lp:wireguard-linux

Get this repository:
git clone https://git.launchpad.net/wireguard-linux

Import details

Import Status: Reviewed

This repository is an import of the Git repository at https://git.zx2c4.com/WireGuard.

The next import is scheduled to run .

Last successful import was .

Import started on juju-98ee42-prod-launchpad-codeimport-5 and finished taking 30 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-2 and finished taking 10 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-4 and finished taking 40 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-1 and finished taking 10 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-2 and finished taking 10 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-2 and finished taking 10 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-1 and finished taking 15 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-0 and finished taking 5 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-0 and finished taking 15 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-5 and finished taking 10 seconds — see the log

Branches

Name Last Modified Last Commit
master 2019-12-19 00:12:35 UTC
version: bump snapshot

Author: Jason A. Donenfeld
Author Date: 2019-12-19 00:12:35 UTC

version: bump snapshot

md/openbsd 2019-10-30 13:48:15 UTC
Rework ipc.c to new OpenBSD IOCTL interface

Author: Matt Dunwoodie
Author Date: 2019-10-27 10:13:20 UTC

Rework ipc.c to new OpenBSD IOCTL interface

jd/ryzen-bug 2019-10-28 16:55:33 UTC
peerlookup: fall back to get_random_bytes for Ryzen 3000 bug

Author: Jason A. Donenfeld
Author Date: 2019-10-28 16:55:33 UTC

peerlookup: fall back to get_random_bytes for Ryzen 3000 bug

In case get_random_u32() fails after 32 tries -- something that should
only happen on the Ryzen 3000 which returns -1 everytime if you have the
wrong CPU microcode -- we fall back to get_random_bytes(), which is
slower, but at least works.

nd/android-10-dns 2019-10-12 03:32:53 UTC
wg-quick: android: use Binder for setting DNS on Android 10

Author: Nicolas Douma
Author Date: 2019-10-02 19:10:51 UTC

wg-quick: android: use Binder for setting DNS on Android 10

Signed-off-by: Nicolas Douma <nicolas@serveur.io>

jd/syncconf 2019-06-11 17:41:02 UTC
tools: add syncconf command

Author: Jason A. Donenfeld
Author Date: 2019-06-11 17:22:52 UTC

tools: add syncconf command

sl/ppc 2019-05-13 21:25:28 UTC
[zinc] Add PowerPC accelerated poly1305 from openssl/cryptograms

Author: Shawn Landden
Author Date: 2019-05-11 17:19:51 UTC

[zinc] Add PowerPC accelerated poly1305 from openssl/cryptograms

Unfortunately I am not seeing a speed up with this patch,
but it does decrease CPU usage.

Only (currently) runs on the outbound path, as the in-bound path is in
an interrupt, but that can be fixed in Linux.

v2: - Do not include the FPU version, as +10% performance on POWER8
    (admittedly better on really old CPUs, like old world macs) is not
    worth it, especially when there is a fast VSX version available.
    - Honor CONFIG_VSX.
Signed-off-by: Shawn Landden <shawn@git.icu>

jh/ignore-df 2019-05-12 17:41:50 UTC
compat: on older kernels, ignore_df might be local_df

Author: Joe Holden
Author Date: 2019-05-12 17:41:50 UTC

compat: on older kernels, ignore_df might be local_df

lr/man-allowedips 2019-04-11 13:52:15 UTC
wg.8: Rewrite AllowedIPs description

Author: Luis Ressel
Author Date: 2019-04-11 13:13:11 UTC

wg.8: Rewrite AllowedIPs description

* The current text doesn't describe how overlapping values are handled.
* "[addrs] to which outgoing traffic for this peer is directed" is vague
  and misleading.
* 0.0.0.0/0 and ::/0 don't need to be mentioned, since they aren't
  special cases. (Should they be mentioned in the example section,
  though?)

Thanks-to: jrb0001, MacGyver, zanijwa
Signed-off-by: Luis Ressel <aranea@aixah.de>

lr/peer-names 2019-03-28 14:03:05 UTC
[WIP] wg: Support human-readable peer names

Author: Luis Ressel
Author Date: 2019-03-25 13:53:09 UTC

[WIP] wg: Support human-readable peer names

TODO:
* Refactor the inflatable_buffer code from ipc.c and use it for both
  the wgpeer_name array and the names.
* ugly_print, dumb_print
* Make wgpeer_names part of wgdevice?
* Check for dupes?
* Test!

