aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services
Commit message (Collapse)AuthorAgeFilesLines
* wireguard: bump to 1.0.20200611Stijn Segers2020-07-051-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This bump fixes breakage introduced by kernel commit 8ab8786f78c3fc930f9abf6d6d85e95567de4e1f, which is part of the 4.14.181 kernel bump, and backported ip6_dst_lookup_flow to 4.14. This breaks the older WireGuard version currently in 19.07. For reference, the compilation error is the one below: build_dir/target-x86_64_musl/linux-x86_64/wireguard-linux-compat-1.0.20200506/src/compat/compat.h:104:42: error: 'const struct ipv6_stub' has no member named 'ipv6_dst_lookup'; did you mean 'ipv6_dst_lookup_flow'? #define ipv6_dst_lookup_flow(a, b, c, d) ipv6_dst_lookup(a, b, &dst, c) + (void *)0 ?: dst Changelogs below taken from the official release announcements. == Changes since v1.0.20200506 == This release aligns with the changes I sent to DaveM for 5.7-rc7 and were pushed to net.git about 45 minutes ago. * qemu: use newer iproute2 for gcc-10 * qemu: add -fcommon for compiling ping with gcc-10 These enable the test suite to compile with gcc-10. * noise: read preshared key while taking lock Matt noticed a benign data race when porting the Linux code to OpenBSD. * queueing: preserve flow hash across packet scrubbing * noise: separate receive counter from send counter WireGuard now works with fq_codel, cake, and other qdiscs that make use of skb->hash. This should significantly improve latency spikes related to buffer bloat. Here's a before and after graph from some data Toke measured: https://data.zx2c4.com/removal-of-buffer-bloat-in-wireguard.png * compat: support RHEL 8 as 8.2, drop 8.1 support * compat: support CentOS 8 explicitly * compat: RHEL7 backported the skb hash renamings The usual RHEL churn. * compat: backport renamed/missing skb hash members The new support for fq_codel and friends meant more backporting work. * compat: ip6_dst_lookup_flow was backported to 4.14, 4.9, and 4.4 == Changes since v1.0.20200611 == * qemu: always use cbuild gcc rather than system gcc * qemu: remove -Werror in order to build ancient kernels better * qemu: patch kernels that rely on ancient make * qemu: force 2MB pages for binutils 2.31 * qemu: use cbuild gcc for avx512 exclusion * qemu: add extra fill in idt handler for newer binutils * qemu: support fetching kernels for arbitrary URLs * qemu: patch in UTS_UBUNTU_RELEASE_ABI for Ubuntu detection * qemu: work around broken centos8 kernel * qemu: mark per_cpu_load_addr as static for gcc-10 Our qemu test suite can now handle more kernels and more compilers. Scroll down to the bottom of https://www.wireguard.com/build-status/ to see the expanded array of kernels we now test against, including some distro kernels. * compat: widen breadth of integer constants * compat: widen breadth of memzero_explicit backport * compat: backport skb_scrub_packet to 3.11 * compat: widen breadth of prandom_u32_max backport * compat: narrow the breadth of iptunnel_xmit backport * compat: backport iptunnel_xmit to 3.11 With the expanded qemu test suite, it was possible to expand our list of mainline kernels, so the backport compat layer is now more precise. * compat: ubuntu appears to have backported ipv6_dst_lookup_flow * compat: bionic-hwe-5.0/disco kernel backported skb_reset_redirect and ipv6 flow Ubuntu kernels changed recently, so this ensures we can compile with the latest Ubuntu releases. * compat: remove stale suse support Signed-off-by: Stijn Segers <foss@volatilesystems.org> (cherry picked from commit 1fd1f5e8cff18f97675ce303b05d411136b99fb0)
* wireguard: bump to 1.0.20200506Jason A. Donenfeld2020-05-071-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * compat: timeconst.h is a generated artifact Before we were trying to check for timeconst.h by looking in the kernel source directory. This isn't quite correct on configurations in which the object directory is separate from the kernel source directory, for example when using O="elsewhere" as a make option when building the kernel. The correct fix is to use $(CURDIR), which should point to where we want. * compat: use bash instead of bc for HZ-->USEC calculation This should make packaging somewhat easier, as bash is generally already available (at least for dkms), whereas bc isn't provided by distros by default in their build meta packages. * socket: remove errant restriction on looping to self It's already possible to create two different interfaces