Commit graph

374 commits

Author SHA1 Message Date
Jason A. Donenfeld
ce55f857ff wg-quick: look up existing routes properly
This was never really correct, and then 5.1 broke it entirely.

Reported-by: piraty1@inbox.ru
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-29 01:23:24 +02:00
Jason A. Donenfeld
c2355e00aa wg-quick: make darwin and freebsd path search strict like linux
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-04-23 20:12:54 +09:00
Jason A. Donenfeld
090639ae90 wg-quick: freebsd: workaround SIOCGIFSTATUS race in FreeBSD kernel
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-04-23 20:12:54 +09:00
Luis Ressel
4471ee711c wg: avoid unneccessary next_peer assignments in sort_peers()
Signed-off-by: Luis Ressel <aranea@aixah.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-03-23 12:50:52 +01:00
Luis Ressel
cdb687cc0b wg-quick: add 'strip' subcommand
`wg-quick strip` prints the config file to stdout after stripping it of
all wg-quick-specific options.

This enables tricks such as `wg addconf $DEV <(wg-quick strip $DEV)`.

Signed-off-by: Luis Ressel <aranea@aixah.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-03-23 12:49:48 +01:00
Luis Ressel
84cf22da0d wg: warn if an AllowedIP has a nonzero host part
Signed-off-by: Luis Ressel <aranea@aixah.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-03-23 12:49:41 +01:00
Jason A. Donenfeld
7c20ac5ce2 wg-quick: freebsd: export TMPDIR when restoring and don't make empty
Otherwise mktemp doesn't see it, and if it's empty we wind up in /.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-03-18 14:50:36 -06:00
Alexander von Gluck IV
fc719b7d7e wg: add support for Haiku
Signed-off-by: Alexander von Gluck IV <kallisti5@unixzen.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-28 23:54:25 +01:00
Jason A. Donenfeld
74a6f97b7a wg: genkey: account for short reads of /dev/urandom
Apparently Haiku has a misbehaving /dev/urandom.

While we're at it, simplify the function signature to completely succeed
or completely fail and make sure the caller checks the result.

Reported-by: Alexander von Gluck IV <kallisti5@unixzen.com>
Nitpicked-by: Aaron Jones <aaronmdjones@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-28 23:53:00 +01:00
Jason A. Donenfeld
2c6cabd73d wg-quick: freebsd: rebreak interface loopback, while fixing localhost
The commit 7c833642 ("wg-quick: freebsd: allow loopback to work") was
supposed to make things better, but actually it just started sending
legitimate localhost traffic over the WireGuard interface, which is
really quite bad.

This reverts commit 7c833642dfa342218602ab18e7091e86408d2982.

Reported-by: Matt Smith <matt.xtaz@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-28 21:25:49 +01:00
Jason A. Donenfeld
86e0c306b8 wg: c_acc doesn't need to be initialized
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-08 02:32:15 +01:00
Jason A. Donenfeld
8ba5498590 wg: fight compiler slightly harder
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-05 01:00:52 +01:00
Jason A. Donenfeld
17281d9369 noise: store clamped key instead of raw key
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-03 21:51:18 +01:00
Jason A. Donenfeld
1e58a0525e highlighter: when subtracting char, cast to unsigned
Windows.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-31 02:03:10 +01:00
Jason A. Donenfeld
4bc6ef0089 systemd: wg-quick should depend on nss-lookup.target
Since wg-quick(8) calls wg(8) which does hostname lookups, we should
probably only run this after we're allowed to look up hostnames.

Reported-by: Anton Castelli <anton.c42@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-30 18:53:37 +01:00
Jason A. Donenfeld
643a002603 wg: remove unused check phony declaration
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-24 18:14:38 +01:00
Jason A. Donenfeld
3f7a31faea wg-quick: freebsd: allow loopback to work
FreeBSD adds a route for point-to-point destination addresses. We don't
really want to specify any destination address, but unfortunately we
have to. Before we tried to cheat by giving our own address as the
destination, but this had the unfortunate effect of preventing
loopback from working on our local ip address. We work around this with
yet another kludge: we set the destination address to 127.0.0.1. Since
127.0.0.1 is already assigned to an interface, this has the same effect
of not specifying a destination address, and therefore we accomplish the
intended behavior.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-24 03:28:54 +01:00
Jason A. Donenfeld
a6e4ec487d netlink: use __kernel_timespec for handshake time
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-23 14:29:44 +01:00
Jason A. Donenfeld
ee88038986 contrib: introduce simple highlighter library
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-23 14:29:44 +01:00
Jason A. Donenfeld
777fe674c4 global: normalize -> clamp
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-23 14:29:44 +01:00
Jason A. Donenfeld
3ac679e7a1 keygen-html: bring back pure javascript implementation
This reverts commit 9d5baf7d1d14ca7eb0852b41566330259229d489.

Benoît Viguier has proofs that values will stay well within 2^53. We
also have an improved carry function that's much simpler.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-23 14:29:44 +01:00
Jason A. Donenfeld
04f3a4f537 Kconfig: IPsec isn't IPSec
Reported-by: Raf Czlonka <rczlonka@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-23 14:29:44 +01:00
Jason A. Donenfeld
b8e89f3a09 global: update copyright
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-07 19:26:10 -05:00
Jason A. Donenfeld
53f9023e7e wg: curve25519: handle unaligned loads/stores safely
Reported-by: Chris Hewitt <chris@chrishewitt.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-20 18:32:40 +01:00
Jason A. Donenfeld
89662178c6 makefile: use immediate expansion and use correct template patterns
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-18 14:41:48 +01:00
Aaron Jones
48a31572f1 wg-quick: bring interface up while setting MTU
This avoids another ip(8) invocation for little benefit.
Confirmed to work with iproute2 and busybox.

