Commit graph

376 commits

Author SHA1 Message Date
Matt Dunwoodie
5c66f6ecd1 ipc: add support for openbsd kernel implementation
Signed-off-by: Matt Dunwoodie <ncon@noconroy.net>
2020-05-10 02:05:42 -06:00
Jason A. Donenfeld
b60e30e196 ipc: remove extra space
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-10 01:28:57 -06:00
Jason A. Donenfeld
7f236c7957 wg-quick: support dns search domains
If DNS= has an IP in it, treat it as a DNS server. If DNS= has a non-IP
in it, treat it as a DNS search domain.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-09 00:29:53 -06:00
Martin Hauke
238ca40591 systemd: add wg-quick.target
Add file wg-quick.target, which allows starting and stopping all
wg-quick@.service instances at once.

Signed-off-by: Martin Hauke <mardnh@gmx.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-01 15:58:59 -06:00
Jason A. Donenfeld
891fb523a2 terminal: specialize color_mode to stdout only
By specializing this to stdout, we can cache the isatty result.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-04-20 22:52:35 -06:00
Jason A. Donenfeld
e189f9942d wg-quick: android: support application whitelist
Prior we only supported a blacklist, but actually a whitelist is an
easier algorithm because that's internally how netd considers it, so we
don't need to find range spans. This commit adds an IncludedApplications
key.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-04-05 19:38:11 -06:00
Jason A. Donenfeld
dc00c8c577 Makefile: simplify silent cleaning
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-23 00:06:24 -06:00
Jason A. Donenfeld
a8063adc8a version: bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-19 16:46:35 -06:00
Jason A. Donenfeld
be969b7fe1 wincompat: use new protected prefix on Windows
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-19 16:33:14 -06:00
Jason A. Donenfeld
e98b84ab84 wincompat: use string_list instead of inflatable_buffer
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-19 16:29:27 -06:00
Luis Ressel
828ffc88cd man: add a warning to the SaveConfig description
Signed-off-by: Luis Ressel <aranea@aixah.de>
[zx2c4: slightly adjusted wording]
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-05 21:10:17 +08:00
Jason A. Donenfeld
bd4f847372 man: backlink wg-quick(8) in wg(8)
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-02-12 15:46:23 +01:00
Kai Haberzettl
6fabf9c2fb man: fix grammar in wg(8) and wg-quick(8)
This fixes a few grammatical errors.

Signed-off-by: Kai Haberzettl <khaberz@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-02-08 22:23:16 +01:00
Jason A. Donenfeld
d68b8b189c curve25519: squelch warnings on clang
These are generic helper functions we don't want to move into the actual
implementations, so that it's easy to keep parity with the kernel code.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-02-07 15:46:59 +01:00
Jason A. Donenfeld
e5b08c2849 netlink: initialize mostly unused field
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-02-06 17:20:15 +01:00
Jason A. Donenfeld
0bf1f7a3e8 version: bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-02-06 16:19:47 +01:00
Jason A. Donenfeld
0dc32bbeaf netlink: don't pretend that sysconf isn't a function
We can cache the value of this instead of evaluating every time.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-02-05 23:59:55 +01:00
Jason A. Donenfeld
ef117a91d1 netlink: remove libmnl requirement
It turns out that the binary actually gets smaller if we simply inline
the very small parts of libmnl that we need. Since we wind up needing
the mnlg bits anyway, there's little benefit in linking to libmnl.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-02-03 18:17:27 +01:00
Jason A. Donenfeld
27c885ff08 man: document dynamic debug trick for Linux
This comes up occasionally, so it may be useful to mention its
possibility in the man page. At least the Arch Linux and Ubuntu kernels
support dynamic debugging, so this advise will at least help somebody.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-31 23:17:59 +01:00
Jason A. Donenfeld
6771c4454e wg-quick: android: split uids into multiple commands
Different versions of netd have different limits on how many can be
passed at once.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reported-by: Alexey <zaranecc@bk.ru>
2020-01-31 18:56:52 +01:00
Jason A. Donenfeld
8082f7e6a8 version: bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-21 15:51:31 +01:00
Jason A. Donenfeld
3a3a56e217 Makefile: sort inputs to linker so that build is reproducible
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-21 15:51:07 +01:00
Jason A. Donenfeld
64576f9a06 netlink: make sure to clear return value when trying again
Otherwise this runs in an infinite loop if at some point a dump was
interrupted.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-11 12:16:50 -05:00
Jason A. Donenfeld
95c30bc034 fuzz: add set and setconf fuzzers
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-11 10:47:59 -05:00
Jason A. Donenfeld
f7f1e7da2c Makefile: evaluate git version lazily
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-08 17:59:58 -05:00
Jason A. Donenfeld
cdd8d8ba9f fuzz: add generic command argument fuzzer
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-04 10:47:28 -05:00
Jason A. Donenfeld
1d2d6200b8 ipc: simplify inflatable buffer and add fuzzer
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-04 15:07:10 +01:00
Jason A. Donenfeld
f59f63f462 Makefile: add standard 'all' target
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reported-by: Bruno Wolff III <bruno@wolff.to>
2020-01-03 21:22:22 +01:00
Jason A. Donenfeld
bfb31ac953 Makefile: remove pwd from compile output
We previously included $(pwd) in the compile output pretty printer,
because it matched our parent out-of-tree module build. Since we're no
longer coupled to the module, we can return to a prettier scheme of just
using the object name.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Fixes: eb68ad07 ("Makefile: even prettier output")
2020-01-03 12:36:10 +01:00
Jason A. Donenfeld
3bf1b64d44 version: bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-02 19:53:11 +01:00
Jason A. Donenfeld
d8230ea0dc global: bump copyright
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-02 19:52:25 +01:00
Jason A. Donenfeld
16e20de722 wg-quick: linux: quote ifname for nft
Otherwise nft(8) has strange ideas of what a string is.

