Commit Graph

42 Commits

Author SHA1 Message Date
Jason A. Donenfeld 437116f238 wg: allow in-line comments
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-17 05:55:03 +01:00
Jason A. Donenfeld 1e5d6b9a66 wg: fread doesn't change errno
Thus we might be responding to an old errno, which could cause this to
unnecessarily fail.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-01-30 14:46:34 +01:00
Jason A. Donenfeld 723abc5098 wg: plug memleak in config error path
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-01-18 11:26:09 +01:00
Jason A. Donenfeld 9207dec08f global: year bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-01-03 21:58:00 +01:00
Greg Kroah-Hartman 01d00bc035 global: add SPDX tags to all files
It's good to have SPDX identifiers in all files as the Linux kernel
developers are working to add these identifiers to all files.

Update all files with the correct SPDX license identifier based on the license
text of the project or based on the license in the file itself.  The SPDX
identifier is a legally binding shorthand, which can be used instead of the
full boiler plate text.

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Modified-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-12-09 22:29:28 +01:00
Jason A. Donenfeld 30cf5eb883 wg: fix removing preshared keys
Also clean up related logic quite a bit and add unit tests.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-11-23 11:09:12 +01:00
Jason A. Donenfeld 08ce3b2426 wg: tighten up strtoul parsing
Reported-by: Cedric Buxin <cedric.buxin@izri.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-11-17 14:06:18 +01:00
Jason A. Donenfeld e77a77a805 wg: allow for NULL keys everywhere
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-11-11 12:30:49 +09:00
Jason A. Donenfeld b1dd8d711e global: style nits
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-31 17:25:23 +01:00
Jason A. Donenfeld d9d0a2cbed global: infuriating kernel iterator style
One types:

   for (i = 0 ...

So one should also type:

  for_each_obj (obj ...

But the upstream kernel style guidelines are insane, and so we must
instead do:

  for_each_obj(obj ...

Ugly, but one must choose his battles wisely.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-31 17:25:23 +01:00
Jason A. Donenfeld 65db14706b wg: don't insist on having a private key
This lets us do flexible things from wg-quick such as:

PostUp = wg set %i private-key <(pass WireGuard/private-keys/%i)

It also was never a very sensible policy to enforce.

Suggested-by: Luis Ressel <aranea@aixah.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-17 19:26:07 +02:00
Jason A. Donenfeld 085796b210 wg: retry resolution except when fatal
The reference to this is <https://sourceware.org/glibc/wiki/NameResolver>,
which mentions:

"From the perspective of the application that calls getaddrinfo() it
perhaps doesn't matter that much since EAI_FAIL, EAI_NONAME and
EAI_NODATA are all permanent failure codes and the causes are all
permanent failures in the sense that there is no point in retrying
later."

This should cover more early-boot situations.

While we're at it, we clean up the logic a bit so that we don't have a
retry message on the final non-retrying attempt. We also peer into errno
when receiving EAI_SYSTEM, to report to the user what actually happened.

