bateast/wireguard-tools
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
382 Commits 1 Branch 0 Tags
Commit Graph

382 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jason A. Donenfeld
1ad6b17c35 extract-{handshakes,keys}: rework for upstream kernel 
Now that WireGuard has been upstreamed and the repos split, we have to
look elsewhere for these headers.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2020-02-01 00:53:30 +01:00
Jason A. Donenfeld
27c885ff08 man: document dynamic debug trick for Linux 
This comes up occasionally, so it may be useful to mention its
possibility in the man page. At least the Arch Linux and Ubuntu kernels
support dynamic debugging, so this advise will at least help somebody.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2020-01-31 23:17:59 +01:00
Jason A. Donenfeld
6771c4454e wg-quick: android: split uids into multiple commands 
Different versions of netd have different limits on how many can be
passed at once.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reported-by: Alexey <zaranecc@bk.ru>
 2020-01-31 18:56:52 +01:00
Jason A. Donenfeld
8082f7e6a8 version: bump 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2020-01-21 15:51:31 +01:00
Jason A. Donenfeld
3a3a56e217 Makefile: sort inputs to linker so that build is reproducible 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2020-01-21 15:51:07 +01:00
Jason A. Donenfeld
64576f9a06 netlink: make sure to clear return value when trying again 
Otherwise this runs in an infinite loop if at some point a dump was
interrupted.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2020-01-11 12:16:50 -05:00
Jason A. Donenfeld
95c30bc034 fuzz: add set and setconf fuzzers 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2020-01-11 10:47:59 -05:00
Jason A. Donenfeld
f7f1e7da2c Makefile: evaluate git version lazily 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2020-01-08 17:59:58 -05:00
Jason A. Donenfeld
cdd8d8ba9f fuzz: add generic command argument fuzzer 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2020-01-04 10:47:28 -05:00
Jason A. Donenfeld
1d2d6200b8 ipc: simplify inflatable buffer and add fuzzer 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2020-01-04 15:07:10 +01:00
Jason A. Donenfeld
f59f63f462 Makefile: add standard 'all' target 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reported-by: Bruno Wolff III <bruno@wolff.to>
 2020-01-03 21:22:22 +01:00
Jason A. Donenfeld
bfb31ac953 Makefile: remove pwd from compile output 
We previously included $(pwd) in the compile output pretty printer,
because it matched our parent out-of-tree module build. Since we're no
longer coupled to the module, we can return to a prettier scheme of just
using the object name.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Fixes: eb68ad07 ("Makefile: even prettier output")
 2020-01-03 12:36:10 +01:00
Jason A. Donenfeld
3bf1b64d44 version: bump 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2020-01-02 19:53:11 +01:00
Jason A. Donenfeld
d8230ea0dc global: bump copyright 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2020-01-02 19:52:25 +01:00
Jason A. Donenfeld
16e20de722 wg-quick: linux: quote ifname for nft 
Otherwise nft(8) has strange ideas of what a string is.

Suggested-by: RistiCore <RistiCore@mail.ee>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-12-28 18:35:41 +01:00
Jason A. Donenfeld
3bfe9c41ab Makefile: rework automatic version.h mangling 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reported-by: Joe Doss <joe@solidadmin.com>
 2019-12-27 18:33:55 +01:00
Jason A. Donenfeld
2d000809dd fuzz: find bugs when parsing uapi input 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-12-27 18:33:55 +01:00
Jason A. Donenfeld
cde6f312e4 fuzz: find bugs in the config syntax parser 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-12-27 18:33:55 +01:00
Devin Smith
318253d932 man: add documentation about removing explicit listen-port 
Signed-off-by: Devin Smith <thundza@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-12-27 11:52:29 +01:00
Jason A. Donenfeld
d359ead4dc dns-hatchet: adjust path for new repo layout 
Reported-by: Joe Doss <joe@solidadmin.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-12-26 18:10:37 +01:00
Jason A. Donenfeld
f9f1ba795e Makefile: port static analysis check 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-12-26 16:54:25 +01:00
Jason A. Donenfeld
ff7e5dfe30 Makefile: DEBUG_TOOLS -> DEBUG and document 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-12-26 16:51:58 +01:00
Jason A. Donenfeld
7861d89b7c systemd: update documentation URL 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-12-26 13:59:27 +01:00
Jason A. Donenfeld
ae659490cf version: bump 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-12-26 13:59:11 +01:00
Jason A. Donenfeld
9130fa0450 Makefile: add git versioning to dev builds 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-12-26 13:57:58 +01:00
Jason A. Donenfeld
011bf3b9f4 README: consolidate with INSTALL and rewrite 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-12-26 13:10:42 +01:00
Jason A. Donenfeld
262b5196cf wg: include tools version 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-12-26 13:10:42 +01:00
Jason A. Donenfeld
2f74ac29cf wg: add back source formerly shared with kernel module 
We used to reach back into parent directories for this, but with the
repo split, we now require our own copy.

