Commit graph

260 commits

Author SHA1 Message Date
Jason A. Donenfeld
8774fccff3 wg: try again if dump is interrupted
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-08 16:24:37 +02:00
Jason A. Donenfeld
38ac0ff08e Makefile: clang now builds the kernel, so use scan-build
Also add little stub for coccinelle and clean up semicolon issue it
found.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-05 22:21:53 +02:00
Jason A. Donenfeld
e95fcccb4d Makefile: add non-verbose mode to tools
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-03 22:52:06 +02:00
Jason A. Donenfeld
a99b64e5a4 global: satisfy bitshift pedantry
Suggested-by: Sultan Alsawaf <sultanxda@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-03 06:20:48 +02:00
Jason A. Donenfeld
91416b0caf wg: compile on non-Linux
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-02 13:05:35 +02:00
Jason A. Donenfeld
573bd7f303 wg: simmer down silly compilers
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-02 03:44:06 +02:00
Jason A. Donenfeld
53e5b4fa89 wg: do not warn on unrecognized items
Upstream advice is to simply be silent.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-02 02:51:57 +02:00
Jason A. Donenfeld
83caaa7a96 wg-quick: check permissions of parent directory
Also prefix octal 0, in case these files are actually of modes that
don't start with 0 by accident (such as SUID or sticky bit).

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-02 02:45:53 +02:00
Jason A. Donenfeld
cbd2b0531f wg-quick: verify wireguard interface in more clever way
This helps with old Debian which has ancient iproute2, as well as paving
the path toward this script supporting userspace implementations.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-02 02:45:53 +02:00
Jason A. Donenfeld
a566bde126 wg-quick: anchor sysctl regex to start and end
This doesn't actually fix a real problem, but it is more correct than
not having it.

Suggested-by: Aaron Sigel <aaron@vtty.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-02 02:45:53 +02:00
Jason A. Donenfeld
5b65f87e9f netlink: switch from ioctl to netlink for configuration
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-02 02:45:53 +02:00
Jason A. Donenfeld
9a0790b50a wg: uapi: only make sure socket file is socket
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-09-26 15:04:07 +02:00
Jason A. Donenfeld
9ef84af8c0 wg: use key_is_zero for comparing to zeros
Maybe an attacker on the system could use the infoleak in /proc to gauge
how long a wg(8) process takes to complete and determine the number of
leading zeros. This is somewhat ridiculous, but it's possible somebody
somewhere might at somepoint care in the future, so alright.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-09-24 23:10:15 +02:00
Jason A. Donenfeld
92feabdd17 wg-quick: only bash complete existing interfaces for down
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-09-06 20:51:41 +02:00
Jason A. Donenfeld
34337b0906 wg: fix removal of psk
This is an attribute of the peer, not the device.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-08-23 12:51:52 -06:00
Jason A. Donenfeld
bc9494f8b6 wg: stricter userspace ipc parsing
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-08-02 21:09:22 +02:00
Jason A. Donenfeld
6b27d0d0f0 wg-quick: add explicit support for common DNS usage
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-07-26 03:38:09 +02:00
Jason A. Donenfeld
41e50edbe5 wg-quick: do not use grep
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-07-24 23:22:10 +02:00
Jason A. Donenfeld
11204afd6f wg-quick: do not set explicit src route for v6 default route
This was only required because clueless network operators were trying to
route fec0::/10 globally, when that range doesn't actually have global
scope. Now that we understand the cause was operator error, we revert
the change here, so that the routing table is kept consistent.

