Commit Graph

422 Commits

Author SHA1 Message Date
Jason A. Donenfeld 265e81a344 wg-quick: android: do not free iterated pointer
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-09-15 16:20:22 +02:00
Jason A. Donenfeld 7a321ce808 version: bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-08-27 10:22:09 +02:00
Jason A. Donenfeld 91fbeb4a92 Revert "wg-quick: wait on process substitutions"
This reverts commit 26683f6c9a, which
means the old problem comes back. That's an issue. But waiting on
process substitutions is not available with commonly used bash versions:

  # wg-quick up demo
  [#] ip link add demo type wireguard
  [#] wg setconf demo /dev/fd/63
  /usr/bin/wg-quick: line 251: wait: pid 2955 is not a child of this shell
  [#] ip link delete dev demo

This means we have to wait a few years before fixing this issue. IOW,
bash limitation; can't fix.

Reported-by: Theodore Mozzo <theodore.mozzo@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-08-27 10:19:31 +02:00
Jason A. Donenfeld 9a0d65e2af wg-quick: android: use iproute2 to bring up interface instead of ndc
Android 11's ndc regresses even more, but it turns out that netd doesn't
need to track up/down state via direct invocation, so just set the
interface up by way of normal iproute2.

Reported-by: Harsh Shandilya <me@msfjarvis.dev>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-08-25 21:54:22 +02:00
Jason A. Donenfeld fbca033c69 version: bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-08-20 12:06:22 +02:00
Jason A. Donenfeld 26683f6c9a wg-quick: wait on process substitutions
Bash does not propagate error values, which is a bummer, but process
substitutions are a useful feature. Introduce a new idiom to deal with
this: either "; wait $!" after the line to propagate the error, or "||
true" to indicate explicitly that we don't care about the error.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-08-06 17:47:14 +02:00
Jason A. Donenfeld 13fac76a71 ctype: use non-locale-specific ctype.h
We also make these constant time, even though we're never distinguishing
between bits of a secret using them. From that perspective, though, this
is markedly better than the locale-specific table lookups in glibc, even
though base64 characters span two cache lines and valid private keys
must hit both.

Co-authored-by: Samuel Neves <sneves@dei.uc.pt>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
2020-08-06 17:47:14 +02:00
Jason A. Donenfeld cf2bf09524 pubkey: isblank is a subset of isspace
Therefore, there's no need to test both.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-08-06 17:47:14 +02:00
Jason A. Donenfeld b4a8a18797 man: wg-quick: use syncconf instead of addconf for strip example
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-07-28 14:19:10 +02:00
Domonkos P. Tomcsanyi a66219fa10 systemd: add reload target to systemd unit
Users can now run `systemctl reload wg-quick@wgnet0`, as described in
the wg-quick(8) man page. Note that this won't adjust Address=, DNS=, or
the various other non-wg(8) fields.

Signed-off-by: Domonkos P. Tomcsanyi <domi@tomcsanyi.net>
[zx2c4: use exec for bash commands to reduce excess forks, and rewrite
        commit message]
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-07-24 16:23:47 +02:00
Jason A. Donenfeld eb4665ecf0 wincompat: fold random into genkey
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-25 18:07:49 -06:00
Jason A. Donenfeld 197995d50c ipc: split into separate files per-platform
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-25 17:21:18 -06:00
Jason A. Donenfeld c45d422a93 version: bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-13 18:29:41 -06:00
Jason A. Donenfeld 56cb39fb22 ipc: openbsd: switch to array ioctl interface
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-13 01:55:32 -06:00
Jason A. Donenfeld 0cfde946b1 Makefile: remember to install all systemd units
Reported-by: Unit 193 <unit193@unit193.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-11 21:31:05 -06:00
Jason A. Donenfeld 8137c14dc6 version: bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-10 22:20:44 -06:00
Jason A. Donenfeld 10b4e7677f wg-quick: cleanup openbsd support
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-10 22:15:08 -06:00
Matt Dunwoodie 9eda95d084 wg-quick: add support for openbsd kernel implementation
Signed-off-by: Matt Dunwoodie <ncon@noconroy.net>
2020-05-10 22:10:02 -06:00
Jason A. Donenfeld d4a32c97fd ipc: cleanup openbsd support
We also add a wg_if.h in the fallback include path.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-10 22:10:02 -06:00
Matt Dunwoodie 5c66f6ecd1 ipc: add support for openbsd kernel implementation
Signed-off-by: Matt Dunwoodie <ncon@noconroy.net>
2020-05-10 02:05:42 -06:00
Jason A. Donenfeld b60e30e196 ipc: remove extra space
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-10 01:28:57 -06:00
Jason A. Donenfeld 7f236c7957 wg-quick: support dns search domains
If DNS= has an IP in it, treat it as a DNS server. If DNS= has a non-IP
in it, treat it as a DNS search domain.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-09 00:29:53 -06:00
Martin Hauke 238ca40591 systemd: add wg-quick.target
Add file wg-quick.target, which allows starting and stopping all
wg-quick@.service instances at once.

