Commit graph

449 commits

Author SHA1 Message Date
Jason A. Donenfeld
f65c82456d ipc: add wireguard-nt support
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-07-20 13:24:18 +02:00
Hangbin Liu
9a7e4364b1 contrib/launchd: fix xml syntax error
The current plist xml gets error "DOCTYPE improperly terminated" with xml
syntax checker[1]. The example in apple doc[2] also doesn't have semicolon
at the end of DOCTYPE line.

[1] https://www.w3schools.com/xml/xml_validator.asp
[2] https://opensource.apple.com/source/launchd/launchd-257/launchd/doc/HOWTO.html

Fixes: b30e74b595 ("wg-quick: darwin: support being called from launchd")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-05-17 11:43:06 +02:00
Jason A. Donenfeld
197689a3cd man: mention BSD debugging
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-05-06 12:54:29 +02:00
Jason A. Donenfeld
ecb1ea29d7 version: bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-04-24 16:43:19 -04:00
Jason A. Donenfeld
96e42feb3f wg-quick: kill route monitor when loop terminates
If the route monitor doesn't attempt to write more to stdout, then this
leaves a process hanging around. Kill it explicitly. We also switch to
using exec in the process substitution, to reduce a bash process.

Closes: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255286
Reported-by: Christos Chatzaras <chris@cretaforce.gr>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-04-20 21:36:19 -06:00
Jason A. Donenfeld
3124afbea3 wg-quick: freebsd: use ifconfig for determining if interface is up
We no longer need the arp hack, as these bugs have been fixed in the
FreeBSD kernel.

This partially reverts 090639ae90.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-04-18 20:40:02 -06:00
Jason A. Donenfeld
163cef8b90 wg-quick: freebsd: do not assume point-to-point interface flag
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-03-23 12:29:33 -06:00
Jason A. Donenfeld
a43f0b634e wg-quick: freebsd: check for socket using -S, not -f
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-03-21 10:15:53 -06:00
Jason A. Donenfeld
622408872f version: bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-03-15 08:04:02 -06:00
Jason A. Donenfeld
9c811e0f2d wg-quick: freebsd: avoid writing private keys to /tmp
FreeBSD's bash doesn't handle <(...) safely, creating a temporary file
instead of using /proc/self/fd/N like on Linux. Work around this by
using a simple pipeline with /dev/stdin.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-03-13 21:20:19 -07:00
Jason A. Donenfeld
4e4867dc95 ipc: uniformly ignore preshared keys that are zero
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-03-11 15:35:15 -07:00
Jason A. Donenfeld
f51349c52b ipc: freebsd: add initial FreeBSD support
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-03-11 15:02:07 -07:00
Jason A. Donenfeld
576e40056d wg-quick: freebsd: add kernel support
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-03-11 09:05:14 -07:00
Kyle Evans
396b85280a wireguard-tools: drag in headers for prototypes
ipc.c and terminal.c provide definitions for prototypes in their
respective headers, drag those in.

Signed-off-by: Kyle Evans <kevans@FreeBSD.org>
2021-03-10 17:35:20 -07:00
Kyle Evans
88bc64366e wireguard-tools: const correctness
Fixes much of the noise from a FreeBSD WARNS=6 build of wg(8)

Signed-off-by: Kyle Evans <kevans@FreeBSD.org>
2021-03-10 17:35:18 -07:00
Florian Eckert
957702af94 Makefile: fix version indicator
If we execute `wg --version` we get a different version string that does
not match with the version string in the openwrt makefile.

Current version string:
`wireguard-tools vreboot-13159-gac5caa2718 -https://git.zx2c4.com/wireguard-tools/`

Corrected versions string:
`wireguard-tools v1.0.20200319 -https://git.zx2c4.com/wireguard-tools/`

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-03-05 14:37:11 -07:00
Jason A. Donenfeld
6d3b876492 version: bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-02-23 19:32:18 +01:00
Jason A. Donenfeld
e8fa0f662f ipc: read trailing responses after set operation
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-01-27 15:22:20 +01:00
Jason A. Donenfeld
f97e81c094 man: LOG_LEVEL variables changed nae
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-01-26 23:02:37 +01:00
Jason A. Donenfeld
457f96b65e ipc: do not use fscanf with trailing \n
If the stream is not closed, then this winds up hanging forever. So
remove the trailing \n\n and check manually after.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-01-25 21:22:36 +01:00
Jason A. Donenfeld
66ed611bd0 sticky-sockets: do not use SO_REUSEADDR
This makes little sense for unicast UDP sockets.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-18 23:40:15 +01:00
Jason A. Donenfeld
7e506135f7 completion: add help and syncconf completions
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-13 22:29:09 +01:00
Jason A. Donenfeld
5e24780d4c wincompat: do not elevate by default
Elevation makes it detach from the console, which means the results are
hidden.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-11 14:17:27 +01:00
Jason A. Donenfeld
843a256697 wincompat: add resource and manifest and enable lto
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-11 13:59:14 +01:00
Jason A. Donenfeld
66714e2c47 wincompat: recent mingw has inet_ntop/inet_pton
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-09 11:46:01 +01:00
Jason A. Donenfeld
b637db4692 embeddable-wg-library: sync latest from netlink.h
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-10-29 12:44:47 +01:00
Jason A. Donenfeld
c3f26340e6 wg-quick: openbsd: no use for userspace support
With alignment between the kernel and userspace, along with userspace
packages, we can now rely on the kernel in the future always having
wg(4).

