opensourcemirror
/
WireGuard
mirror of https://git.zx2c4.com/WireGuard
1
0
Fork 0
Code Issues Releases Wiki Activity
1,390 Commits 44 Branches 97 Tags 3.3 MiB
Commit Graph

1390 Commits

Author SHA1 Message Date
Jason A. Donenfeld edad0d6e99 version: bump snapshot 2019-12-19 01:12:35 +01:00
Jason A. Donenfeld 0e38a3c340 compat: ipv6_dst_lookup_flow was backported to 5.3 and 5.4 2019-12-19 01:00:39 +01:00
Jason A. Donenfeld 2e52c410fd wg-quick: linux: use already configured addresses instead of in-memory 
The ADDRESSES array might not have addresses added during PreUp. But
moreover, nft(8) and iptables(8) don't like ip addresses in the form
somev6prefix::someipv4suffix, such as fd00::1.2.3.4, while ip(8) can
handle it. So by adding these first and then asking for them back, we
always get normalized addresses suitable for nft(8) and iptables(8).

Reported-by: Silvan Nagl <mail@53c70r.de>
 2019-12-17 14:18:09 +01:00
Kai Haberzettl 3721521227 tools: adjust wg.8 syntax for consistency in COMMANDS section 
Signed-off-by: Kai Haberzettl <khaberz@gmail.com>
 2019-12-13 16:22:19 +01:00
Jason A. Donenfeld 21a1498f16 wg-quick: linux: try both iptables(8) and nft(8) on teardown 
Daniel argues that technically a package manager could install nft(8)
after previously having started wg-quick(8) using iptables(8).

Suggested-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
 2019-12-12 17:24:04 +01:00
Jason A. Donenfeld 1ec6ece840 version: bump snapshot 2019-12-12 12:24:51 +01:00
YueHaibing e13de91391 main: remove unused include <linux/version.h> 
Remove including <linux/version.h> that we don't need.

Signed-off-by: YueHaibing <yuehaibing@huawei.com>
 2019-12-12 12:24:05 +01:00
Jason A. Donenfeld 72eb17c28c wg-quick: linux: support older nft(8) 
Older nft(8), such as that on Ubuntu, does not accept the - parameter to
the -f argument and doesn't accept symbolic priority names. So instead
use the canonical numeric priority forms and use <(echo) instead of -.
 2019-12-12 12:24:05 +01:00
Josh Soref 1d8e978e28 global: fix up spelling 
Signed-off-by: Josh Soref <jsoref@gmail.com>
 2019-12-12 12:24:05 +01:00
Jason A. Donenfeld e02713e94c wg-quick: linux: add support for nft and prefer it 
If nft(8) is installed, use it. These rules should be identical to the
iptables-restore(8) ones, with the advantage that cleanup is easy
because we use custom table names.
 2019-12-12 12:24:05 +01:00
Sergey Ivanov b4e3a83915 compat: support building for RHEL-8.1 instead of RHEL-8.0 
RedHat backported to their kernel 4.18.0-147.el8 a couple features.
This patch enables compiling for this kernel.