and loop packets between them. This has always been possible with tunnels in the kernel, and isn't specific to wireguard. Therefore, the networking stack already needs to deal with that. At the very least, the packet winds up exceeding the MTU and is discarded at that point. So, since this is already something that happens, there's no need to forbid the not very exceptional case of routing a packet back to the same interface; this loop is no different than others, and we shouldn't special case it, but rather rely on generic handling of loops in general. This also makes it easier to do interesting things with wireguard such as onion routing. At the same time, we add a selftest for this, ensuring that both onion routing works and infinite routing loops do not crash the kernel. We also add a test case for wireguard interfaces nesting packets and sending traffic between each other, as well as the loop in this case too. We make sure to send some throughput-heavy traffic for this use case, to stress out any possible recursion issues with the locks around workqueues. * send: cond_resched() when processing tx ringbuffers Users with pathological hardware reported CPU stalls on CONFIG_ PREEMPT_VOLUNTARY=y, because the ringbuffers would stay full, meaning these workers would never terminate. That turned out not to be okay on systems without forced preemption. This commit adds a cond_resched() to the bottom of each loop iteration, so that these workers don't hog the core. We don't do this on encryption/decryption because the compat module here uses simd_relax, which already includes a call to schedule in preempt_enable. * selftests: initalize ipv6 members to NULL to squelch clang warning This fixes a worthless warning from clang. * send/receive: use explicit unlikely branch instead of implicit coalescing Some code readibility cleanups. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> (cherry picked from commit 4f6343ffe7fe8f7018f904b153dea9fc6038daf4)
* wireguard: bump to 20191226Jason A. Donenfeld2020-05-073-292/+7
| | | | | | | | | | | | | | | | | As announced on the mailing list, WireGuard will be in Linux 5.6. As a result, the wg(8) tool, used by OpenWRT in the same manner as ip(8), is moving to its own wireguard-tools repo. Meanwhile, the out-of-tree kernel module for kernels 3.10 - 5.5 moved to its own wireguard-linux- compat repo. Yesterday, releases were cut out of these repos, so this commit bumps packages to match. Since wg(8) and the compat kernel module are versioned and released separately, we create a wireguard-tools Makefile to contain the source for the new tools repo. Later, when OpenWRT moves permanently to Linux 5.6, we'll drop the original module package, leaving only the tools. So this commit shuffles the build definition around a bit but is basically the same idea as before. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> (cherry picked from commit ea980fb9c6de24350976dcc6c20da2bed5fc8cb8)
* relayd: bump to version 2020-04-25Kevin Darbyshire-Bryant2020-05-041-3/+3
| | | | | | | | | f4d759b dhcp.c: further improve validation Further improve input validation for CVE-2020-11752 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit 9e7d11f3e275d6f5d6b3edd7f0fa0440da43c45a)
* relayd: bump to version 2020-04-20Kevin Darbyshire-Bryant2020-05-041-3/+3
| | | | | | | | | 796da66 dhcp.c: improve input validation & length checks Addresses CVE-2020-11752 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit be172e663f318ec364c13f795df025bbcce9ac18)
* umdns: update to version 2020-04-25Kevin Darbyshire-Bryant2020-05-041-3/+3
| | | | | | | | | | | | cdac046 dns.c: fix input validation fix Due to a slight foobar typo, failing to de-reference a pointer, previous fix not quite as complete as it should have been. Improve CVE-2020-11750 fix Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit 9f7c8ed0786be97eda879e5f6681994e4de53d74)
* umdns: update to version 2020-04-20Kevin Darbyshire-Bryant2020-05-041-4/+4
| | | | | | | | | e74a3f9 dns.c: improve input validation Addresses CVE-2020-11750 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit 533da61ac63079f218a9946cd8e347b880c33dc0)
* umdns: update to the version 2020-04-05Kevin Darbyshire-Bryant2020-05-041-4/+4
| | | | | | | | ab7a39a umdns: fix unused error 45c4953 dns: explicitly endian-convert all fields in header and question Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit 22ae8bd50ef6d056b25a96ce6c77de0b0d53c1a1)