We use -idirafter in case system headers are installed for the
wireguard.h netlink definitions.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-12-26 12:55:41 +01:00
Jason A. Donenfeld
d5ac56465e gitignore: trim down to basics 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-12-26 12:55:41 +01:00
Jason A. Donenfeld
6262906e5c wg-quick: linux: use already configured addresses instead of in-memory 
The ADDRESSES array might not have addresses added during PreUp. But
moreover, nft(8) and iptables(8) don't like ip addresses in the form
somev6prefix::someipv4suffix, such as fd00::1.2.3.4, while ip(8) can
handle it. So by adding these first and then asking for them back, we
always get normalized addresses suitable for nft(8) and iptables(8).

Reported-by: Silvan Nagl <mail@53c70r.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-12-17 14:18:09 +01:00
Kai Haberzettl
64f83e6161 wg: adjust wg.8 syntax for consistency in COMMANDS section 
Signed-off-by: Kai Haberzettl <khaberz@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-12-13 16:22:19 +01:00
Jason A. Donenfeld
6fbfa0d7bb wg-quick: linux: try both iptables(8) and nft(8) on teardown 
Daniel argues that technically a package manager could install nft(8)
after previously having started wg-quick(8) using iptables(8).

Suggested-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-12-12 17:24:04 +01:00
Jason A. Donenfeld
45417c5c0d wg-quick: linux: support older nft(8) 
Older nft(8), such as that on Ubuntu, does not accept the - parameter to
the -f argument and doesn't accept symbolic priority names. So instead
use the canonical numeric priority forms and use <(echo) instead of -.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-12-12 12:24:05 +01:00
Josh Soref
a863be0148 global: fix up spelling 
Signed-off-by: Josh Soref <jsoref@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-12-12 12:24:05 +01:00
Jason A. Donenfeld
17c78d31c2 wg-quick: linux: add support for nft and prefer it 
If nft(8) is installed, use it. These rules should be identical to the
iptables-restore(8) ones, with the advantage that cleanup is easy
because we use custom table names.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-12-12 12:24:05 +01:00
Jason A. Donenfeld
bc8bf54185 wg-quick: linux: ignore save warnings for iptables-nft 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-12-06 16:51:05 +01:00
Jason A. Donenfeld
8d4e4f3a86 wg-quick: linux: suppress more warnings on weird kernels 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-12-06 16:22:18 +01:00
Jason A. Donenfeld
3928ebb87d wg-quick: linux: some iptables don't like empty lines 
Reported-by: Kenneth R. Crudup <kenny@panix.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-12-05 18:33:18 +01:00
Jason A. Donenfeld
9eab3487cd wg-quick: linux: iptables-* -w is not widely supported 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-12-05 11:48:25 +01:00
Jason A. Donenfeld
faa55d8b19 ipc: make sure userspace communication frees wgdevice 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-12-05 11:48:25 +01:00
Jason A. Donenfeld
207aeed010 wg-quick: linux: have remove_iptables return true 
Reported-by: Thomas Sattler <sattler@med.uni-frankfurt.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-12-05 11:48:25 +01:00
Jason A. Donenfeld
af69113e02 wg-quick: linux: ensure postdown hooks execute 
Reported-by: Thomas Sattler <sattler@med.uni-frankfurt.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-12-05 11:48:25 +01:00
Jason A. Donenfeld
a9abb21575 wg-quick: linux: suppress error when finding unused table 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-11-27 17:12:15 +01:00
Jason A. Donenfeld
ae374129ab wg: add syncconf command 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-11-27 14:42:34 +01:00
Jason A. Donenfeld
34ea0caf1f reresolve-dns: remove invalid anchors on regex match 
Reported-by: Conrad Meyer <cem@freebsd.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-11-27 14:42:34 +01:00
Jason A. Donenfeld
ebcf1ef8b1 wg-quick: linux: filter bogus injected packets and don't disable rpfilter 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-11-27 13:45:58 +01:00
Jason A. Donenfeld
a59aa6c404 wg-quick: linux: only touch net.ipv4 for v4 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-11-26 11:33:33 +01:00
Jason A. Donenfeld
cf7ec31d2d wg-quick: android: check for null in binder cleanup functions 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-10-16 14:23:27 +02:00
Nicolas Douma
792727cf64 wg-quick: android: use Binder for setting DNS on Android 10 
Signed-off-by: Nicolas Douma <nicolas@serveur.io>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-10-12 16:49:52 +02:00
Jason A. Donenfeld
959937672a wg: windows: enforce named pipe ownership and use protected prefix 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2019-08-31 08:48:39 -06:00