1ad6b17c35
extract-{handshakes,keys}: rework for upstream kernel
...
Now that WireGuard has been upstreamed and the repos split, we have to
look elsewhere for these headers.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-02-01 00:53:30 +01:00
27c885ff08
man: document dynamic debug trick for Linux
...
This comes up occasionally, so it may be useful to mention its
possibility in the man page. At least the Arch Linux and Ubuntu kernels
support dynamic debugging, so this advise will at least help somebody.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-31 23:17:59 +01:00
6771c4454e
wg-quick: android: split uids into multiple commands
...
Different versions of netd have different limits on how many can be
passed at once.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reported-by: Alexey <zaranecc@bk.ru>
2020-01-31 18:56:52 +01:00
8082f7e6a8
version: bump
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-21 15:51:31 +01:00
3a3a56e217
Makefile: sort inputs to linker so that build is reproducible
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-21 15:51:07 +01:00
64576f9a06
netlink: make sure to clear return value when trying again
...
Otherwise this runs in an infinite loop if at some point a dump was
interrupted.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-11 12:16:50 -05:00
95c30bc034
fuzz: add set and setconf fuzzers
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-11 10:47:59 -05:00
f7f1e7da2c
Makefile: evaluate git version lazily
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-08 17:59:58 -05:00
cdd8d8ba9f
fuzz: add generic command argument fuzzer
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-04 10:47:28 -05:00
1d2d6200b8
ipc: simplify inflatable buffer and add fuzzer
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-04 15:07:10 +01:00
f59f63f462
Makefile: add standard 'all' target
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reported-by: Bruno Wolff III <bruno@wolff.to>
2020-01-03 21:22:22 +01:00
bfb31ac953
Makefile: remove pwd from compile output
...
We previously included $(pwd) in the compile output pretty printer,
because it matched our parent out-of-tree module build. Since we're no
longer coupled to the module, we can return to a prettier scheme of just
using the object name.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Fixes: eb68ad07
2020-01-03 12:36:10 +01:00
3bf1b64d44
version: bump
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-02 19:53:11 +01:00
d8230ea0dc
global: bump copyright
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-02 19:52:25 +01:00
16e20de722
wg-quick: linux: quote ifname for nft
...
Otherwise nft(8) has strange ideas of what a string is.
Suggested-by: RistiCore <RistiCore@mail.ee>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-28 18:35:41 +01:00
3bfe9c41ab
Makefile: rework automatic version.h mangling
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reported-by: Joe Doss <joe@solidadmin.com>
2019-12-27 18:33:55 +01:00
2d000809dd
fuzz: find bugs when parsing uapi input
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-27 18:33:55 +01:00
cde6f312e4
fuzz: find bugs in the config syntax parser
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-27 18:33:55 +01:00
318253d932
man: add documentation about removing explicit listen-port
...
Signed-off-by: Devin Smith <thundza@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-27 11:52:29 +01:00
d359ead4dc
dns-hatchet: adjust path for new repo layout
...
Reported-by: Joe Doss <joe@solidadmin.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-26 18:10:37 +01:00
f9f1ba795e
Makefile: port static analysis check
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-26 16:54:25 +01:00
ff7e5dfe30
Makefile: DEBUG_TOOLS -> DEBUG and document
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-26 16:51:58 +01:00
7861d89b7c
systemd: update documentation URL
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-26 13:59:27 +01:00
ae659490cf
version: bump
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-26 13:59:11 +01:00
9130fa0450
Makefile: add git versioning to dev builds
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-26 13:57:58 +01:00
011bf3b9f4
README: consolidate with INSTALL and rewrite
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-26 13:10:42 +01:00
262b5196cf
wg: include tools version
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-26 13:10:42 +01:00
2f74ac29cf
wg: add back source formerly shared with kernel module
...
We used to reach back into parent directories for this, but with the
repo split, we now require our own copy.