Suggested-by: RistiCore <RistiCore@mail.ee>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-28 18:35:41 +01:00
Jason A. Donenfeld
3bfe9c41ab Makefile: rework automatic version.h mangling
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reported-by: Joe Doss <joe@solidadmin.com>
2019-12-27 18:33:55 +01:00
Jason A. Donenfeld
2d000809dd fuzz: find bugs when parsing uapi input
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-27 18:33:55 +01:00
Jason A. Donenfeld
cde6f312e4 fuzz: find bugs in the config syntax parser
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-27 18:33:55 +01:00
Devin Smith
318253d932 man: add documentation about removing explicit listen-port
Signed-off-by: Devin Smith <thundza@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-27 11:52:29 +01:00
Jason A. Donenfeld
f9f1ba795e Makefile: port static analysis check
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-26 16:54:25 +01:00
Jason A. Donenfeld
ff7e5dfe30 Makefile: DEBUG_TOOLS -> DEBUG and document
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-26 16:51:58 +01:00
Jason A. Donenfeld
7861d89b7c systemd: update documentation URL
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-26 13:59:27 +01:00
Jason A. Donenfeld
ae659490cf version: bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-26 13:59:11 +01:00
Jason A. Donenfeld
9130fa0450 Makefile: add git versioning to dev builds
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-26 13:57:58 +01:00
Jason A. Donenfeld
011bf3b9f4 README: consolidate with INSTALL and rewrite
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-26 13:10:42 +01:00
Jason A. Donenfeld
262b5196cf wg: include tools version
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-26 13:10:42 +01:00
Jason A. Donenfeld
2f74ac29cf wg: add back source formerly shared with kernel module
We used to reach back into parent directories for this, but with the
repo split, we now require our own copy.

We use -idirafter in case system headers are installed for the
wireguard.h netlink definitions.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-26 12:55:41 +01:00
Jason A. Donenfeld
6262906e5c wg-quick: linux: use already configured addresses instead of in-memory
The ADDRESSES array might not have addresses added during PreUp. But
moreover, nft(8) and iptables(8) don't like ip addresses in the form
somev6prefix::someipv4suffix, such as fd00::1.2.3.4, while ip(8) can
handle it. So by adding these first and then asking for them back, we
always get normalized addresses suitable for nft(8) and iptables(8).