* umdns: suppress address-of-packed-member warningKevin Darbyshire-Bryant2020-05-041-2/+2
| | | | | | | | | | | | | | | | | | gcc 8 & 9 appear to be more picky with regards access alignment to packed structures, leading to this warning in dns.c: dns.c:261:2: error: converting a packed ‘struct dns_question’ pointer (alignment 1) to a ‘uint16_t’ {aka ‘short unsigned int’} pointer (alignment 2) may result in an unaligned pointer value [-Werror=address-of-packed-member] 261 | uint16_t *swap = (uint16_t *) q; Work around what I think is a false positive by turning the warning off. Not ideal, but not quite as not ideal as build failure. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit 02640f014719a994e2e538b2cb6376a189cd39de)
* ppp: backport security fixesPetr Štetiar2020-02-264-1/+129
| | | | | | | | | | | 8d45443bb5c9 pppd: Ignore received EAP messages when not doing EAP 8d7970b8f3db pppd: Fix bounds check in EAP code 858976b1fc31 radius: Prevent buffer overflow in rc_mksid() Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 215598fd03899c19a9cd26266221269dd5ec8cee) Fixes: CVE-2020-8597 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* Revert "ppp: backport security fixes"Jo-Philipp Wich2020-02-264-129/+1
| | | | | | | | This reverts commit cc78f934a9466a0ef404bb169cc42680c7501d02 since it didn't contain a reference to the CVE it addresses. The next commit will re-add the commit including a CVE reference in its commit message. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uhttpd: update to latest Git HEADJo-Philipp Wich2020-02-261-3/+3
| | | | | | | 2ee323c file: poke ustream after starting deferred program Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 04069fde19e86af7728111814afadf780bf08018)
* ppp: backport security fixesPetr Štetiar2020-02-204-1/+129
| | | | | | | | | 8d45443bb5c9 pppd: Ignore received EAP messages when not doing EAP 8d7970b8f3db pppd: Fix bounds check in EAP code 858976b1fc31 radius: Prevent buffer overflow in rc_mksid() Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 215598fd03899c19a9cd26266221269dd5ec8cee)
* hostapd: remove erroneous $(space) redefinitionJo-Philipp Wich2020-02-081-3/+0
| | | | | | | | | | | | | | | | | The $(space) definition in the hostapd Makefile ceased to work with GNU Make 4.3 and later, leading to syntax errors in the generated Kconfig files. Drop the superfluous redefinition and reuse the working $(space) declaration from rules.mk to fix this issue. Fixes: GH#2713 Ref: https://github.com/openwrt/openwrt/pull/2713#issuecomment-583722469 Reported-by: Karel Kočí <cynerd@email.cz> Suggested-by: Jonas Gorski <jonas.gorski@gmail.com> Tested-by: Shaleen Jain <shaleen@jain.sh> Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from commit 766e778226f5d4c6ec49ce22b101a5dbd4306644)
* uhttpd: update to latest Git HEADJo-Philipp Wich2019-12-221-4/+4
| | | | | | | | | 5f9ae57 client: fix invalid data access through invalid content-length values 6b03f96 ubus: increase maximum ubus request size to 64KB 91fcac3 uhttpd: Fix multiple format string problems Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from commit f34f9a414dd32311bda950776eb77e63c0c772cb)
* hostapd: Fix AP mode PMF disconnection protection bypassHauke Mehrtens2019-09-214-6/+72
| | | | | | | | | This fixes * CVE-2019-16275 AP mode PMF disconnection protection bypass https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit a6981604b30bc1ddc1713b368fe853d89c2ba40d)
* hostapd: SAE/EAP-pwd side-channel attack updateHauke Mehrtens2019-09-219-1/+397
| | | | | | | | | Fixes this security problem: * SAE/EAP-pwd side-channel attack update https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 7bed9bf10fc8d05df34c7efc66e8b4ade37a1a0c)
* omcproxy: fix compilation on little-endian CPUsEneas U de Queiroz2019-07-232-1/+36
| | | | | | | | | | | | | | | | | Don't use cpu_to_be32 outside of a function. In file included from /omcproxy-2017-02-14-1fe6f48f/src/omcproxy.h:51:0, from omcproxy-2017-02-14-1fe6f48f/src/mrib.c:39: omcproxy-2017-02-14-1fe6f48f/src/mrib.c:57:34: error: braced-group within expression allowed only inside a function static uint32_t ipv4_rtr_alert = cpu_to_be32(0x94040000); ^ cc1: warning: unrecognized command line option '-Wno-gnu' Ref: https://downloads.openwrt.org/releases/faillogs-18.06/arm_cortex-a9_vfpv3/base/omcproxy/compile.txt Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> [more verbose commit message] Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit cb4d00d1841ef6269114f2bd3880800dbdfba3b1)
