Jason A. Donenfeld
cbd2b0531f
wg-quick: verify wireguard interface in more clever way
...
This helps with old Debian which has ancient iproute2, as well as paving
the path toward this script supporting userspace implementations.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-02 02:45:53 +02:00
Jason A. Donenfeld
a566bde126
wg-quick: anchor sysctl regex to start and end
...
This doesn't actually fix a real problem, but it is more correct than
not having it.
Suggested-by: Aaron Sigel <aaron@vtty.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-02 02:45:53 +02:00
Jason A. Donenfeld
5b65f87e9f
netlink: switch from ioctl to netlink for configuration
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-02 02:45:53 +02:00
Jason A. Donenfeld
9a0790b50a
wg: uapi: only make sure socket file is socket
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-09-26 15:04:07 +02:00
Jason A. Donenfeld
9ef84af8c0
wg: use key_is_zero for comparing to zeros
...
Maybe an attacker on the system could use the infoleak in /proc to gauge
how long a wg(8) process takes to complete and determine the number of
leading zeros. This is somewhat ridiculous, but it's possible somebody
somewhere might at somepoint care in the future, so alright.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-09-24 23:10:15 +02:00
Jason A. Donenfeld
6c7d67acfe
contrib: add sticky sockets example code
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-09-24 23:10:15 +02:00
Jason A. Donenfeld
92feabdd17
wg-quick: only bash complete existing interfaces for down
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-09-06 20:51:41 +02:00
Jason A. Donenfeld
34337b0906
wg: fix removal of psk
...
This is an attribute of the peer, not the device.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-08-23 12:51:52 -06:00
Jason A. Donenfeld
bc9494f8b6
wg: stricter userspace ipc parsing
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-08-02 21:09:22 +02:00
Jason A. Donenfeld
1019175179
contrib: move Android tools to wireguard-android repo
...
https: //git.zx2c4.com/wireguard-android/
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-08-01 23:22:41 +02:00
Jason A. Donenfeld
a9d19159a9
android: fix readme
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-07-26 04:10:33 +02:00
Jason A. Donenfeld
6b27d0d0f0
wg-quick: add explicit support for common DNS usage
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-07-26 03:38:09 +02:00
Jason A. Donenfeld
41e50edbe5
wg-quick: do not use grep
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-07-24 23:22:10 +02:00
Jason A. Donenfeld
11204afd6f
wg-quick: do not set explicit src route for v6 default route
...
This was only required because clueless network operators were trying to
route fec0::/10 globally, when that range doesn't actually have global
scope. Now that we understand the cause was operator error, we revert
the change here, so that the routing table is kept consistent.
This reverts commit 64e47de870a2f0575b5564a70e5680b48ab83ff9.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-07-24 23:19:38 +02:00
Jason A. Donenfeld
91fb17a014
android: add port of wg-quick
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-07-24 23:19:38 +02:00
Jason A. Donenfeld
077dac0514
wg-quick: usage typos
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-07-20 06:48:57 +02:00
Jason A. Donenfeld
aad91ae679
global: wireguard.io --> wireguard.com
...
Due to concerns with the .io TLD, we are switching to using
wireguard.com instead.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-07-20 03:37:39 +02:00
Samuel Holland
28f373e9cd
gitignore: ignore split DWARF debug info
...
Signed-off-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-07-03 23:06:27 +02:00
Jason A. Donenfeld
e22155a3b7
wg: remove double include in ipc
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-29 14:34:27 +02:00
Jason A. Donenfeld
d3ebbaccab
wg-quick: use printf -v instead of namerefs for bash 4.2
...
I'm not happy about this.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-28 05:28:54 +02:00
Jason A. Donenfeld
cf4b3ebd08
wg-quick: properly match IPv6 endpoint
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-24 02:06:26 +02:00
Jason A. Donenfeld
e7fd4cfd3f
haskell: re-add updated haskell example
...
Code-from: John Galt <jgalt@centromere.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-24 02:06:26 +02:00
Jason A. Donenfeld
f90f8f33a7
wg: use proper __linux__ ifdef
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-12 17:02:12 +02:00
Jason A. Donenfeld
eaa64b198b
wg-quick: match ipv6 default route more broadly
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-12 00:20:31 +02:00
Jason A. Donenfeld
1b5234f3d5
wg-quick: make sure we have empty table for both v6 and v4
...