This reverts commit 64e47de870a2f0575b5564a70e5680b48ab83ff9.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-07-24 23:19:38 +02:00
Jason A. Donenfeld
077dac0514 wg-quick: usage typos
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-07-20 06:48:57 +02:00
Jason A. Donenfeld
aad91ae679 global: wireguard.io --> wireguard.com
Due to concerns with the .io TLD, we are switching to using
wireguard.com instead.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-07-20 03:37:39 +02:00
Jason A. Donenfeld
e22155a3b7 wg: remove double include in ipc
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-29 14:34:27 +02:00
Jason A. Donenfeld
d3ebbaccab wg-quick: use printf -v instead of namerefs for bash 4.2
I'm not happy about this.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-28 05:28:54 +02:00
Jason A. Donenfeld
cf4b3ebd08 wg-quick: properly match IPv6 endpoint
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-24 02:06:26 +02:00
Jason A. Donenfeld
f90f8f33a7 wg: use proper __linux__ ifdef
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-12 17:02:12 +02:00
Jason A. Donenfeld
eaa64b198b wg-quick: match ipv6 default route more broadly
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-12 00:20:31 +02:00
Jason A. Donenfeld
1b5234f3d5 wg-quick: make sure we have empty table for both v6 and v4
Otherwise, we wind up not doing the right thing in the v6-only case, or
doing something totally borked when v4 and v6 are filled unevenly.

Reported-by: Roelf Wichertjes <contact@roelf.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-11 23:39:17 +02:00
Jason A. Donenfeld
32afe0e220 wg: allow creating device with no peers
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-31 05:35:34 +02:00
Jason A. Donenfeld
f65fba7dd8 man: update wg-quick(8) to show Debian resolvconf braindamage
While OpenResolv supports explicit ordering directives such as `-m` and
exclusivity directives such as `-x`, Debian's own resolvconf supports
none of this, instead using a hard coded list of interface name
templates for determining ordering. While trying to emulate `-x` is
difficult [*], we can at least try to mostly emulate `-m 0` by
masquerading as a `tun*` interface to resolvconf. Ugly, but it works.

[*] One heavy handed way of emulating `-x` would be something like:

   # echo nameserver 8.8.8.8 > /etc/resolv.conf.wg0-exclusive
   # mount --bind -o ro /etc/resolv.conf.wg0-exclusive /etc/resolv.conf
   # rm -f /etc/resolv.conf.wg0-exclusive

This in practice works quite well, but is a bit heavy to put in a man
page. It also doesn't "stack" well. For example, if we simply run
`umount /etc/resolv.conf`, how do we know which resolv.conf entry we're
unmounting?