Signed-off-by: Aaron Jones <aaronmdjones@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-18 14:41:27 +01:00
Jason A. Donenfeld
586b466394 embeddable-wg-library: do not warn on unrecognized netlink attributes
This is a follow up of bcf8684c9ec90fe0d283a67d1654d05fb3eae019.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-07 06:07:35 +01:00
Jason A. Donenfeld
4de77e0646 global: various formatting tweeks
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-11-13 00:34:16 -08:00
Jason A. Donenfeld
7e106d3a4c wg-quick: android: do not choke on empty allowed-ips
Reported-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-11-11 22:15:01 -05:00
Jason A. Donenfeld
1aa8364b17 keygen-html: add missing glue macro
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-11-06 03:30:06 +01:00
Jason A. Donenfeld
d9f06cbced wg.8: AllowedIPs isn't actually required
An empty allowed IPs is totally valid, for folks wishing to move IP
addresses between multiple peers atomically.

Suggested-by: Comex <comexk@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-19 03:35:25 +02:00
Jason A. Donenfeld
b37a1f46ae wg.8: specify that wg(8) shows runtime info too
Suggested-by: Comex <comexk@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-19 03:33:53 +02:00
Jason A. Donenfeld
4410c87c39 wg-quick: wait for interface to disappear on freebsd
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-13 01:55:31 +02:00
Jason A. Donenfeld
599b84fbd1 wg: don't fail if a netlink interface dump is inconsistent
Netlink returns NLM_F_DUMP_INTR if the set of all tunnels changed
during the dump. That's unfortunate, but is pretty common on busy
systems that are adding and removing tunnels all the time. Rather
than retrying, potentially indefinitely, we just work with the
partial results.

Reported-by: Robert Gerus <ar@is-a.cat>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-13 01:55:31 +02:00
Jason A. Donenfeld
9b1394b2dc wg: compile on gnu99
We don't actually use any C11 features, so we can at least compile with
ancient gcc.

Reported-by: Aaron M. D. Jones <aaronmdjones@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-09 15:23:42 +02:00
Jason A. Donenfeld
c1ca487f63 wg: use libc's endianness macro if no compiler macro
This lets us be compiled with ancient gcc.

Reported-by: Jeff Brandt <jeff@jeffcolo.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-09 15:21:27 +02:00
Jason A. Donenfeld
846d2514c5 global: rename struct wireguard_ to struct wg_
This required a bit of pruning of our christmas trees.

Suggested-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-08 03:38:12 +02:00
Jason A. Donenfeld
54569b7999 netlink: do not stuff index into nla type
It's not used for anything, and LKML doesn't like the type being used as
an index value.

Suggested-by: Eugene Syromiatnikov <esyr@redhat.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-08 03:14:52 +02:00
Jason A. Donenfeld
6790b07868 crypto: clean up remaining .h->.c
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-07 16:35:54 +02:00
Jason A. Donenfeld
09c7ab77e9 wg-quick.8: add policy routing example
Suggested-by: Toke Høiland-Jørgensen <toke@toke.dk>
Suggested-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-05 19:20:52 +02:00
Jason A. Donenfeld
646d7a5c78 crypto: make constant naming scheme consistent
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-25 03:01:21 +02:00
Jason A. Donenfeld
cef7ac9ef9 global: put SPDX identifier on its own line
The kernel has very specific rules correlating file type with comment
type, and also SPDX identifiers can't be merged with other comments.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-20 19:41:22 +02:00
Jason A. Donenfeld
17546fcd75 global: prefer sizeof(*pointer) when possible
Suggested-by: Sultan Alsawaf <sultanxda@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-04 11:08:29 -06:00
Jason A. Donenfeld
4d59d1f2c5 crypto: import zinc
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-03 23:52:11 -06:00
Jason A. Donenfeld
407b0cb311 wg: ipc: do not warn on unrecognized netlink attributes
It makes extending things more difficult.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-02 23:59:44 -06:00
Jason A. Donenfeld
66054f3638 crypto: use unaligned helpers
This is not useful for WireGuard, but for the general use case we
probably want it this way, and the speed difference is mostly lost in
the noise.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-08-28 23:20:13 -06:00
Jason A. Donenfeld
b2ec7892c8 wg-quick: check correct variable for route deduplication
Reported-by: John Sager <john@sager.me.uk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-08-21 15:42:17 -07:00
Jason A. Donenfeld
ffcc09358e wg-quick: darwin: prefer system paths for tools
The only things wg-quick(8) needs from Homebrew are bash(1) and wg(8).
Other than that, it's explicitly coded against the native system
utilities. Since wg-quick(8) and bash(1) are invoked in auto_su by their
full absolute path (via $SELF and $BASH, respectively), we can simply
set the $PATH to be prefixed by the default system binary paths. This
way, if users install tools that conflict with system tools -- such as
GNU coreutils -- we won't accidently call those.

Reported-by: Deirdre Connolly <durumcrustulum@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-08-12 00:28:28 -07:00
Jason A. Donenfeld
544d965d5f wg-quick: android: remove compat code
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-24 18:15:17 +02:00
Jason A. Donenfeld
f621f36800 wg-quick: android: allow package to be overridden
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-24 18:15:17 +02:00