Signed-off-by: Luis Ressel <aranea@aixah.de>

fd/propagate-DSCP-bits 2019-02-26 17:21:55 UTC
receive: fix the ECN-related behaviour

Author: Florent Daigniere
Author Date: 2019-02-26 17:21:55 UTC

receive: fix the ECN-related behaviour

Match what the kernel would do; drop packets when it would

Signed-off-by: Florent Daigniere <nextgens@freenetproject.org>

fd/ECN-rfc6040 2019-02-26 16:48:30 UTC
net: implement ECN handling, rfc6040 style

Author: Florent Daigniere
Author Date: 2019-02-24 18:27:21 UTC

net: implement ECN handling, rfc6040 style

To decide whether we should use the compatibility mode or the normal
mode with a peer, we use the handshake messages as a signaling channel.

If we receive the expected ECN bits, it most likely means they're
running a compatible version.

Signed-off-by: Florent Daigniere <nextgens@freenetproject.org>

jd/base-time 2019-02-04 03:42:04 UTC
noise: compute timestamps from a given base time

Author: Jason A. Donenfeld
Author Date: 2019-02-04 03:38:28 UTC

noise: compute timestamps from a given base time

jo/transit-namespace 2018-12-17 14:39:45 UTC
tests: add test for transit-net

Author: Julian Orth
Author Date: 2018-09-08 11:45:57 UTC

tests: add test for transit-net

jd/arnd-crosstool 2018-11-17 00:41:46 UTC
qemu: use arnd's toolchains

Author: Jason A. Donenfeld
Author Date: 2018-11-17 00:41:46 UTC

qemu: use arnd's toolchains

jd/ifgroup 2018-11-13 03:43:20 UTC
wg-quick: experiment with ifgroup suppression

Author: Jason A. Donenfeld
Author Date: 2018-11-13 03:41:56 UTC

wg-quick: experiment with ifgroup suppression

jd/maybe-sse2 2018-11-11 21:06:56 UTC
chacha20: enable sse2 path

Author: Jason A. Donenfeld
Author Date: 2018-11-11 21:06:56 UTC

chacha20: enable sse2 path

jd/bigendiancurve 2018-10-08 16:06:37 UTC
curve25519-arm: simply call setend

Author: Jason A. Donenfeld
Author Date: 2018-10-08 16:06:37 UTC

curve25519-arm: simply call setend

Probably not good if this runs on a v8 CPU.

jd/andy-is-best-maybe 2018-09-23 16:50:45 UTC
Real life sort of benchmark

Author: Jason A. Donenfeld
Author Date: 2018-09-23 16:12:43 UTC

Real life sort of benchmark

jn/rhashtable 2018-07-21 01:34:46 UTC
hashtables: switch to rhashtable

Author: Jonathan Neuschäfer
Author Date: 2018-07-21 01:34:46 UTC

hashtables: switch to rhashtable

NOTE: Due to a limitation in the rhashtable API, the siphash key (or
"seed") is reduced to 32 bits of random, rather than 128 bits that were
used before.

Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>

jd/remove-per-peer-queues 2018-07-18 16:34:47 UTC
queueing: remove per-peer queues

Author: Jason A. Donenfeld
Author Date: 2018-07-18 15:26:03 UTC

queueing: remove per-peer queues

Previously, having many peers would result in many napi structs, which
could make lookups in the napi_hash in net/core/dev.c slow. So, we move
to using a single napi struct per device.

The best solution would be to replace napi_hash with an idr or just get
rid of it all together and use straight pointers. However, that isn't the
case currently, so we work with what is and begrudgingly remove per-peer
queues. On the upside, it means we reduce the per-peer memory usage by
about 8k/16k, but on the downside it means that napi_gro_receive is
called on a unified list, which might result in less GRO speedups on
systems with many peers active at once.

However, if napi_hash does ever go away, we should consider reverting
this commit.

Since this means moving to unified packet queues, flushing at peer
removal is something of a problem. So we make the slightly dubious
modification of just not flushing, and letting our reference counters do
the work. This in turn required some small changes to ensure that the
reference counter will, at some point in the future, still reach zero,
and not be kept alive by non-stop packet ingress.

