summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2017-04-09compat: support 3.16Jason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-04-09data: alloca is actually as dangerous as they sayJason A. Donenfeld
It turns out that calling alloca from an inline function means that the memory isn't ever deallocated until the caller function exits, which means we were using tons of stack space for every iteration of the call. So, we hard code the sg array. While 128 seems like a reasonable number, we actually wind up using "MAX_SKB_FRAGS * 2 + 1". An skb has its data segment, so that's 1. Then it has its frags, which are MAX_SKB_FRAGS at max. Then it has its frag list, which, so far as I can tell, are potentially unbounded. So we just hope it's no more than MAX_SKB_FRAGS, and so we plan for at most two of those. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-04-08debug: cleanupsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-04-08qemu: ensure kernel is configured before headers are installedJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-04-08data: cleanup parallel workqueue and use two max_activeJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-04-04data: simplify flowJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-04-04chacha20poly1305: check return values of sgopsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-04-04locking: always use _bhJason A. Donenfeld
All locks are potentially between user context and softirq, which means we need to take the _bh variant. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-04-04qemu: new stable kernelJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-30chacha20poly1305: enforce authtag checking with compilerJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-30curve25519: protect against potential invalid point attacksJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-28config: do not allow peers with public keys the same as the interfaceJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-27main: add /sys/module/wireguard/versionJason A. Donenfeld
Suggested-by: Samuel Holland <samuel@sholland.org> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-27compat: allow create-patch to work on debian-based buildsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-24version: bump snapshotJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-24uapi: add version magicJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-24socket: avoid deadlock on port retryJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-24curve25519: 128-bit integer != x86_64Jason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-20version: bump snapshotJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-20curve25519: do dispatcher in C instead of asm, since shlx is haswell onlyJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-20version: bump snapshotJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-20data: big refactoringJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-19curve25519: add AVX implementationJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-19blake2s: add AVX implementationJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-19config: satisfy sparseJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-19cookie: no need to hash rngJason A. Donenfeld
Since 4.8 or so, the RNG uses chacha, so we feel less scared about exposing its output directly. (Older kernels will simply suffer the paranoia.) Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-19hashtables: get_random_int is now more secure, so expose directlyJason A. Donenfeld
On 4.11, get_random_u32 now either uses chacha or rdrand, rather than the horrible former MD5 construction, so we feel more comfortable exposing RNG output directly. On older kernels, we fall back to something a bit disgusting. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-14timers: elide enable checkJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-27create-patch: add context below to work with busybox patchJason A. Donenfeld
It turns out that GNU patch is happy to only have one line of context above the inserted area and zero lines below, because of its fuzzy match feature. However, busybox patch is crippled and terrible, and thus must have context above and below the insertion point. So, we grudgingly add it to our manually crafted minimal patch. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-27compat: use maybe_unused macro over gcc-specificJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-27data: transition to skb_reset_tc for 4.11Jason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-27device: move sysctl toggling to open timeJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-27receive: last_rx use is discouraged and removed in recent kernelsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-27device: 4.11 uses cnf for addr_gen_modeJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-23version: bump snapshotJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-23socket: do not try to create v6 socket when disabledJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-21device: disable ICMP redirectsJason A. Donenfeld
The xfrm layer does this by checking for secpath, but we don't use secpath, so instead we have to jigger the config value ourselves. This is nearly always desired, since this is often how a wheel-spoke VPN works. There's very little use case for redirects with wireguard. This should be reverted if we ever move the test directly into ip_forward in net/ipv4/ip_forward.c near the call to ip_rt_send_redirect. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-14version: bump snapshotJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-14Revert "main: add `wg` type alias"Jason A. Donenfeld
This reverts commit b4f93ace76b1065ab08fd5596f31a0971b848eea. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-14Makefile: add module-install targetJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-13version: bump snapshotJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-13create-patch: be sure it's actually after NETFILTERJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-13Kconfig: can be a moduleJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-13socket: enable setting of fwmarkJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-13main: add `wg` type aliasJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-13device: shorter workqueue names to fit in psJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-13socket: general ephemeral ports instead of name-based portsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-13compat: backport siphash & dst_cache from mainlineJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-07socket: synchronize net on socket tear downJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-07timers: use simpler uninit sync techniqueJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-29 14:09:02 +0000