- 7月 04, 2017
-
-
由 Samuel Holland 创作于
Signed-off-by:
Samuel Holland <samuel@sholland.org> Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
由 Jason A. Donenfeld 创作于
Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
- 7月 03, 2017
-
-
由 Jason A. Donenfeld 创作于
Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
- 6月 30, 2017
-
-
由 Jason A. Donenfeld 创作于
Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
由 Jason A. Donenfeld 创作于
Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
由 Jason A. Donenfeld 创作于
Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
由 Jason A. Donenfeld 创作于
This caused certain packets to be rejected that shouldn't be rejected, in the case of certain scatter-gather ethernet drivers doing GRO pulling right up to the UDP bounds but not beyond. This caused certain TCP connections to fail. Thanks very much to Reuben for providing access to the machine to debug this regression. Reported-by:
Reuben Martin <reuben.m@gmail.com> Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
- 6月 28, 2017
-
-
由 Jason A. Donenfeld 创作于
Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
由 Jason A. Donenfeld 创作于
Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
由 Jason A. Donenfeld 创作于
Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
由 Jason A. Donenfeld 创作于
Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
- 6月 26, 2017
-
-
由 Jason A. Donenfeld 创作于
This way is more correct and ensures we're within the skb head. Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
由 Jason A. Donenfeld 创作于
This logic belongs upstream. Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
由 Jason A. Donenfeld 创作于
Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
由 Jason A. Donenfeld 创作于
Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
由 Jason A. Donenfeld 创作于
Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
由 Jason A. Donenfeld 创作于
This helps "unstick" stuck source addresses, when changing routes dynamically. Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
由 Jason A. Donenfeld 创作于
This not only removes the depenency on x_tables, but it also gives us much better performance and memory usage. Now, systems are able to have millions of WireGuard interfaces, without having to worry about a thundering herd of garbage collection. Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
- 6月 25, 2017
-
-
由 Jason A. Donenfeld 创作于
We can let the compiler optimize how it sees fit. Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
- 6月 24, 2017
-
-
由 Jason A. Donenfeld 创作于
Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
由 Jason A. Donenfeld 创作于
Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
由 Jason A. Donenfeld 创作于
This greatly improves performance when adding and removing interfaces, since the power registration function does a linear search each time. Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
由 Jason A. Donenfeld 创作于
Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
由 Jason A. Donenfeld 创作于
Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
由 Jason A. Donenfeld 创作于
Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
- 6月 13, 2017
-
-
由 Jason A. Donenfeld 创作于
Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
- 6月 12, 2017
-
-
由 Jason A. Donenfeld 创作于
We can let userspace configure wireguard interfaces before the RNG is fully initialized, since what we mostly care about is having good randomness for ephemerals and xchacha nonces. By deferring the wait to actually asking for the randomness, we give a lot more opportunity for gathering entropy. This won't cover entropy for hash table secrets or cookie secrets (which rotate anyway), but those have far less catastrophic failure modes, so ensuring good randomness for elliptic curve points and nonces should be sufficient. Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
由 Jason A. Donenfeld 创作于
Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
- 6月 08, 2017
-
-
由 Jason A. Donenfeld 创作于
It's possible that get_random_bytes() will return bad randomness if it hasn't been seeded. This patch makes configuration block until the RNG is properly initialized. Reference: http://www.openwall.com/lists/kernel-hardening/2017/06/02/2 Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
由 Jason A. Donenfeld 创作于
Replacing an entry that's already been replaced is something that could happen when processing handshake messages in parallel, when starting up multiple instances on the same machine. Reported-by:
Hubert Goisern <zweizweizwoelf@gmail.com> Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
- 6月 05, 2017
-
-
由 Jason A. Donenfeld 创作于
Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
- 6月 01, 2017
-
-
由 Jason A. Donenfeld 创作于
It's different on different kernel versions, and we're not using it anyway, so it's easiest to just get rid of it, rather than having another ifdef maze. Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
由 Jason A. Donenfeld 创作于
Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
由 Jason A. Donenfeld 创作于
Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
由 Jason A. Donenfeld 创作于
Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
由 Jason A. Donenfeld 创作于
Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
- 5月 31, 2017
-
-
由 Jason A. Donenfeld 创作于
Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
由 Jason A. Donenfeld 创作于
Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
由 Jason A. Donenfeld 创作于
Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-
由 Jason A. Donenfeld 创作于
Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com>
-