Reported-by: Silvan Nagl <mail@53c70r.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-17 14:18:09 +01:00
Kai Haberzettl
64f83e6161 wg: adjust wg.8 syntax for consistency in COMMANDS section
Signed-off-by: Kai Haberzettl <khaberz@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-13 16:22:19 +01:00
Jason A. Donenfeld
6fbfa0d7bb wg-quick: linux: try both iptables(8) and nft(8) on teardown
Daniel argues that technically a package manager could install nft(8)
after previously having started wg-quick(8) using iptables(8).

Suggested-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-12 17:24:04 +01:00
Jason A. Donenfeld
45417c5c0d wg-quick: linux: support older nft(8)
Older nft(8), such as that on Ubuntu, does not accept the - parameter to
the -f argument and doesn't accept symbolic priority names. So instead
use the canonical numeric priority forms and use <(echo) instead of -.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-12 12:24:05 +01:00
Josh Soref
a863be0148 global: fix up spelling
Signed-off-by: Josh Soref <jsoref@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-12 12:24:05 +01:00
Jason A. Donenfeld
17c78d31c2 wg-quick: linux: add support for nft and prefer it
If nft(8) is installed, use it. These rules should be identical to the
iptables-restore(8) ones, with the advantage that cleanup is easy
because we use custom table names.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-12 12:24:05 +01:00
Jason A. Donenfeld
bc8bf54185 wg-quick: linux: ignore save warnings for iptables-nft
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-06 16:51:05 +01:00
Jason A. Donenfeld
8d4e4f3a86 wg-quick: linux: suppress more warnings on weird kernels
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-06 16:22:18 +01:00
Jason A. Donenfeld
3928ebb87d wg-quick: linux: some iptables don't like empty lines
Reported-by: Kenneth R. Crudup <kenny@panix.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-05 18:33:18 +01:00
Jason A. Donenfeld
9eab3487cd wg-quick: linux: iptables-* -w is not widely supported
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-05 11:48:25 +01:00
Jason A. Donenfeld
faa55d8b19 ipc: make sure userspace communication frees wgdevice
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-05 11:48:25 +01:00
Jason A. Donenfeld
207aeed010 wg-quick: linux: have remove_iptables return true
Reported-by: Thomas Sattler <sattler@med.uni-frankfurt.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-05 11:48:25 +01:00
Jason A. Donenfeld
af69113e02 wg-quick: linux: ensure postdown hooks execute
Reported-by: Thomas Sattler <sattler@med.uni-frankfurt.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-05 11:48:25 +01:00
Jason A. Donenfeld
a9abb21575 wg-quick: linux: suppress error when finding unused table
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-11-27 17:12:15 +01:00
Jason A. Donenfeld
ae374129ab wg: add syncconf command
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-11-27 14:42:34 +01:00
Jason A. Donenfeld
ebcf1ef8b1 wg-quick: linux: filter bogus injected packets and don't disable rpfilter
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-11-27 13:45:58 +01:00
Jason A. Donenfeld
a59aa6c404 wg-quick: linux: only touch net.ipv4 for v4
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-11-26 11:33:33 +01:00
Jason A. Donenfeld
cf7ec31d2d wg-quick: android: check for null in binder cleanup functions
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-10-16 14:23:27 +02:00
Nicolas Douma
792727cf64 wg-quick: android: use Binder for setting DNS on Android 10
Signed-off-by: Nicolas Douma <nicolas@serveur.io>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-10-12 16:49:52 +02:00
Jason A. Donenfeld
959937672a wg: windows: enforce named pipe ownership and use protected prefix
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-08-31 08:48:39 -06:00
Ronan Pigott
4154476d89 wg-quick: linux: don't fail down when using systemd-resolved
systemd-resolved has a compatibility interface for use with resolvconf
scripts when resolvectl is called from a symlink from resolvconf.
However, when tearing down the interface, cmd_down calls del_if and then
unset_dns. In the case of systemd-resolved, deleting the interface also
removes the systemd-resolved entry and causes resolvconf -d to fail when
resolvconf really is a symlink to resolvectl. This causes `wg-quick
down` and 'wg-quick@.service' to exit with failure.

Instead we use the resolvconf '-f' flag to ignore non-existent
interfaces, supported by both openresolv and sd-resolved resolvconf.