Signed-off-by: Sergey Ivanov <seriv@cs.umd.edu>
 2019-12-12 12:24:05 +01:00
Jason A. Donenfeld f29e3acc33 socket: convert to ipv6_dst_lookup_flow for 5.5 
Upstream changed the API, so we introduce this super insane compat hack
to make everything work again.
 2019-12-12 12:23:45 +01:00
Jason A. Donenfeld ec8231fb44 version: bump snapshot 2019-12-06 18:39:32 +01:00
Jason A. Donenfeld a0f876bd2d chacha20poly1305: double check the sgmiter logic with test 2019-12-06 18:03:23 +01:00
Jason A. Donenfeld d6fb17609c wg-quick: linux: ignore save warnings for iptables-nft 2019-12-06 16:51:05 +01:00
Jason A. Donenfeld 00c9308a71 wg-quick: linux: suppress more warnings on weird kernels 2019-12-06 16:22:18 +01:00
Jason A. Donenfeld 884b6e36e6 wg-quick: linux: some iptables don't like empty lines 
Reported-by: Kenneth R. Crudup <kenny@panix.com>
 2019-12-05 18:33:18 +01:00
Jason A. Donenfeld 091dcd9544 crypto: use new assembler macros for 5.5 2019-12-05 15:27:37 +01:00
Jason A. Donenfeld 12b4b2210c chacha20poly1305: port to sgmitter for 5.5 
I'm not totally comfortable with these changes yet, and it'll require
some more scrutiny. But it's a start.
 2019-12-05 14:54:46 +01:00
Jason A. Donenfeld 5eb87fb649 netlink: prepare for removal of genl_family_attrbuf in 5.5 2019-12-05 11:51:39 +01:00
Jason A. Donenfeld 1a59e5f1b3 version: bump snapshot 2019-12-05 11:49:46 +01:00
Jason A. Donenfeld 9048bf71ee wg-quick: linux: iptables-* -w is not widely supported 2019-12-05 11:48:25 +01:00
Jason A. Donenfeld eed7ef0d84 ipc: make sure userspace communication frees wgdevice 2019-12-05 11:48:25 +01:00
Jason A. Donenfeld d319a9a9f8 send: avoid touching skb->{next,prev} directly 
This isn't quite the same, since mark_not_on_list doesn't touch
skb->prev, but hopefully it doesn't matter.
 2019-12-05 11:48:25 +01:00
Jason A. Donenfeld e1d3e7635f device: prepare skb_list_walk_safe for upstreaming 2019-12-05 11:48:25 +01:00
Jason A. Donenfeld 0cc093b161 send: use kfree_skb_list 2019-12-05 11:48:25 +01:00
Jason A. Donenfeld 669e31e3ff wg-quick: linux: have remove_iptables return true 
Reported-by: Thomas Sattler <sattler@med.uni-frankfurt.de>
 2019-12-05 11:48:25 +01:00
Jason A. Donenfeld 264731047a wg-quick: linux: ensure postdown hooks execute 
Reported-by: Thomas Sattler <sattler@med.uni-frankfurt.de>
 2019-12-05 11:48:25 +01:00
Jason A. Donenfeld 490c0d31d6 wg-quick: linux: suppress error when finding unused table 2019-11-27 17:12:15 +01:00
Jason A. Donenfeld 7fc30dd242 version: bump snapshot 2019-11-27 15:39:16 +01:00
Jason A. Donenfeld 20cf26f89d tools: add syncconf command 2019-11-27 14:42:34 +01:00
Jason A. Donenfeld cf3948dab5 reresolve-dns: remove invalid anchors on regex match 
Reported-by: Conrad Meyer <cem@freebsd.org>
 2019-11-27 14:42:34 +01:00
Jason A. Donenfeld 1f96cdcc04 qemu: bump version 2019-11-27 14:42:34 +01:00
Jason A. Donenfeld bcb5513856 qemu: respect PATH when finding CBUILD 2019-11-27 14:38:44 +01:00
Jason A. Donenfeld 7b51df7750 qemu: work around build bug with powerpc64le 2019-11-27 14:02:49 +01:00
Jason A. Donenfeld dd55a14f4b wg-quick: linux: filter bogus injected packets and don't disable rpfilter 2019-11-27 13:45:58 +01:00
Jason A. Donenfeld 0fadbc4f4e wg-quick: linux: only touch net.ipv4 for v4 2019-11-26 11:33:33 +01:00
Jason A. Donenfeld f2bd8c8cc9 allowedips: avoid double lock in selftest error case 2019-11-26 11:33:33 +01:00
Jason A. Donenfeld 420bd19469 socket: remove redundant check of new4 2019-11-26 11:33:33 +01:00
Jason A. Donenfeld d0eb40c792 allowedips: safely dereference rcu roots 2019-11-26 11:33:33 +01:00
Jason A. Donenfeld 21df5a545d messages: recalculate rekey max based on a one minute flood 
Discussed-with: Mathias Hall-Andersen <mathias@hall-andersen.dk>
 2019-10-30 14:27:54 +01:00
Jason A. Donenfeld 0b27b1d315 wg-quick: android: check for null in binder cleanup functions 2019-10-16 14:23:27 +02:00
Jason A. Donenfeld 8eb8443709 version: bump snapshot 2019-10-12 16:55:11 +02:00
Nicolas Douma be09cf5f09 wg-quick: android: use Binder for setting DNS on Android 10 
Signed-off-by: Nicolas Douma <nicolas@serveur.io>
 2019-10-12 16:49:52 +02:00
Jason A. Donenfeld 4716f858ff noise: recompare stamps after taking write lock 2019-10-11 12:34:54 +02:00
Jason A. Donenfeld 54db1977b2 netlink: allow preventing creation of new peers when updating 
This enables race-free updates for wg-dynamic and similar tools.

Suggested-by: Thomas Gschwantner <tharre3@gmail.com>
 2019-10-11 12:34:54 +02:00
Jason A. Donenfeld f1b87d15e5 netns: add test for failing 5.3 FIB changes 
Reference: https://lore.kernel.org/netdev/20190924073615.31704-1-Jason@zx2c4.com/
 2019-10-11 12:34:54 +02:00
Jason A. Donenfeld a3539c46d6 qemu: bump default version 2019-10-11 12:34:54 +02:00
Jason A. Donenfeld 7bf34f50d4 version: bump snapshot 2019-09-13 18:01:58 -04:00
Jason A. Donenfeld 49d5a69653 compat: support rhel/centos 7.7 2019-09-13 15:08:24 -04:00