We use -idirafter in case system headers are installed for the
wireguard.h netlink definitions.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-26 12:55:41 +01:00
d5ac56465e
gitignore: trim down to basics
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-26 12:55:41 +01:00
6262906e5c
wg-quick: linux: use already configured addresses instead of in-memory
...
The ADDRESSES array might not have addresses added during PreUp. But
moreover, nft(8) and iptables(8) don't like ip addresses in the form
somev6prefix::someipv4suffix, such as fd00::1.2.3.4, while ip(8) can
handle it. So by adding these first and then asking for them back, we
always get normalized addresses suitable for nft(8) and iptables(8).
Reported-by: Silvan Nagl <mail@53c70r.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-17 14:18:09 +01:00
64f83e6161
wg: adjust wg.8 syntax for consistency in COMMANDS section
...
Signed-off-by: Kai Haberzettl <khaberz@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-13 16:22:19 +01:00
6fbfa0d7bb
wg-quick: linux: try both iptables(8) and nft(8) on teardown
...
Daniel argues that technically a package manager could install nft(8)
after previously having started wg-quick(8) using iptables(8).
Suggested-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-12 17:24:04 +01:00
45417c5c0d
wg-quick: linux: support older nft(8)
...
Older nft(8), such as that on Ubuntu, does not accept the - parameter to
the -f argument and doesn't accept symbolic priority names. So instead
use the canonical numeric priority forms and use <(echo) instead of -.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-12 12:24:05 +01:00
a863be0148
global: fix up spelling
...
Signed-off-by: Josh Soref <jsoref@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-12 12:24:05 +01:00
17c78d31c2
wg-quick: linux: add support for nft and prefer it
...
If nft(8) is installed, use it. These rules should be identical to the
iptables-restore(8) ones, with the advantage that cleanup is easy
because we use custom table names.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-12 12:24:05 +01:00
bc8bf54185
wg-quick: linux: ignore save warnings for iptables-nft
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-06 16:51:05 +01:00
8d4e4f3a86
wg-quick: linux: suppress more warnings on weird kernels
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-06 16:22:18 +01:00
3928ebb87d
wg-quick: linux: some iptables don't like empty lines
...
Reported-by: Kenneth R. Crudup <kenny@panix.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-05 18:33:18 +01:00
9eab3487cd
wg-quick: linux: iptables-* -w is not widely supported
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-05 11:48:25 +01:00
faa55d8b19
ipc: make sure userspace communication frees wgdevice
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-05 11:48:25 +01:00
207aeed010
wg-quick: linux: have remove_iptables return true
...
Reported-by: Thomas Sattler <sattler@med.uni-frankfurt.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-05 11:48:25 +01:00
af69113e02
wg-quick: linux: ensure postdown hooks execute
...
Reported-by: Thomas Sattler <sattler@med.uni-frankfurt.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-05 11:48:25 +01:00
a9abb21575
wg-quick: linux: suppress error when finding unused table
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-11-27 17:12:15 +01:00
ae374129ab
wg: add syncconf command
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-11-27 14:42:34 +01:00
34ea0caf1f
reresolve-dns: remove invalid anchors on regex match
...
Reported-by: Conrad Meyer <cem@freebsd.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-11-27 14:42:34 +01:00
ebcf1ef8b1
wg-quick: linux: filter bogus injected packets and don't disable rpfilter
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-11-27 13:45:58 +01:00
a59aa6c404
wg-quick: linux: only touch net.ipv4 for v4
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-11-26 11:33:33 +01:00
cf7ec31d2d
wg-quick: android: check for null in binder cleanup functions
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-10-16 14:23:27 +02:00
792727cf64
wg-quick: android: use Binder for setting DNS on Android 10
...
Signed-off-by: Nicolas Douma <nicolas@serveur.io>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-10-12 16:49:52 +02:00
959937672a
wg: windows: enforce named pipe ownership and use protected prefix
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-08-31 08:48:39 -06:00
Jason A. Donenfeld
Devin Smith
Kai Haberzettl
Josh Soref
Nicolas Douma