Signed-off-by: Ronan Pigott <rpigott@berkeley.edu>
[zx2c4: moved -f argument to end to remain compatible with Debian's resolvconf]
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-08-27 20:29:17 -06:00
Ankur Kothari
5df58a945d wg-quick: openbsd: fix alternate routing table syntax
route(8) has always used the `-T` option to specify the
routing table; there is no `rdomain` option.

Signed-off-by: Ankur Kothari <ankur@lipidity.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-08-07 10:41:26 +02:00
Jason A. Donenfeld
6a5906608c wg-quick: android: refactor and add incoming allow rules
Suggested-by: Yağmur Oymak <yagmur.oymak@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-07-08 13:48:17 +02:00
Jason A. Donenfeld
b30e74b595 wg-quick: darwin: support being called from launchd
This causes wg-quick up to wait for the monitor to exit before it exits,
so that launchd can correctly wait on it.

Reported-by: Cameron Palmer <cameron@promon.no>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-06-24 11:19:18 +02:00
Jason A. Donenfeld
15f2e2ef34 wg: pass WG_ENDPOINT_RESOLUTION_RETRIES=infinity to systemd unit
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-31 21:10:41 +02:00
Jason A. Donenfeld
838039b879 wg: add wincompat layer to wg(8)
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-31 18:30:59 +02:00
Jason A. Donenfeld
10487e7215 wg: allow setting WG_ENDPOINT_RESOLUTION_RETRIES
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-29 01:23:24 +02:00
Jason A. Donenfeld
604b5a9fa7 wg-quick: specify protocol to ip(8), because of inconsistencies
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-29 01:23:24 +02:00
Jason A. Donenfeld
ce55f857ff wg-quick: look up existing routes properly
This was never really correct, and then 5.1 broke it entirely.

Reported-by: piraty1@inbox.ru
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-29 01:23:24 +02:00
Jason A. Donenfeld
c2355e00aa wg-quick: make darwin and freebsd path search strict like linux
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-04-23 20:12:54 +09:00
Jason A. Donenfeld
090639ae90 wg-quick: freebsd: workaround SIOCGIFSTATUS race in FreeBSD kernel
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-04-23 20:12:54 +09:00
Luis Ressel
4471ee711c wg: avoid unneccessary next_peer assignments in sort_peers()
Signed-off-by: Luis Ressel <aranea@aixah.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-03-23 12:50:52 +01:00
Luis Ressel
cdb687cc0b wg-quick: add 'strip' subcommand
`wg-quick strip` prints the config file to stdout after stripping it of
all wg-quick-specific options.

This enables tricks such as `wg addconf $DEV <(wg-quick strip $DEV)`.

Signed-off-by: Luis Ressel <aranea@aixah.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-03-23 12:49:48 +01:00
Luis Ressel
84cf22da0d wg: warn if an AllowedIP has a nonzero host part
Signed-off-by: Luis Ressel <aranea@aixah.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-03-23 12:49:41 +01:00
Jason A. Donenfeld
7c20ac5ce2 wg-quick: freebsd: export TMPDIR when restoring and don't make empty
Otherwise mktemp doesn't see it, and if it's empty we wind up in /.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-03-18 14:50:36 -06:00
Alexander von Gluck IV
fc719b7d7e wg: add support for Haiku
Signed-off-by: Alexander von Gluck IV <kallisti5@unixzen.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-28 23:54:25 +01:00
Jason A. Donenfeld
74a6f97b7a wg: genkey: account for short reads of /dev/urandom
Apparently Haiku has a misbehaving /dev/urandom.

While we're at it, simplify the function signature to completely succeed
or completely fail and make sure the caller checks the result.

Reported-by: Alexander von Gluck IV <kallisti5@unixzen.com>
Nitpicked-by: Aaron Jones <aaronmdjones@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-28 23:53:00 +01:00
Jason A. Donenfeld
2c6cabd73d wg-quick: freebsd: rebreak interface loopback, while fixing localhost
The commit 7c833642 ("wg-quick: freebsd: allow loopback to work") was
supposed to make things better, but actually it just started sending
legitimate localhost traffic over the WireGuard interface, which is
really quite bad.

