Commit graph

301 commits

Author SHA1 Message Date
Jason A. Donenfeld 53f9023e7e wg: curve25519: handle unaligned loads/stores safely
Reported-by: Chris Hewitt <chris@chrishewitt.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-20 18:32:40 +01:00
Jason A. Donenfeld 89662178c6 makefile: use immediate expansion and use correct template patterns
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-18 14:41:48 +01:00
Aaron Jones 48a31572f1 wg-quick: bring interface up while setting MTU
This avoids another ip(8) invocation for little benefit.
Confirmed to work with iproute2 and busybox.

Signed-off-by: Aaron Jones <aaronmdjones@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-18 14:41:27 +01:00
Jason A. Donenfeld 586b466394 embeddable-wg-library: do not warn on unrecognized netlink attributes
This is a follow up of bcf8684c9ec90fe0d283a67d1654d05fb3eae019.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-07 06:07:35 +01:00
Jason A. Donenfeld 4de77e0646 global: various formatting tweeks
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-11-13 00:34:16 -08:00
Jason A. Donenfeld 7e106d3a4c wg-quick: android: do not choke on empty allowed-ips
Reported-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-11-11 22:15:01 -05:00
Jason A. Donenfeld 1aa8364b17 keygen-html: add missing glue macro
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-11-06 03:30:06 +01:00
Jason A. Donenfeld d9f06cbced wg.8: AllowedIPs isn't actually required
An empty allowed IPs is totally valid, for folks wishing to move IP
addresses between multiple peers atomically.

Suggested-by: Comex <comexk@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-19 03:35:25 +02:00
Jason A. Donenfeld b37a1f46ae wg.8: specify that wg(8) shows runtime info too
Suggested-by: Comex <comexk@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-19 03:33:53 +02:00
Jason A. Donenfeld 4410c87c39 wg-quick: wait for interface to disappear on freebsd
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-13 01:55:31 +02:00
Jason A. Donenfeld 599b84fbd1 wg: don't fail if a netlink interface dump is inconsistent
Netlink returns NLM_F_DUMP_INTR if the set of all tunnels changed
during the dump. That's unfortunate, but is pretty common on busy
systems that are adding and removing tunnels all the time. Rather
than retrying, potentially indefinitely, we just work with the
partial results.

Reported-by: Robert Gerus <ar@is-a.cat>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-13 01:55:31 +02:00
Jason A. Donenfeld 9b1394b2dc wg: compile on gnu99
We don't actually use any C11 features, so we can at least compile with
ancient gcc.

Reported-by: Aaron M. D. Jones <aaronmdjones@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-09 15:23:42 +02:00
Jason A. Donenfeld c1ca487f63 wg: use libc's endianness macro if no compiler macro
This lets us be compiled with ancient gcc.

Reported-by: Jeff Brandt <jeff@jeffcolo.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-09 15:21:27 +02:00
Jason A. Donenfeld 846d2514c5 global: rename struct wireguard_ to struct wg_
This required a bit of pruning of our christmas trees.

Suggested-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-08 03:38:12 +02:00
Jason A. Donenfeld 54569b7999 netlink: do not stuff index into nla type
It's not used for anything, and LKML doesn't like the type being used as
an index value.

Suggested-by: Eugene Syromiatnikov <esyr@redhat.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-08 03:14:52 +02:00
Jason A. Donenfeld 6790b07868 crypto: clean up remaining .h->.c
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-07 16:35:54 +02:00
Jason A. Donenfeld 09c7ab77e9 wg-quick.8: add policy routing example
Suggested-by: Toke Høiland-Jørgensen <toke@toke.dk>
Suggested-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-05 19:20:52 +02:00
Jason A. Donenfeld 646d7a5c78 crypto: make constant naming scheme consistent
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-25 03:01:21 +02:00
Jason A. Donenfeld cef7ac9ef9 global: put SPDX identifier on its own line
The kernel has very specific rules correlating file type with comment
type, and also SPDX identifiers can't be merged with other comments.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-20 19:41:22 +02:00
Jason A. Donenfeld 17546fcd75 global: prefer sizeof(*pointer) when possible
Suggested-by: Sultan Alsawaf <sultanxda@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-04 11:08:29 -06:00
Jason A. Donenfeld 4d59d1f2c5 crypto: import zinc
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-03 23:52:11 -06:00
Jason A. Donenfeld 407b0cb311 wg: ipc: do not warn on unrecognized netlink attributes
It makes extending things more difficult.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-02 23:59:44 -06:00
Jason A. Donenfeld 66054f3638 crypto: use unaligned helpers
This is not useful for WireGuard, but for the general use case we
probably want it this way, and the speed difference is mostly lost in
the noise.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-08-28 23:20:13 -06:00
Jason A. Donenfeld b2ec7892c8 wg-quick: check correct variable for route deduplication
Reported-by: John Sager <john@sager.me.uk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-08-21 15:42:17 -07:00
Jason A. Donenfeld ffcc09358e wg-quick: darwin: prefer system paths for tools
The only things wg-quick(8) needs from Homebrew are bash(1) and wg(8).
Other than that, it's explicitly coded against the native system
utilities. Since wg-quick(8) and bash(1) are invoked in auto_su by their
full absolute path (via $SELF and $BASH, respectively), we can simply
set the $PATH to be prefixed by the default system binary paths. This
way, if users install tools that conflict with system tools -- such as
GNU coreutils -- we won't accidently call those.