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-30 18:07:28 +02:00
Jason A. Donenfeld
682b15cb5e wg-quick: use src routing for default routes in v6
Otherwise, traffic is sent with the IP address of a different interface,
and then packets don't actually get delivered.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-18 14:41:34 +02:00
Jason A. Donenfeld
641b479b44 man: fix psk mention in wg-quick man page
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-18 14:41:24 +02:00
Jason A. Donenfeld
3a7be3fac5 wg: opt-in globally to GNU-isms to keep the BSDs happy
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-17 18:34:23 +02:00
Jason A. Donenfeld
945fae0c7c wg: support text-based ipc
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-17 18:13:14 +02:00
Jason A. Donenfeld
c3b2dbcdb0 wg: check for proto error on set too
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-17 18:07:42 +02:00
Jason A. Donenfeld
067ebe2cb9 wg: stricter key file reading
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-17 18:07:42 +02:00
Jason A. Donenfeld
fabb6eca2b noise: redesign preshared key mode
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-17 18:07:42 +02:00
Jason A. Donenfeld
13db708a0f wg-quick: auto MTU discovery
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-17 18:07:42 +02:00
Jason A. Donenfeld
83223f8e4c wg: retry name resolution on temporary failure
This should solve many problems at init time.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-17 18:07:42 +02:00
Jason A. Donenfeld
c98c415bd1 wg: no hyphen in preshared, to keep uniformity
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-04-20 22:53:00 +02:00
Jason A. Donenfeld
5fab6f18d5 wg: argc is always 1
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-04-19 18:26:32 +02:00
Jason A. Donenfeld
6a967c63a7 wg: check for malloc failure
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-04-19 18:26:32 +02:00
Jason A. Donenfeld
755217bd85 wg: side channel resistant base64
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-04-19 18:26:32 +02:00
Jason A. Donenfeld
d42dd68add wg: do not use addrconfig with port in gai
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-28 10:46:31 +02:00
Jason A. Donenfeld
6d20c647d0 uapi: add version magic
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-24 04:44:27 +01:00
Jason A. Donenfeld
a8803c17a7 wg-quick: various cleanups
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-24 04:44:27 +01:00
Jason A. Donenfeld
3067b59798 wg: document # comments in wg(8) man page
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-24 04:44:27 +01:00
Pim van Pelt
ef66ea99e4 wg-quick: support old ip(8)
Old versions of ip(8) do not accept arguments to `ip rule show.` This
patch works around that limitation.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-19 15:34:46 +01:00
Jason A. Donenfeld
aefa5e8edc wg: fix bash completion spaces
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-23 07:09:49 +01:00
Jason A. Donenfeld
bda4b8c60b wg: add wg show [interface] dump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-23 07:09:49 +01:00
Jason A. Donenfeld
d4edc7baa8 wg: give "off" value for fwmark
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-23 07:09:49 +01:00
Jason A. Donenfeld
a9bcd0d401 wg-quick: allow config files without trailing newline
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-23 07:09:49 +01:00
Jason A. Donenfeld
6448d5557c wg-quick: unquote fwmark for bash 4.3
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-14 11:41:56 +01:00
Jason A. Donenfeld
f60ceb76e6 wg-quick: set LC_ALL for consistent regex
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-13 21:55:18 +01:00
Jason A. Donenfeld
c8472e2dab socket: enable setting of fwmark
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-13 21:55:18 +01:00
Jason A. Donenfeld
ef29165cde socket: general ephemeral ports instead of name-based ports
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-13 21:55:17 +01:00
Jason A. Donenfeld
cf2cb85a08 wg-quick: support v6 dual stack
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-13 21:55:17 +01:00
Jason A. Donenfeld
3606898d23 wg: remove key for any empty file
Rather than just using /dev/null to mean key removal, match on any empty
file, so that this interface is cross platform.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-07 12:21:22 +01:00
Jason A. Donenfeld
666623a82e wg: setconf should remove existing psk
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-07 12:21:22 +01:00
Jason A. Donenfeld
4586e14749 wg-quick: recommend using resolvconf in exclusive mode
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-19 00:07:31 +01:00
Jason A. Donenfeld
db4f06d118 wg: man: recommend correct port
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-15 22:22:45 +01:00
Jason A. Donenfeld
1d20912898 wg-quick: parse IPv6 endpoints correctly
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-15 13:01:06 +01:00
Jason A. Donenfeld
035a649641 wg-quick: better removal of suppress_prefix rule
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-11 00:29:58 +01:00
Jason A. Donenfeld
396dc76a04 Update copyright
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-10 06:36:19 +01:00
Jason A. Donenfeld
f43b43376b uapi: use sockaddr union instead of sockaddr_storage
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-10 06:29:24 +01:00
Jason A. Donenfeld
48f7c3522a uapi: use flag instead of C bitfield for portability
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-10 05:36:43 +01:00
Jason A. Donenfeld
12904a1095 wg: ipc: read from socket incrementally
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-10 05:36:43 +01:00
Jason A. Donenfeld
e92e0dca14 wg: error on short ret reads
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-10 05:36:43 +01:00
Jason A. Donenfeld
16060516bb wg-quick: enforce good permissions
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-09 00:22:21 +01:00
Jason A. Donenfeld
bf5d24eca4 wg: add installation note for distros
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-05 19:41:23 +01:00
Christian Hesse
d2f244b136 wg: remove DESTDIR for autodetection
DESTDIR is always empty, no need to check anything there. Check the main
system instead.