This reverts commit 7c833642dfa342218602ab18e7091e86408d2982.

Reported-by: Matt Smith <matt.xtaz@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-28 21:25:49 +01:00
Jason A. Donenfeld
86e0c306b8 wg: c_acc doesn't need to be initialized
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-08 02:32:15 +01:00
Jason A. Donenfeld
8ba5498590 wg: fight compiler slightly harder
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-05 01:00:52 +01:00
Jason A. Donenfeld
17281d9369 noise: store clamped key instead of raw key
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-03 21:51:18 +01:00
Jason A. Donenfeld
4bc6ef0089 systemd: wg-quick should depend on nss-lookup.target
Since wg-quick(8) calls wg(8) which does hostname lookups, we should
probably only run this after we're allowed to look up hostnames.

Reported-by: Anton Castelli <anton.c42@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-30 18:53:37 +01:00
Jason A. Donenfeld
643a002603 wg: remove unused check phony declaration
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-24 18:14:38 +01:00
Jason A. Donenfeld
3f7a31faea wg-quick: freebsd: allow loopback to work
FreeBSD adds a route for point-to-point destination addresses. We don't
really want to specify any destination address, but unfortunately we
have to. Before we tried to cheat by giving our own address as the
destination, but this had the unfortunate effect of preventing
loopback from working on our local ip address. We work around this with
yet another kludge: we set the destination address to 127.0.0.1. Since
127.0.0.1 is already assigned to an interface, this has the same effect
of not specifying a destination address, and therefore we accomplish the
intended behavior.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-24 03:28:54 +01:00
Jason A. Donenfeld
a6e4ec487d netlink: use __kernel_timespec for handshake time
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-23 14:29:44 +01:00
Jason A. Donenfeld
777fe674c4 global: normalize -> clamp
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-23 14:29:44 +01:00
Jason A. Donenfeld
b8e89f3a09 global: update copyright
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-07 19:26:10 -05:00
Jason A. Donenfeld
53f9023e7e wg: curve25519: handle unaligned loads/stores safely
Reported-by: Chris Hewitt <chris@chrishewitt.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-20 18:32:40 +01:00
Aaron Jones
48a31572f1 wg-quick: bring interface up while setting MTU
This avoids another ip(8) invocation for little benefit.
Confirmed to work with iproute2 and busybox.

Signed-off-by: Aaron Jones <aaronmdjones@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-18 14:41:27 +01:00
Jason A. Donenfeld
7e106d3a4c wg-quick: android: do not choke on empty allowed-ips
Reported-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-11-11 22:15:01 -05:00
Jason A. Donenfeld
d9f06cbced wg.8: AllowedIPs isn't actually required
An empty allowed IPs is totally valid, for folks wishing to move IP
addresses between multiple peers atomically.

Suggested-by: Comex <comexk@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-19 03:35:25 +02:00
Jason A. Donenfeld
b37a1f46ae wg.8: specify that wg(8) shows runtime info too
Suggested-by: Comex <comexk@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-19 03:33:53 +02:00
Jason A. Donenfeld
4410c87c39 wg-quick: wait for interface to disappear on freebsd
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-13 01:55:31 +02:00
Jason A. Donenfeld
599b84fbd1 wg: don't fail if a netlink interface dump is inconsistent
Netlink returns NLM_F_DUMP_INTR if the set of all tunnels changed
during the dump. That's unfortunate, but is pretty common on busy
systems that are adding and removing tunnels all the time. Rather
than retrying, potentially indefinitely, we just work with the
partial results.

Reported-by: Robert Gerus <ar@is-a.cat>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-13 01:55:31 +02:00
Jason A. Donenfeld
9b1394b2dc wg: compile on gnu99
We don't actually use any C11 features, so we can at least compile with
ancient gcc.

Reported-by: Aaron M. D. Jones <aaronmdjones@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-09 15:23:42 +02:00
Jason A. Donenfeld
c1ca487f63 wg: use libc's endianness macro if no compiler macro
This lets us be compiled with ancient gcc.

Reported-by: Jeff Brandt <jeff@jeffcolo.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-09 15:21:27 +02:00