Also, fix the quoting back tick front tick mess.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-17 19:26:07 +02:00
Jason A. Donenfeld 38ac0ff08e Makefile: clang now builds the kernel, so use scan-build
Also add little stub for coccinelle and clean up semicolon issue it
found.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-05 22:21:53 +02:00
Jason A. Donenfeld 5b65f87e9f netlink: switch from ioctl to netlink for configuration
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-02 02:45:53 +02:00
Jason A. Donenfeld 9ef84af8c0 wg: use key_is_zero for comparing to zeros
Maybe an attacker on the system could use the infoleak in /proc to gauge
how long a wg(8) process takes to complete and determine the number of
leading zeros. This is somewhat ridiculous, but it's possible somebody
somewhere might at somepoint care in the future, so alright.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-09-24 23:10:15 +02:00
Jason A. Donenfeld 34337b0906 wg: fix removal of psk
This is an attribute of the peer, not the device.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-08-23 12:51:52 -06:00
Jason A. Donenfeld 32afe0e220 wg: allow creating device with no peers
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-31 05:35:34 +02:00
Jason A. Donenfeld 945fae0c7c wg: support text-based ipc
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-17 18:13:14 +02:00
Jason A. Donenfeld 067ebe2cb9 wg: stricter key file reading
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-17 18:07:42 +02:00
Jason A. Donenfeld fabb6eca2b noise: redesign preshared key mode
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-17 18:07:42 +02:00
Jason A. Donenfeld 83223f8e4c wg: retry name resolution on temporary failure
This should solve many problems at init time.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-17 18:07:42 +02:00
Jason A. Donenfeld 6a967c63a7 wg: check for malloc failure
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-04-19 18:26:32 +02:00
Jason A. Donenfeld 755217bd85 wg: side channel resistant base64
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-04-19 18:26:32 +02:00
Jason A. Donenfeld d42dd68add wg: do not use addrconfig with port in gai
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-28 10:46:31 +02:00
Jason A. Donenfeld 6d20c647d0 uapi: add version magic
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-24 04:44:27 +01:00
Jason A. Donenfeld d4edc7baa8 wg: give "off" value for fwmark
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-23 07:09:49 +01:00
Jason A. Donenfeld c8472e2dab socket: enable setting of fwmark
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-13 21:55:18 +01:00
Jason A. Donenfeld 3606898d23 wg: remove key for any empty file
Rather than just using /dev/null to mean key removal, match on any empty
file, so that this interface is cross platform.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-07 12:21:22 +01:00
Jason A. Donenfeld 666623a82e wg: setconf should remove existing psk
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-07 12:21:22 +01:00
Jason A. Donenfeld 396dc76a04 Update copyright
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-10 06:36:19 +01:00
Jason A. Donenfeld f43b43376b uapi: use sockaddr union instead of sockaddr_storage
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-10 06:29:24 +01:00
Jason A. Donenfeld 48f7c3522a uapi: use flag instead of C bitfield for portability
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-10 05:36:43 +01:00
Jason A. Donenfeld a488f1b084 wg: do not use AI_ADDRCONFIG
Some people run wg(8) using hard coded v6 addresses before interfaces
have v6 addresses, causing getaddrinfo to fail. Since AI_ADDRCONFIG
doesn't actualy change the sorting, but just the queries made, we don't
really need AI_ADDRCONFIG anyway, since we're always only taking the
first result.

Reported-by: Benedikt Morbach <benedikt.morbach@googlemail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-12-23 21:09:23 +01:00
Jason A. Donenfeld 16a6972bb6 headers: cleanup notices
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-21 01:00:07 +01:00
Jason A. Donenfeld 3338bb11e8 wg: chill modern gcc out
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-05 21:45:12 +01:00
Jason A. Donenfeld 967ea8c712 wg: allow multiple AllowedIPs invocations
It turns out this is a somewhat natural thing to do in config files.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-08-30 04:35:51 +02:00
Jason A. Donenfeld 822ae991d8 persistent-keepalive: change range to [1,65535]
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-08-08 14:05:37 +02:00
Jason A. Donenfeld 1b9a83c852 c: specify static array size in function params
The C standard states:

  A declaration of a parameter as ``array of type'' shall be adjusted to ``qualified pointer to
  type'', where the type qualifiers (if any) are those specified within the [ and ] of the
  array type derivation. If the keyword static also appears within the [ and ] of the
  array type derivation, then for each call to the function, the value of the corresponding
  actual argument shall provide access to the first element of an array with at least as many
  elements as specified by the size expression.

By changing void func(int array[4]) to void func(int array[static 4]),
we automatically get the compiler checking argument sizes for us, which
is quite nice.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-08-02 02:55:42 +02:00
Jason A. Donenfeld b318e81cd0 wg: rename kernel to ipc
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-07-21 11:26:52 +02:00
Jason A. Donenfeld fc743caf3b persistent keepalive: add userspace support
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-07-08 02:43:33 +02:00
Jason A. Donenfeld 742f038fc2 wg: improve error reporting and detection
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-07-03 20:45:48 +02:00
Jason A. Donenfeld 8132305e54 Initial commit
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-06-25 16:48:39 +02:00