Signed-off-by: Christian Hesse <mail@eworm.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-05 02:30:20 +01:00
Jason A. Donenfeld
6b940830e9 wg: add systemd unit and auto-detection
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-05 02:30:20 +01:00
Jason A. Donenfeld
7c202eb5fc wg: add makefile instructions
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-05 02:30:20 +01:00
Jason A. Donenfeld
e975597e72 wg: add wg-quick
This is based on wg-config, but is even easier to use, and now makes
our full tools suite.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-05 02:30:20 +01:00
Jason A. Donenfeld
bf158a73fe wg: add bash completion for wg(8)
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-04 07:15:11 +01:00
Jason A. Donenfeld
ae82dcfed3 wg: syscall.h should actually be sys/syscall.h
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-12-30 17:53:05 +01:00
Tomasz Torcz
f3a1f15186 wg: rename 'bandwidth' to 'transfer' in output
'bandwidth' is a measure of speed, but wg's output shows only the
number of bytes transferred. Thus 'transfer' is a better label.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-12-23 22:22:08 +01:00
Jason A. Donenfeld
a488f1b084 wg: do not use AI_ADDRCONFIG
Some people run wg(8) using hard coded v6 addresses before interfaces
have v6 addresses, causing getaddrinfo to fail. Since AI_ADDRCONFIG
doesn't actualy change the sorting, but just the queries made, we don't
really need AI_ADDRCONFIG anyway, since we're always only taking the
first result.

Reported-by: Benedikt Morbach <benedikt.morbach@googlemail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-12-23 21:09:23 +01:00
Jason A. Donenfeld
b5415c0b65 wg: allowed-ips is easier to parse with spaces instead of ", "
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-12-23 21:09:23 +01:00
Jason A. Donenfeld
187bf98339 wg: fix latest-handshake typo in documentation
Reported-by: Dan Lüdtke <mail@danrl.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-12-16 06:35:58 +01:00
Jason A. Donenfeld
9707e5d6af wg: warn about clock going backward
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-29 20:56:41 +01:00
Jason A. Donenfeld
16a6972bb6 headers: cleanup notices
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-21 01:00:07 +01:00
Jason A. Donenfeld
3338bb11e8 wg: chill modern gcc out
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-05 21:45:12 +01:00
Jason A. Donenfeld
ff52c3e3a4 qemu: move build outside of kernel dir to avoid kernel's make clean
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-05 13:22:55 +01:00
Jason A. Donenfeld
a97901e4fd wg: abstract pkg-config to PKG_CONFIG
Distros like Exherbo have multitarget setups with toolnames prefixed by
the arch.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-02 11:50:52 +01:00
Jason A. Donenfeld
971c792ba9 wg: everybody hates automatic stripping
I happen to like it, but package managers don't. The GNU standard [1]
says there should be a separate install-strip target. I don't like
duplicating code like that. So, instead, I'll just remove stripping all
together.

[1] https://www.gnu.org/prep/standards/html_node/Standard-Targets.html

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-02 11:49:07 +01:00
Jason A. Donenfeld
967ea8c712 wg: allow multiple AllowedIPs invocations
It turns out this is a somewhat natural thing to do in config files.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-08-30 04:35:51 +02:00
Jason A. Donenfeld
822ae991d8 persistent-keepalive: change range to [1,65535]
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-08-08 14:05:37 +02:00
Jason A. Donenfeld
e938263886 wg: use correct headers in ipc
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-08-02 02:55:43 +02:00
Jason A. Donenfeld
db69cc7119 wg: do not show private keys in pretty output
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-08-02 02:55:43 +02:00
Jason A. Donenfeld
1b9a83c852 c: specify static array size in function params
The C standard states:

  A declaration of a parameter as ``array of type'' shall be adjusted to ``qualified pointer to
  type'', where the type qualifiers (if any) are those specified within the [ and ] of the
  array type derivation. If the keyword static also appears within the [ and ] of the
  array type derivation, then for each call to the function, the value of the corresponding
  actual argument shall provide access to the first element of an array with at least as many
  elements as specified by the size expression.

