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Suggested-by: Mathias Hall-Andersen <mathias@hall-andersen.dk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Suggested-by: Mathias Hall-Andersen <mathias@hall-andersen.dk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Really isn't necessary.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Due to concerns with the .io TLD, we are switching to using
wireguard.com instead.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
When it's unclear if block is aligned, we just assume unaligned, rather
than branching.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Suggested-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Suggested-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
DaveM prefers it to be this way per [1].
[1] http://www.spinics.net/lists/netdev/msg443992.html
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Otherwise we quickly use up all of a socket's memory, which prevents a
socket from sending packets to other interfaces. This also has the nice
effect of letting TCP connections continue to attempt to begin, with the
older ones being naturally rotated out and freed, so when a connection
finally is made, only the later TCP connections are attempted, not the
ones that would already have timed out.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Even though redundant bits == bits per long, we're indexing into
something that uses longs as its unit, so this is correct.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
This caused certain packets to be rejected that shouldn't be rejected,
in the case of certain scatter-gather ethernet drivers doing GRO pulling
right up to the UDP bounds but not beyond. This caused certain TCP
connections to fail.
Thanks very much to Reuben for providing access to the machine to debug
this regression.
Reported-by: Reuben Martin <reuben.m@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