* wireguard: bump to 0.0.20190601Jason A. Donenfeld2019-07-011-2/+2
| | | | | | | | | | | | | | | There was an issue with the backport compat layer in yesterday's snapshot, causing issues on certain (mostly Atom) Intel chips on kernels older than 4.2, due to the use of xgetbv without checking cpu flags for xsave support. This manifested itself simply at module load time. Indeed it's somewhat tricky to support 33 different kernel versions (3.10+), plus weird distro frankenkernels. If OpenWRT doesn't support < 4.2, you probably don't need to apply this. But it also can't hurt, and probably best to stay updated. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> (cherry picked from commit 593b487538079f2a22300f3f22ffb21b20da36a0)
* hostapd: fix multiple security problemsHauke Mehrtens2019-06-2119-1/+2352
| | | | | | | | | | | | | | | | This fixes the following security problems: * CVE-2019-9494: cache attack against SAE * CVE-2019-9495: cache attack against EAP-pwd * CVE-2019-9496: SAE confirm missing state validation in hostapd/AP * CVE-2019-9497: EAP-pwd server not checking for reflection attack) * CVE-2019-9498: EAP-pwd server missing commit validation for scalar/element * CVE-2019-9499: EAP-pwd peer missing commit validation for scalar/element * CVE-2019-11555: EAP-pwd message reassembly issue with unexpected fragment Most of these problems are not relevant for normal users, SAE is only used in ieee80211s mesh mode and EAP-pwd is normally not activated. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* Revert "uhttpd: disable concurrent requests by default"Jo-Philipp Wich2019-04-242-2/+2
| | | | | | | | | | | This reverts commit c6aa9ff38870a30dbe6da17e4edad6039fe10ddf. Further testing has revealed that we will need to allow concurrent requests after all, especially for situations where CGI processes initiate further HTTP requests to the local host. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit f00a4ae6e0b1f7b3d84e11e8dc4dd562088584e0)
* dnsmasq: prefer localuse over resolvfile guessworkYousong Zhou2019-02-242-5/+5
| | | | | | | | | | | | | This makes it clear that localuse when explicitly specified in the config will have its final say on whether or not the initscript should touch /etc/resolv.conf, no matter whatever the result of previous guesswork would be (cherry picked from c17a68cc61a0f8a28e19c7f60b24beaf1a1a402d) Tested-by: Paul Oranje <por@oranjevos.nl> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> Acked-by: Hans Dedecker <dedeckeh@gmail.com> Acked-by: Paul Oranje <por@oranjevos.nl>
* dnsmasq: allow using dnsmasq as the sole resolverYousong Zhou2019-02-242-16/+16
| | | | | | | | | | | | | | | | | | | | | | | Currently it seems impossible to configure /etc/config/dhcp to achieve the following use case - run dnsmasq with no-resolv - re-generate /etc/resolv.conf with "nameserver 127.0.0.1" Before this change, we have to set resolvfile to /tmp/resolv.conf.auto to achive the 2nd effect above, but setting resolvfile requires noresolv being false. A new boolean option "localuse" is added to indicate that we intend to use dnsmasq as the local dns resolver. It's false by default and to align with old behaviour it will be true automatically if resolvfile is set to /tmp/resolv.conf.auto (cherry picked from 2aea1ada65f050d74a064e74466bbe4e8d) Tested-by: Paul Oranje <por@oranjevos.nl> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> Acked-by: Hans Dedecker <dedeckeh@gmail.com> Acked-by: Paul Oranje <por@oranjevos.nl>
* dnsmasq: backport missing braces fixJo-Philipp Wich2019-01-302-3/+6
| | | | | | | | Fold upstream fix d2d4990 ("Fix missing braces in 8eac67c0a15b673c8d27002c248651b308093e4") into the already existing static lease fix patch. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dnsmasq: backport upstream static lease fixJo-Philipp Wich2019-01-302-1/+55
| | | | | | | Backport and rebase upstream fix 18eac67 ("Fix entries in /etc/hosts disabling static leases.") