summaryrefslogtreecommitdiffhomepage
path: root/src
AgeCommit message (Collapse)Author
2017-07-03compat: workaround Ubuntu 16.10 kernel weirdnessJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-07-03compat: support OpenSUSE's backportsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-29receive: cleanup error handlersJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-29version: bump snapshotJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-29receive: pull IP header into headJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-29receive: fix off-by-one in packet length checkingJason A. Donenfeld
This caused certain packets to be rejected that shouldn't be rejected, in the case of certain scatter-gather ethernet drivers doing GRO pulling right up to the UDP bounds but not beyond. This caused certain TCP connections to fail. Thanks very much to Reuben for providing access to the machine to debug this regression. Reported-by: Reuben Martin <reuben.m@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-28version: bump snapshotJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-28compat: support Ubuntu 14.04Jason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-28compat: support EL7.3Jason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-28compat: do not export symbols unnecessarilyJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-26global: cleanup IP header checkingJason A. Donenfeld
This way is more correct and ensures we're within the skb head. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-26device: remove icmp conntrack hacksJason A. Donenfeld
This logic belongs upstream. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-26compat: clean up cruftJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-26device: avoid double icmp send on routing loopJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-26socket: use ip_rt_put instead of dst_releaseJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-26socket: verify saddr belongs to interfaceJason A. Donenfeld
This helps "unstick" stuck source addresses, when changing routes dynamically. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-26ratelimiter: rewrite from scratchJason A. Donenfeld
This not only removes the depenency on x_tables, but it also gives us much better performance and memory usage. Now, systems are able to have millions of WireGuard interfaces, without having to worry about a thundering herd of garbage collection. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-25curve25519: keep certain sandy2x functions in CJason A. Donenfeld
We can let the compiler optimize how it sees fit. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-24curve25519: satisfy sparse and use short typesJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-24receive: extend rate limiting to 1 second after under load detectionJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-24device: only use one sleep notifierJason A. Donenfeld
This greatly improves performance when adding and removing interfaces, since the power registration function does a linear search each time. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-24device: netdevice destruction logic change for 4.12Jason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-24selftest: remove antique siphash self testJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-24main: annotate init/exit functions to save memoryJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-13version: bump snapshotJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-12random: wait for random bytes when generating nonces and ephemeralsJason A. Donenfeld
We can let userspace configure wireguard interfaces before the RNG is fully initialized, since what we mostly care about is having good randomness for ephemerals and xchacha nonces. By deferring the wait to actually asking for the randomness, we give a lot more opportunity for gathering entropy. This won't cover entropy for hash table secrets or cookie secrets (which rotate anyway), but those have far less catastrophic failure modes, so ensuring good randomness for elliptic curve points and nonces should be sufficient. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-12version: bump snapshotJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-08config: ensure the RNG is initialized before settingJason A. Donenfeld
It's possible that get_random_bytes() will return bad randomness if it hasn't been seeded. This patch makes configuration block until the RNG is properly initialized. Reference: http://www.openwall.com/lists/kernel-hardening/2017/06/02/2 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-08noise: fix race when replacing handshakeJason A. Donenfeld
Replacing an entry that's already been replaced is something that could happen when processing handshake messages in parallel, when starting up multiple instances on the same machine. Reported-by: Hubert Goisern <zweizweizwoelf@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-05peer: explicitly initialize atomicJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-01compat: remove padata hotplug codeJason A. Donenfeld
It's different on different kernel versions, and we're not using it anyway, so it's easiest to just get rid of it, rather than having another ifdef maze. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-01curve25519: use more standard label convention in asmJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-01device: do-while assignment styleJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-01receive: trim incoming packets to IP header lengthJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-31timers: queue up killing ephemerals only if not alreadyJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-31config: add new line for styleJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-31version: bump snapshotJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-31timers: reset retry-attempt counter when not retryingJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-31timers: the completion of a handshake also is on key confirmationJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-31timers: rework handshake reply control flowJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-31debug: print interface name in dmesgJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-31compat: remove warning for < 4.1Jason A. Donenfeld
It still is sort of experimental, I suppose, especially this part in the udp_tunnel drop-in: skb_orphan(skb); sk_mem_reclaim(sk); It seems like sometimes this won't do what we want, but it's hard to diagnose exactly what's happening. In any case, nobody paid attention to that warning anyway, so let's just get rid of it. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-31config: it's faster to memcpy than strncpyJason A. Donenfeld
IFNAMSIZ is 16, so this is two instructions on 64-bit. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-31routingtable: Remove unnecessary check in node_placement()Sultan Alsawaf
node_placement() is always given the address of a stack variable for rnode, so there's no need to check if rnode is null. Signed-off-by: Sultan Alsawaf <sultanxda@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-31data: enable BH during parallel crypto on ARM/NEONJason A. Donenfeld
padata disables it, but in order to use SIMD on ARM, we can't be in an interrupt. We only do this on ARM since it adds jitter to the performance. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-31curve25519: add NEON versions for ARMJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-31curve25519: align the basepoint to 32 bytesJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-31curve25519: actually, do some things on heap sometimesJason A. Donenfeld
This reverts commit 42dd5bd87e418275203dd6644b6b6b0cc310d4d9. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-31config: do not error out when getting if no peersJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-30device: keep going when share_check failsJason A. Donenfeld
Suggested-by: Sultan Alsawaf <sultanxda@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>