Co-developed-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>

tg/mpmc-benchmark 2018-07-04 21:11:40 UTC
uint64_t and need_resched()

Author: Thomas Gschwantner
Author Date: 2018-07-04 21:11:26 UTC

uint64_t and need_resched()

jn/mpmc-wip 2018-07-01 03:37:29 UTC
mpmc_ptr_ring: add {,un}likely() annotations

Author: Thomas Gschwantner
Author Date: 2018-07-01 03:28:38 UTC

mpmc_ptr_ring: add {,un}likely() annotations

grt/gro 2018-06-28 13:38:57 UTC
GRO does indeed concatenate packets, should we store them somewhere?

Author: Gauvain "GovanifY" Roussel-Tarbouriech
Author Date: 2018-06-28 13:38:57 UTC

GRO does indeed concatenate packets, should we store them somewhere?

jd/android-suspend-xmit 2018-06-25 14:42:30 UTC
send: wait for suspend to complete before sending handshake

Author: Jason A. Donenfeld
Author Date: 2018-06-25 04:05:14 UTC

send: wait for suspend to complete before sending handshake

Otherwise the transmission might be dropped on Android devices.

jn/mpmc-null 2018-06-20 22:56:05 UTC
[BROKEN] mpmc_ptr_ring: Rely on null pointers to avoid p_tail

Author: Jonathan Neuschäfer
Author Date: 2018-06-20 22:56:05 UTC

[BROKEN] mpmc_ptr_ring: Rely on null pointers to avoid p_tail

This should fix a performance problem when two (or more) producers run
on the same CPU.

[ TODO: more text ]

previously:

        Thread A Thread B
        producer_head=1
        write item

                <preemptive context switch>

                                        producer_head=2
                                        write item
                                        <stalled because producer_tail
                                         is still 0>

                <preemptive context switch>

        producer_tail=1

        producer_head=3
        write item
        <stalled because producer_tail is still 1>

                                ...

with this patch:

        Thread A Thread B
        producer_head=1
        write item

                <preemptive context switch>

                                        producer_head=2
                                        write item
                                        producer_head=3
                                        write item
                                        producer_head=4
                                        write item
                                        producer_head=5
                                        write item

                <preemptive context switch>

        producer_head=6
        write item
        producer_head=7
        write item

                                ...

jd/ring_testing 2018-06-18 13:10:14 UTC
selftest/mpmc_ring: lower test count for perf testing

Author: Jason A. Donenfeld
Author Date: 2018-06-18 13:10:14 UTC

selftest/mpmc_ring: lower test count for perf testing

tg/mpmc_testing 2018-06-18 01:14:46 UTC
mpmc_ptr_ring: nits

Author: Jason A. Donenfeld
Author Date: 2018-06-18 01:14:20 UTC

mpmc_ptr_ring: nits

jd/partial-preempt-fix 2018-06-13 13:05:46 UTC
compat: backport ipvs_reset

Author: Jason A. Donenfeld
Author Date: 2018-06-13 02:30:44 UTC

compat: backport ipvs_reset

tg/mpmc_ring 2018-06-04 18:30:02 UTC
WIP9

Author: Thomas Gschwantner
Author Date: 2018-06-04 17:44:17 UTC

WIP9

rvd/poly1305_opaque_length 2018-05-30 18:01:07 UTC
poly1305: generic: Reduce opaque size.

Author: René van Dorst
Author Date: 2018-05-30 15:29:19 UTC

poly1305: generic: Reduce opaque size.

Signed-off-by: René van Dorst <opensource@vdorst.com>

rvd/poly1305_padding 2018-05-30 15:32:29 UTC
poly1305: Add a helper function which will padded the input to full poly1305 ...

Author: René van Dorst
Author Date: 2018-05-30 10:05:20 UTC

poly1305: Add a helper function which will padded the input to full poly1305 block when needed.
In the current code, every poly1305 input is a multiple of POLY1305_BLOCK_SIZE or will padded with zero's.
Put it in one function makes it more efficient.

