This gets us nanoseconds instead of microseconds, which is better, and
we can do this pretty much without freaking out existing userspace,
which doesn't actually make use of the nano/micro seconds field:
zx2c4@thinkpad ~ $ cat a.c
void main()
{
puts(sizeof(struct timeval) == sizeof(struct timespec) ? "success" : "failure");
}
zx2c4@thinkpad ~ $ gcc a.c -m64 && ./a.out
success
zx2c4@thinkpad ~ $ gcc a.c -m32 && ./a.out
success
This doesn't solve y2038 problem, but timespec64 isn't yet a thing in
userspace.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This ensures that on an unclean shutdown, we either see the old content
or the new content, but not empty content.
Suggested-by: Ka Ho Ng <ngkaho1234@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
One types:
for (i = 0 ...
So one should also type:
for_each_obj (obj ...
But the upstream kernel style guidelines are insane, and so we must
instead do:
for_each_obj(obj ...
Ugly, but one must choose his battles wisely.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This lets us do flexible things from wg-quick such as:
PostUp = wg set %i private-key <(pass WireGuard/private-keys/%i)
It also was never a very sensible policy to enforce.
Suggested-by: Luis Ressel <aranea@aixah.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
The reference to this is <https://sourceware.org/glibc/wiki/NameResolver>,
which mentions:
"From the perspective of the application that calls getaddrinfo() it
perhaps doesn't matter that much since EAI_FAIL, EAI_NONAME and
EAI_NODATA are all permanent failure codes and the causes are all
permanent failures in the sense that there is no point in retrying
later."
This should cover more early-boot situations.
While we're at it, we clean up the logic a bit so that we don't have a
retry message on the final non-retrying attempt. We also peer into errno
when receiving EAI_SYSTEM, to report to the user what actually happened.
Also, fix the quoting back tick front tick mess.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
DaveM suggests we do in fact do this. Others on the same thread weren't
happy about the length of the proposed message, so we also give a bit of
a less dramatic warning.
This reverts commit a2cc976a3b572cf308cc2d97c080eacac60416fe.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Also prefix octal 0, in case these files are actually of modes that
don't start with 0 by accident (such as SUID or sticky bit).
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This helps with old Debian which has ancient iproute2, as well as paving
the path toward this script supporting userspace implementations.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This doesn't actually fix a real problem, but it is more correct than
not having it.
Suggested-by: Aaron Sigel <aaron@vtty.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Maybe an attacker on the system could use the infoleak in /proc to gauge
how long a wg(8) process takes to complete and determine the number of
leading zeros. This is somewhat ridiculous, but it's possible somebody
somewhere might at somepoint care in the future, so alright.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Jason A. Donenfeld