Otherwise, we wind up not doing the right thing in the v6-only case, or
doing something totally borked when v4 and v6 are filled unevenly.
Reported-by: Roelf Wichertjes <contact@roelf.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-11 23:39:17 +02:00
Jason A. Donenfeld
fbf715ea45
external-tests: trim the fat
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-09 02:56:08 +02:00
Jason A. Donenfeld
bdbb6298a0
go test: use x/crypto for blake2s now that we have 128-bit mac
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-08 04:24:13 +02:00
Jason A. Donenfeld
9fbd187288
go test: correct tai64n and formatting
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-01 22:58:38 +02:00
Jason A. Donenfeld
19c89f3c3a
external-tests: add keepalive packet
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-01 18:45:20 +02:00
Jason A. Donenfeld
a1e931f9dc
go test: properly pad message
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-01 06:31:26 +02:00
Jason A. Donenfeld
32afe0e220
wg: allow creating device with no peers
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-31 05:35:34 +02:00
Jason A. Donenfeld
8d8ea7a4fb
rust test: add icmp ping
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-30 18:07:28 +02:00
Jake McGinty
2d8abfd5a0
rust test: convert screech test to snow
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-30 18:07:28 +02:00
Jason A. Donenfeld
f65fba7dd8
man: update wg-quick(8) to show Debian resolvconf braindamage
...
While OpenResolv supports explicit ordering directives such as `-m` and
exclusivity directives such as `-x`, Debian's own resolvconf supports
none of this, instead using a hard coded list of interface name
templates for determining ordering. While trying to emulate `-x` is
difficult [*], we can at least try to mostly emulate `-m 0` by
masquerading as a `tun*` interface to resolvconf. Ugly, but it works.
[*] One heavy handed way of emulating `-x` would be something like:
# echo nameserver 8.8.8.8 > /etc/resolv.conf.wg0-exclusive
# mount --bind -o ro /etc/resolv.conf.wg0-exclusive /etc/resolv.conf
# rm -f /etc/resolv.conf.wg0-exclusive
This in practice works quite well, but is a bit heavy to put in a man
page. It also doesn't "stack" well. For example, if we simply run
`umount /etc/resolv.conf`, how do we know which resolv.conf entry we're
unmounting?
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-30 18:07:28 +02:00
Jason A. Donenfeld
682b15cb5e
wg-quick: use src routing for default routes in v6
...
Otherwise, traffic is sent with the IP address of a different interface,
and then packets don't actually get delivered.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-18 14:41:34 +02:00
Jason A. Donenfeld
641b479b44
man: fix psk mention in wg-quick man page
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-18 14:41:24 +02:00
Jason A. Donenfeld
3a7be3fac5
wg: opt-in globally to GNU-isms to keep the BSDs happy
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-17 18:34:23 +02:00
Jason A. Donenfeld
945fae0c7c
wg: support text-based ipc
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-17 18:13:14 +02:00
Jason A. Donenfeld
c3b2dbcdb0
wg: check for proto error on set too
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-17 18:07:42 +02:00
Jason A. Donenfeld
067ebe2cb9
wg: stricter key file reading
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-17 18:07:42 +02:00
Jason A. Donenfeld
fabb6eca2b
noise: redesign preshared key mode
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-17 18:07:42 +02:00
Jason A. Donenfeld
13db708a0f
wg-quick: auto MTU discovery
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-17 18:07:42 +02:00
Jason A. Donenfeld
83223f8e4c
wg: retry name resolution on temporary failure
...
This should solve many problems at init time.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-17 18:07:42 +02:00
Jason A. Donenfeld
c98c415bd1
wg: no hyphen in preshared, to keep uniformity
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-04-20 22:53:00 +02:00
Jason A. Donenfeld
5fab6f18d5
wg: argc is always 1
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-04-19 18:26:32 +02:00
Jason A. Donenfeld
6a967c63a7
wg: check for malloc failure
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-04-19 18:26:32 +02:00
Jason A. Donenfeld
755217bd85
wg: side channel resistant base64
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-04-19 18:26:32 +02:00
Jason A. Donenfeld
d42dd68add
wg: do not use addrconfig with port in gai
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-28 10:46:31 +02:00
Jason A. Donenfeld
6d20c647d0
uapi: add version magic
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-24 04:44:27 +01:00
Jason A. Donenfeld
a8803c17a7
wg-quick: various cleanups
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-24 04:44:27 +01:00