Signed-off-by: René van Dorst <opensource@vdorst.com>

jd/ricetastic-chapoly 2018-05-30 03:08:55 UTC
chacha20poly1305: combine stack variables into union

Author: Jason A. Donenfeld
Author Date: 2018-05-30 01:09:05 UTC

chacha20poly1305: combine stack variables into union

fv/openbsd 2018-05-21 18:17:52 UTC
tools: fix OpenBSD build

Author: Filippo Valsorda
Author Date: 2018-05-21 04:10:54 UTC

tools: fix OpenBSD build

License: MIT
Signed-off-by: Filippo Valsorda <valsorda@google.com>

jd/systemd-resolved 2018-05-21 17:31:40 UTC
wg-quick: linux: check for right route

Author: Jason A. Donenfeld
Author Date: 2018-05-21 17:31:40 UTC

wg-quick: linux: check for right route

jn/qemu-hash 2018-05-14 16:08:33 UTC
tests/qemu: Pin most of the tarball hashes

Author: Jonathan Neuschäfer
Author Date: 2018-05-14 14:13:22 UTC

tests/qemu: Pin most of the tarball hashes

When src/tests/qemu/Makefile downloads tarballs, they may be corrupted
by accident or malice. Detect such errors by comparing the downloaded
files to their known-good hashes.

In the case of iperf there is actually a chance of a successful MitM
attack because the tarball is downloaded over plain HTTP if the mirror
(https://download.wireguard.com/...) isn't reachable for some reason.

Only the kernel tarball isn't checked, because the makefile needs to
work with many different kernel versions.

Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>

jd/endianness-trick 2018-05-04 16:13:57 UTC
allowedips: single expression endian choice

Author: Jason A. Donenfeld
Author Date: 2018-05-04 16:11:21 UTC

allowedips: single expression endian choice

This will upset millions of curious onlookers, and people will begin to
doubt my judgement and sanity. But this really is cleaner to express as
a single statement.

lr/pmtu 2018-01-13 09:53:52 UTC
WIP: Automatically update PMTU for tunneled destinations

Author: Luis Ressel
Author Date: 2018-01-13 09:53:52 UTC

WIP: Automatically update PMTU for tunneled destinations

jd/built-in-rp-filter-adjustment 2017-12-11 11:32:22 UTC
device: disable rp_filter for wireguard devices

Author: Jason A. Donenfeld
Author Date: 2017-12-11 11:32:22 UTC

device: disable rp_filter for wireguard devices

Just like ipsec disables it with secpath, we can too, since allowedips
is really the right mechanism for this.

jd/fixed-endpoints 2017-11-01 20:28:39 UTC
Allow disabling roaming

Author: Jason A. Donenfeld
Author Date: 2017-11-01 20:28:39 UTC

Allow disabling roaming

jd/broken-arm-qemu-serial 2017-10-24 18:38:22 UTC
qemu: work around bogus QEMU virt ARM machines

Author: Jason A. Donenfeld
Author Date: 2017-10-24 17:54:55 UTC

qemu: work around bogus QEMU virt ARM machines

The virt machine type in QEMU only supports one native serial port,
which means we're forced to add in a whole PCI bus if we want to get any
more information out. Bad situation.

This should be reverted as soon as upstream QEMU does something about
it.

jd/lockless-queuing 2017-09-15 22:16:17 UTC
data: move from spinlocks to lockless data structure

Author: Jason A. Donenfeld
Author Date: 2017-09-15 21:58:38 UTC

data: move from spinlocks to lockless data structure

Reference: https://www.cs.rochester.edu/research/synchronization/pseudocode/queues.html
Original-code-from: @aegis

jd/spinlocks-dql 2017-09-15 14:49:42 UTC
Try only advancing to next CPU if dql says so

Author: Jason A. Donenfeld
Author Date: 2017-09-15 14:49:42 UTC

Try only advancing to next CPU if dql says so

jd/cpu-dql 2017-09-15 13:34:54 UTC
DQL trial 1

Author: Jason A. Donenfeld
Author Date: 2017-09-15 13:25:22 UTC

DQL trial 1

jd/builtin-ratelimiter 2017-08-03 21:45:26 UTC
ratelimiter: remove and use in-kernel functionality

Author: Jason A. Donenfeld
Author Date: 2017-08-03 21:45:26 UTC

ratelimiter: remove and use in-kernel functionality

144 of 44 results
This repository contains Public information 
Everyone can see this information.

Subscribers