summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2016-11-05socket: big refactoringJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-04socket: route() returns an error pointer, not NULL on failureJason A. Donenfeld
Reported-by: Cedric Buxin <cedric.buxin@izri.org> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-04compat: some grsec have get_random_long; others do notJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-04data: use a memory cache for parallel ctxJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-04data: keep FPU on when possibleJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-04send: queue bundles on same CPUJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-04data: use smaller typesJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-04data: take reference to peerJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-04compat: stub out dst_cache for old kernelsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-04socket: use dst_cache instead of handrolled cacheJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-03chacha20poly1305: src is different from dst on last pieceJason A. Donenfeld
This took hours of debugging. In some cases, the src and dst are different for the last piece, so the incorrect code here resulted in computing the poly1305 over the wrong data. This lead to packets being unnecessarily dropped. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-03device: use ARPHDR_VOID instead of ARPHDR_NONEJason A. Donenfeld
These amount to the same exact thing, except that IPv6 auto configuration won't assign it a (useless) random address and add multicast routes. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-03qemu: newer default kernelJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-03timers: take reference like a lookup tableJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-02kref: elide checksJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-01data: do not allow usage of keypair just before hash removalJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-01peer: kref is most likely to succeedJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-10-23compat: grsecurity backports get_random_longJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-10-23data: reset all packet fields like tun.cJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-10-22device: better debug message for unroutable packetsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-10-22compat: support PaX constify pluginJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-10-22uapi.h: public_key field is a getterJörg Thalheim
Signed-off-by: Jörg Thalheim <joerg@higgsboson.tk> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-10-19receive: always send confirmation, even if queue is emptyJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-10-19timers: only have initiator rekeyJason A. Donenfeld
If it's time to rekey, and the responder sends a message, the initator will begin the rekeying when sending his response message. In the worst case, this response message will actually just be the keepalive. This generally works well, with the one edge case of the message arriving less than 10 seconds before key expiration, in which the keepalive is not sufficient. In this case, we simply rehandshake immediately. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-10-19timers: always delay handshakes for responderJason A. Donenfeld
With the prior behavior, when sending a packet, we checked to see if it was about time to start a new handshake, and if we were past a certain time, we started it. For the responder, we made that time a bit further in the future than for the initiator, to prevent the thundering herd problem of them both starting at the same time. However, this was flawed. If both parties stopped communicating after 2.2 minutes, and then one party decided to initiate a TCP connection before the 3 minute mark, the currently open session would be used. However, because it was after the 2.2 minute mark, both peers would try to initiate a handshake upon sending their first packet. The errant flow was as follows: 1. Peer A sends SYN. 2. Peer A sees that his key is getting old and initiates new handshake. 3. Peer B receives SYN and sends ACK. 4. Peer B sees that his key is getting old and initiates new handshake. Since these events happened after the 2.2 minute mark, there's no delay between handshake initiations, and problems begin. The new behavior is changed to: 1. Peer A sends SYN. 2. Peer A sees that his key is getting old and initiates new handshake. 3. Peer B receives SYN and sends ACK. 4. Peer B sees that his key is getting old and schedules a delayed handshake for 12.5 seconds in the future. 5. Peer B receives handshake initiation and cancels scheduled handshake. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-10-19timers: move constants to headerJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-10-19timers: kill half-open handshakes after a whileJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-10-19timers: avoid thundering herd for simultaneous initiationJason A. Donenfeld
Since it's extremely unlikely for jiffies to be exactly identical everywhere, applying quarter second power of two slack not only improves power efficiency but also ensures that retries have a bit of jitter. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-10-19debug: keep alive -> keepaliveJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-10-19noise: comment/document the key swappingJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-10-14send: ensure that rekey retries are staggeredJason A. Donenfeld
Before: t+120: A sends rekey [packet dropped by network congestion] t+125: A sends rekey [packet dropped by network congestion] t+130: A sends rekey t+130: B sends rekey ! race ! After: t+120: A sends rekey [packet dropped by network congestion] t+125: A sends rekey [packet dropped by network congestion] t+130: A sends rekey [packet dropped by network congestion] T+132.5: B sends rekey [packet dropped by network congestion] T+135: A sends rekey [packet dropped by network congestion] T+137.5: B sends rekey ! success, eventually ! Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-10-14device: show debug message when no peer has allowed-ips for packetJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-10-05send: requeue jobs for later if padata is fullJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-10-04compat: akpm merged this to 4.9Jason A. Donenfeld
http: //marc.info/?l=linux-mm-commits&m=147553169709478&w=2 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-10-02send: only avoid parallel path when there aren't inflight jobsJason A. Donenfeld
Otherwise we get packet reordering. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-09-29remote-run: reflect recent makefile changesJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-09-29git: organize ignore filesJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-09-29compat: Isolate more functionsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-09-29Rework headers and includesJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-09-29poly1305: optimize unaligned accessRené van Dorst
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-08-29send: properly encapsulate ECNJason A. Donenfeld
We're not leaking the DSCP, but we do deal with ECN. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-08-29netns: remove dangling $@Jason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-08-22socket: use isdigitJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-08-22routingtable: hyphen was uglyJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-08-22hashtables: use rdrand() instead of counterJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-08-21tests: test jumbo frames with more transferJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-08-17qemu: enhancementsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-08-16send: needless debugging checkJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-08-12tests: add crypto-RP filter testJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-08-10main: load driver late in boot process when debuggingJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>