By changing void func(int array[4]) to void func(int array[static 4]),
we automatically get the compiler checking argument sizes for us, which
is quite nice.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-08-02 02:55:42 +02:00
Jason A. Donenfeld
d6b3bc6948 wg: use stream instead of seqpacket
To support OS X and Windows, we have to. Ugh.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-07-22 21:08:25 +02:00
Jason A. Donenfeld
ec890556e4 wg: Use seqpacket instead of dgram
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-07-22 20:30:34 +02:00
Jason A. Donenfeld
f304bc3199 wg: add -MP to makefile
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-07-22 14:58:30 +02:00
Jason A. Donenfeld
fc72510937 wg: add default cflag
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-07-21 16:38:56 +02:00
Jason A. Donenfeld
a8baff2ab3 wg: propagate set errno
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-07-21 13:33:20 +02:00
Jason A. Donenfeld
a773a23c75 wg: abstract sockets are dangerous
They have no permissions, so we're probably better off just creating a
socket file with the umask set, as we do in BSD.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-07-21 12:28:37 +02:00
Jason A. Donenfeld
b318e81cd0 wg: rename kernel to ipc
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-07-21 11:26:52 +02:00
Jason A. Donenfeld
9889b42788 wg: support horrible freebsd/osx/unix semantics
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-07-21 11:26:52 +02:00
Jason A. Donenfeld
b16641e30c wg: first additions of userspace integration
This is designed to work with a server that follows this:

  struct sockaddr_un addr = {
      .sun_family = AF_UNIX,
      .sun_path = "/var/run/wireguard/wguserspace0.sock"
  };
  int fd, ret;
  ssize_t len;
  socklen_t socklen;
  struct wgdevice *device;

  fd = socket(AF_UNIX, SOCK_DGRAM, 0);
  if (fd < 0)
      exit(1);
  if (bind(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0)
      exit(1);

  for (;;) {
      /* First we look at how big the next message is, so we know how much to
       * allocate. Note on BSD you can instead use ioctl(fd, FIONREAD, &len). */
      len = recv(fd, NULL, 0, MSG_PEEK | MSG_TRUNC);
      if (len < 0) {
          handle_error();
          continue;
      }
      /* Next we allocate a buffer for the received data. */
      device = NULL;
      if (len) {
          device = malloc(len);
          if (!device) {
              handle_error();
              continue;
          }
      }
      /* Finally we receive the data, storing too the return address. */
      socklen = sizeof(addr);
      len = recvfrom(fd, device, len, 0, (struct sockaddr *)&addr, (socklen_t *)&socklen);
      if (len < 0) {
          handle_error();
          free(device);
          continue;
      }
      if (!len) { /* If len is zero, it's a "get" request, so we send our device back. */
          device = get_current_wireguard_device(&len);
          sendto(fd, device, len, 0, (struct sockaddr *)&addr, socklen);
      } else { /* Otherwise, we just received a wgdevice, so we should "set" and send back the return status. */
          ret = set_current_wireguard_device(device);
          sendto(fd, &ret, sizeof(ret), 0, (struct sockaddr *)&addr, socklen);
          free(device);
      }
  }

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-07-20 22:04:56 +02:00
Jason A. Donenfeld
fd14807259 wg: fix numbering in man page
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-07-16 04:13:55 +02:00
Jason A. Donenfeld
46a6bf3a52 persistent keepalive: use authenticated keepalives
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-07-10 03:46:56 +02:00
Jason A. Donenfeld
d81cafde7f persistent keepalive: documentation
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-07-08 02:52:41 +02:00
Jason A. Donenfeld
fc743caf3b persistent keepalive: add userspace support
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-07-08 02:43:33 +02:00
Jason A. Donenfeld
7887d8024c wg: use pkg-config in Makefile
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-07-06 23:51:00 +02:00
Jason A. Donenfeld
be4f3cd7c2 wg: always fallback to /dev/urandom
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-07-03 20:45:48 +02:00
Jason A. Donenfeld
742f038fc2 wg: improve error reporting and detection
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-07-03 20:45:48 +02:00
Jason A. Donenfeld
1a64438b21 contrib: remove extraneous cruft
We don't want people packaging these or even using these scripts, which
are only useful for limited development circumstances, so get rid of
them. More widespread development testing techniques still exist in
src/debug.mk and src/netns.sh

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-07-01 23:40:06 +02:00
Jason A. Donenfeld
abb1128785 wg.8: wording tweaks
Suggested-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-07-01 04:08:29 +02:00
Daniel Kahn Gillmor
3970401017 Readme: use https instead of http
For the websites referenced that offer https instead of http, use
https.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-06-30 20:48:12 +02:00
Jason A. Donenfeld
8132305e54 Initial commit
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-06-25 16:48:39 +02:00