Signed-off-by: Martin Hauke <mardnh@gmx.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-01 15:58:59 -06:00
Jason A. Donenfeld 891fb523a2 terminal: specialize color_mode to stdout only
By specializing this to stdout, we can cache the isatty result.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-04-20 22:52:35 -06:00
Jason A. Donenfeld 3377409bb3 git: add gitattributes so tarball doesn't have gitignore files
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-04-08 23:54:42 -06:00
Jason A. Donenfeld e189f9942d wg-quick: android: support application whitelist
Prior we only supported a blacklist, but actually a whitelist is an
easier algorithm because that's internally how netd considers it, so we
don't need to find range spans. This commit adds an IncludedApplications
key.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-04-05 19:38:11 -06:00
Jason A. Donenfeld 20e28d2b0f highlighter: insist on 256-bit keys, not 257-bit or 258-bit
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-04-03 23:14:07 -06:00
Jason A. Donenfeld dc00c8c577 Makefile: simplify silent cleaning
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-23 00:06:24 -06:00
Jason A. Donenfeld a8063adc8a version: bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-19 16:46:35 -06:00
Jason A. Donenfeld be969b7fe1 wincompat: use new protected prefix on Windows
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-19 16:33:14 -06:00
Jason A. Donenfeld e98b84ab84 wincompat: use string_list instead of inflatable_buffer
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-19 16:29:27 -06:00
Luis Ressel 828ffc88cd man: add a warning to the SaveConfig description
Signed-off-by: Luis Ressel <aranea@aixah.de>
[zx2c4: slightly adjusted wording]
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-05 21:10:17 +08:00
Jason A. Donenfeld bd4f847372 man: backlink wg-quick(8) in wg(8)
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-02-12 15:46:23 +01:00
Kai Haberzettl 6fabf9c2fb man: fix grammar in wg(8) and wg-quick(8)
This fixes a few grammatical errors.

Signed-off-by: Kai Haberzettl <khaberz@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-02-08 22:23:16 +01:00
Jason A. Donenfeld d68b8b189c curve25519: squelch warnings on clang
These are generic helper functions we don't want to move into the actual
implementations, so that it's easy to keep parity with the kernel code.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-02-07 15:46:59 +01:00
Jason A. Donenfeld e5b08c2849 netlink: initialize mostly unused field
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-02-06 17:20:15 +01:00
Jason A. Donenfeld 0bf1f7a3e8 version: bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-02-06 16:19:47 +01:00
Jason A. Donenfeld 0dc32bbeaf netlink: don't pretend that sysconf isn't a function
We can cache the value of this instead of evaluating every time.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-02-05 23:59:55 +01:00
Jason A. Donenfeld ef117a91d1 netlink: remove libmnl requirement
It turns out that the binary actually gets smaller if we simply inline
the very small parts of libmnl that we need. Since we wind up needing
the mnlg bits anyway, there's little benefit in linking to libmnl.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-02-03 18:17:27 +01:00
Jason A. Donenfeld db5cb4f15c embeddable-wg-library: use newer string_list
This ports 1d2d6200b8.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-02-03 16:35:01 +01:00
Jason A. Donenfeld 1ad6b17c35 extract-{handshakes,keys}: rework for upstream kernel
Now that WireGuard has been upstreamed and the repos split, we have to
look elsewhere for these headers.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-02-01 00:53:30 +01:00
Jason A. Donenfeld 27c885ff08 man: document dynamic debug trick for Linux
This comes up occasionally, so it may be useful to mention its
possibility in the man page. At least the Arch Linux and Ubuntu kernels
support dynamic debugging, so this advise will at least help somebody.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-31 23:17:59 +01:00
Jason A. Donenfeld 6771c4454e wg-quick: android: split uids into multiple commands
Different versions of netd have different limits on how many can be
passed at once.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reported-by: Alexey <zaranecc@bk.ru>
2020-01-31 18:56:52 +01:00
Jason A. Donenfeld 8082f7e6a8 version: bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-21 15:51:31 +01:00
Jason A. Donenfeld 3a3a56e217 Makefile: sort inputs to linker so that build is reproducible
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-21 15:51:07 +01:00
Jason A. Donenfeld 64576f9a06 netlink: make sure to clear return value when trying again
Otherwise this runs in an infinite loop if at some point a dump was
interrupted.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-11 12:16:50 -05:00
Jason A. Donenfeld 95c30bc034 fuzz: add set and setconf fuzzers
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-11 10:47:59 -05:00
Jason A. Donenfeld f7f1e7da2c Makefile: evaluate git version lazily
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-08 17:59:58 -05:00
Jason A. Donenfeld cdd8d8ba9f fuzz: add generic command argument fuzzer
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-04 10:47:28 -05:00
Jason A. Donenfeld 1d2d6200b8 ipc: simplify inflatable buffer and add fuzzer
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-04 15:07:10 +01:00