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* wireguard: bump to 0.0.20190123Jason A. Donenfeld2019-01-301-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * tools: curve25519: handle unaligned loads/stores safely This should fix sporadic crashes with `wg pubkey` on certain architectures. * netlink: auth socket changes against namespace of socket In WireGuard, the underlying UDP socket lives in the namespace where the interface was created and doesn't move if the interface is moved. This allows one to create the interface in some privileged place that has Internet access, and then move it into a container namespace that only has the WireGuard interface for egress. Consider the following situation: 1. Interface created in namespace A. Socket therefore lives in namespace A. 2. Interface moved to namespace B. Socket remains in namespace A. 3. Namespace B now has access to the interface and changes the listen port and/or fwmark of socket. Change is reflected in namespace A. This behavior is arguably _fine_ and perhaps even expected or acceptable. But there's also an argument to be made that B should have A's cred to do so. So, this patch adds a simple ns_capable check. * ratelimiter: build tests with !IPV6 Should reenable building in debug mode for systems without IPv6. * noise: replace getnstimeofday64 with ktime_get_real_ts64 * ratelimiter: totalram_pages is now a function * qemu: enable FP on MIPS Linux 5.0 support. * keygen-html: bring back pure javascript implementation Benoît Viguier has proofs that values will stay well within 2^53. We also have an improved carry function that's much simpler. Probably more constant time than emscripten's 64-bit integers. * contrib: introduce simple highlighter library This is the highlighter library being used in: - https://twitter.com/EdgeSecurity/status/1085294681003454465 - https://twitter.com/EdgeSecurity/status/1081953278248796165 It's included here as a contrib example, so that others can paste it into their own GUI clients for having the same strictly validating highlighting. * netlink: use __kernel_timespec for handshake time This readies us for Y2038. See https://lwn.net/Articles/776435/ for more info. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> (cherry picked from commit bbcd0634f8c9769a336386f8df471231d24a27cc)
* wireguard: Update to snapshot 0.0.20181218Daniel Engberg2019-01-301-2/+2
| | | | | | | Update WireGuard to 0.0.20181218 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> (cherry picked from commit 9a37c95431b5401c309b7731920daa964842bdee)
* uhttpd: disable concurrent requests by defaultJo-Philipp Wich2019-01-302-2/+2
| | | | | | | | | In order to avoid straining CPU and memory resources on lower end devices, avoid running multiple CGI requests in parallel. Ref: https://forum.openwrt.org/t/high-load-fix-on-openwrt-luci/29006 Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit c6aa9ff38870a30dbe6da17e4edad6039fe10ddf)
* odhcpd: fix onlink IA check (FS#2060)Hans Dedecker2019-01-161-4/+4
| | | | | | | ae16950 dhcpv6-ia: fix compiler warning c70d5cf dhcpv6-ia: fix onlink IA check (FS#2060) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: noop to fix PKG_SOURCE_DATEHans Dedecker2019-01-051-1/+1
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: filter routes based on prefix_filterHans Dedecker2019-01-041-4/+4
| | | | | | 96694ab router: filter route information option Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: backport prefix filter/NETEV_ADDR6LIST_CHANGE event fixesHans Dedecker2018-12-311-4/+4
| | | | | | | | d404c7e netlink: fix triggering of NETEV_ADDR6LIST_CHANGE event ae6cf80 config: correctly break string for prefix filter Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 493c1d17663dbfdaf23304994e71280400493fc2)
* dropbear: fix dropbear startup issueHans Dedecker2018-12-212-2/+10
| | | | | | | | | | | | | | | Interface triggers are installed by the dropbear init script in case an interface is configured for a given dropbear uci section. As dropbear is started after network the interface trigger event can be missed during a small window; this is especially the case if lan is specified as interface. Fix this by starting dropbear before network so no interface trigger is missed. As dropbear is started earlier than netifd add a boot function to avoid the usage of network.sh functions as call to such functions will fail at boottime. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> Acked-by: Jo-Philipp Wich <jo@mein.io>
* wireguard: bump to 0.0.20181119Jason A. Donenfeld2018-12-181-2/+2
| | | | | | | | | | | | | | | | | | | | * chacha20,poly1305: fix up for win64 * poly1305: only export neon symbols when in use * poly1305: cleanup leftover debugging changes * crypto: resolve target prefix on buggy kernels * chacha20,poly1305: don't do compiler testing in generator and remove xor helper * crypto: better path resolution and more specific generated .S * poly1305: make frame pointers for auxiliary calls * chacha20,poly1305: do not use xlate This should fix up the various build errors, warnings, and insertion errors introduced by the previous snapshot, where we added some significant refactoring. In short, we're trying to port to using Andy Polyakov's original perlasm files, and this means quite a lot of work to re-do that had stableized in our old .S. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> (backported from 48d8d46d331cd866ad5717cc5b090223a1856a4a)