This also simplifies the interface selection logic, and stores the
wg-quick interface name as the description.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-10-19 13:29:28 +02:00
Jason A. Donenfeld
265e81a344 wg-quick: android: do not free iterated pointer
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-09-15 16:20:22 +02:00
Jason A. Donenfeld
7a321ce808 version: bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-08-27 10:22:09 +02:00
Jason A. Donenfeld
91fbeb4a92 Revert "wg-quick: wait on process substitutions"
This reverts commit 26683f6c9a, which
means the old problem comes back. That's an issue. But waiting on
process substitutions is not available with commonly used bash versions:

  # wg-quick up demo
  [#] ip link add demo type wireguard
  [#] wg setconf demo /dev/fd/63
  /usr/bin/wg-quick: line 251: wait: pid 2955 is not a child of this shell
  [#] ip link delete dev demo

This means we have to wait a few years before fixing this issue. IOW,
bash limitation; can't fix.

Reported-by: Theodore Mozzo <theodore.mozzo@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-08-27 10:19:31 +02:00
Jason A. Donenfeld
9a0d65e2af wg-quick: android: use iproute2 to bring up interface instead of ndc
Android 11's ndc regresses even more, but it turns out that netd doesn't
need to track up/down state via direct invocation, so just set the
interface up by way of normal iproute2.

Reported-by: Harsh Shandilya <me@msfjarvis.dev>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-08-25 21:54:22 +02:00
Jason A. Donenfeld
fbca033c69 version: bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-08-20 12:06:22 +02:00
Jason A. Donenfeld
26683f6c9a wg-quick: wait on process substitutions
Bash does not propagate error values, which is a bummer, but process
substitutions are a useful feature. Introduce a new idiom to deal with
this: either "; wait $!" after the line to propagate the error, or "||
true" to indicate explicitly that we don't care about the error.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-08-06 17:47:14 +02:00
Jason A. Donenfeld
13fac76a71 ctype: use non-locale-specific ctype.h
We also make these constant time, even though we're never distinguishing
between bits of a secret using them. From that perspective, though, this
is markedly better than the locale-specific table lookups in glibc, even
though base64 characters span two cache lines and valid private keys
must hit both.

Co-authored-by: Samuel Neves <sneves@dei.uc.pt>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
2020-08-06 17:47:14 +02:00
Jason A. Donenfeld
cf2bf09524 pubkey: isblank is a subset of isspace
Therefore, there's no need to test both.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-08-06 17:47:14 +02:00
Jason A. Donenfeld
b4a8a18797 man: wg-quick: use syncconf instead of addconf for strip example
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-07-28 14:19:10 +02:00
Domonkos P. Tomcsanyi
a66219fa10 systemd: add reload target to systemd unit
Users can now run `systemctl reload wg-quick@wgnet0`, as described in
the wg-quick(8) man page. Note that this won't adjust Address=, DNS=, or
the various other non-wg(8) fields.

Signed-off-by: Domonkos P. Tomcsanyi <domi@tomcsanyi.net>
[zx2c4: use exec for bash commands to reduce excess forks, and rewrite
        commit message]
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-07-24 16:23:47 +02:00
Jason A. Donenfeld
eb4665ecf0 wincompat: fold random into genkey
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-25 18:07:49 -06:00
Jason A. Donenfeld
197995d50c ipc: split into separate files per-platform
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-25 17:21:18 -06:00
Jason A. Donenfeld
c45d422a93 version: bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-13 18:29:41 -06:00
Jason A. Donenfeld
56cb39fb22 ipc: openbsd: switch to array ioctl interface
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-13 01:55:32 -06:00
Jason A. Donenfeld
0cfde946b1 Makefile: remember to install all systemd units
Reported-by: Unit 193 <unit193@unit193.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-11 21:31:05 -06:00
Jason A. Donenfeld
8137c14dc6 version: bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-10 22:20:44 -06:00
Jason A. Donenfeld
10b4e7677f wg-quick: cleanup openbsd support
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-10 22:15:08 -06:00
Matt Dunwoodie
9eda95d084 wg-quick: add support for openbsd kernel implementation
Signed-off-by: Matt Dunwoodie <ncon@noconroy.net>
2020-05-10 22:10:02 -06:00
Jason A. Donenfeld
d4a32c97fd ipc: cleanup openbsd support
We also add a wg_if.h in the fallback include path.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-10 22:10:02 -06:00
Matt Dunwoodie
5c66f6ecd1 ipc: add support for openbsd kernel implementation
Signed-off-by: Matt Dunwoodie <ncon@noconroy.net>
2020-05-10 02:05:42 -06:00
Jason A. Donenfeld
b60e30e196 ipc: remove extra space
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-10 01:28:57 -06:00
Jason A. Donenfeld
7f236c7957 wg-quick: support dns search domains
If DNS= has an IP in it, treat it as a DNS server. If DNS= has a non-IP
in it, treat it as a DNS search domain.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-09 00:29:53 -06:00
Martin Hauke
238ca40591 systemd: add wg-quick.target
Add file wg-quick.target, which allows starting and stopping all
wg-quick@.service instances at once.

Signed-off-by: Martin Hauke <mardnh@gmx.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-01 15:58:59 -06:00