Reported-by: Deirdre Connolly <durumcrustulum@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-08-12 00:28:28 -07:00
Jason A. Donenfeld 544d965d5f wg-quick: android: remove compat code
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-24 18:15:17 +02:00
Jason A. Donenfeld f621f36800 wg-quick: android: allow package to be overridden
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-24 18:15:17 +02:00
Jason A. Donenfeld c61c5a03ee embeddable-wg-library: do not left shift negative numbers
Otherwise we incur undefined behavior.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-24 18:15:17 +02:00
Jason A. Donenfeld 4349005f4e wg-quick: allow link local default gateway
It's unclear why it was like this in the first place, but it apparently
broke certain IPv6 setups.

Reported-by: Jonas Blahut <j@die-blahuts.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-16 17:27:00 +02:00
Jason A. Donenfeld 4502f4f2b7 wg: only error on wg show if all interfaces fail
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-08 22:38:34 +02:00
Jason A. Donenfeld 4367cd0d3d wg-quick: android: support excluding applications
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-05 19:26:13 +02:00
Jason A. Donenfeld b3b6d97db8 wg-quick: android: prevent outgoing handshake packets from being dropped
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-06-25 16:15:35 +02:00
Jonathan Neuschäfer a54a133500 wg: fix misspelling of strchrnul in comment
Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-06-22 04:09:39 +02:00
Jonathan Neuschäfer ef54cbf568 manpages: eliminate whitespace at the end of the line
This eliminates a few style warnings from "mandoc -T lint src/tools/wg*.8".

Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-06-22 04:09:39 +02:00
Jason A. Donenfeld 02733c681b wg-quick: android: don't forget to free compiled regexes
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-06-17 19:36:37 +02:00
Jason A. Donenfeld 3bbacaaf14 wg-quick: android: disable roaming to v6 networks when v4 is specified
This works around an unfortunate bug in 464XLAT transitions.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-06-17 19:36:37 +02:00
Jason A. Donenfeld 2ce4680bd3 dns-hatchet: apply resolv.conf's selinux context to new resolv.conf
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-06-17 19:36:37 +02:00
Jason A. Donenfeld 6f85449d79 wg: getentropy requires 10.12
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-06-14 05:25:23 +02:00
Jason A. Donenfeld 0632c8af68 wg: support getentropy(3)
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-06-08 03:24:46 +02:00
Jason A. Donenfeld d90e49599b wg: encoding: add missing static array constraints
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-06-06 00:05:58 +02:00
Jason A. Donenfeld 8c4cf156d5 wg-quick: android: change name of intent
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-06-04 07:05:58 +02:00
Jason A. Donenfeld 2044bb026d wg-quick: android: delay setting users until end
`ndc users add` eventually invokes SOCK_DESTROY on user sockets, causing
them to reconnect. By delaying this until after routes are set, we
ensure that the sockets reconnect using the tunnel, rather than the old
route.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-31 16:38:08 +02:00
Jason A. Donenfeld 2bca99893f wg: constanter time encoding
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-31 01:24:51 +02:00
Jason A. Donenfeld 206e8f08e2 wg-quick: darwin: set DNS servers after delay on route change
This works around a race condition in macOS's network daemons, while
also adding one in the form of possibly calling kill -ALRM on a stale
PID; unfortunately bash can't wait from a trap.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-31 01:24:51 +02:00
Jason A. Donenfeld d532074ef5 wg-quick: freebsd: configure as p2p link
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-27 05:24:07 +02:00
Jason A. Donenfeld df6c69e98c wg-quick: darwin: add multiple IP addresses
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-27 05:22:55 +02:00
Jason A. Donenfeld 19ce650fb6 wg-quick: determine IPs when saving interface
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-27 02:42:31 +02:00
Jason A. Donenfeld c99e6beecb wg-quick: freebsd: work around security vulnerabilities in bash
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-24 02:24:02 +02:00
Jason A. Donenfeld 86dd5587a9 wg-quick: allow enumeration of socket files
These OSes have an unpriv'd ifconfig, so this isn't an even larger info
leak.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-23 15:31:47 +02:00
Jason A. Donenfeld 3d089e07e2 wg-quick: better bash completion for non-renaming OSes
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-23 15:24:07 +02:00