* wireguard: bump to 0.0.20181115Jason A. Donenfeld2018-12-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Zinc no longer ships generated assembly code. Rather, we now bundle in the original perlasm generator for it. The primary purpose of this snapshot is to get testing of this. * Clarify the peer removal logic and make lifetimes more precise. * Use READ_ONCE for is_valid and is_dead. * No need to use atomic when the recounter is mutex protected. * Fix up macros and annotations in allowedips. * Increment drop counter when staged packets are dropped. * Use static constants instead of enums for 64-bit values in selftest. * Mark large constants as ULL in poly1305-donna64. * Fix sparse warnings in allowedips debugging code. * Do not use wg_peer_get_maybe_zero in timer callbacks, since we now can carefully control the lifetime of these functions and ensure they never execute after dropping the last reference. * Cleanup hashing in ratelimiter. * Do not guard timer removals, since del_timer is always okay. * We now check for PM_AUTOSLEEP, which makes the clear*on-suspend decision a bit more general. * Set csum_level to ~0, since the poly1305 authenticator certainly means that no data was modified in transit. * Use CHECKSUM_PARTIAL check for skb_checksum_help instead of skb_checksum_setup check. * wg.8: specify that wg(8) shows runtime info too * wg.8: AllowedIPs isn't actually required * keygen-html: add missing glue macro * wg-quick: android: do not choke on empty allowed-ips Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> (backported from bf52c968e863768494e79731550c62610dd3cf78)
* wireguard: bump to 0.0.20181018Jason A. Donenfeld2018-12-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | ba2ab5d version: bump snapshot 5f59c76 tools: wg-quick: wait for interface to disappear on freebsd ac7e7a3 tools: don't fail if a netlink interface dump is inconsistent 8432585 main: get rid of unloaded debug message 139e57c tools: compile on gnu99 d65817c tools: use libc's endianness macro if no compiler macro f985de2 global: give if statements brackets and other cleanups b3a5d8a main: change module description 296d505 device: use textual error labels always 8bde328 allowedips: swap endianness early on a650d49 timers: avoid using control statements in macro db4dd93 allowedips: remove control statement from macro by rewriting 780a597 global: more nits 06b1236 global: rename struct wireguard_ to struct wg_ 205dd46 netlink: do not stuff index into nla type 2c6b57b qemu: kill after 20 minutes 6f2953d compat: look in Kbuild and Makefile since they differ based on arch a93d7e4 create-patch: blacklist instead of whitelist 8d53657 global: prefix functions used in callbacks with wg_ 123f85c compat: don't output for grep errors Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> (backported from 4653818dabe6d2f6e99b483ec256e4374dbb2c77)
* wireguard: bump to 0.0.20181007Kevin Darbyshire-Bryant2018-12-181-2/+2
| | | | | | | | | | | | | | | | 64750c1 version: bump snapshot f11a2b8 global: style nits 4b34b6a crypto: clean up remaining .h->.c 06d9fc8 allowedips: document additional nobs c32b5f9 makefile: do more generic wildcard so as to avoid rename issues 20f48d8 crypto: use BIT(i) & bitmap instead of (bitmap >> i) & 1 b6e09f6 crypto: disable broken implementations in selftests fd50f77 compat: clang cannot handle __builtin_constant_p bddaca7 compat: make asm/simd.h conditional on its existence b4ba33e compat: account for ancient ARM assembler Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (backported from 3925298f3ca9bcd854571367d98bb6ca07f4e66e)
* wireguard: bump to 0.0.20181006Jason A. Donenfeld2018-12-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Account for big-endian 2^26 conversion in Poly1305. * Account for big-endian NEON in Curve25519. * Fix macros in big-endian AArch64 code so that this will actually run there at all. * Prefer if (IS_ENABLED(...)) over ifdef mazes when possible. * Call simd_relax() within any preempt-disabling glue code every once in a while so as not to increase latency if folks pass in super long buffers. * Prefer compiler-defined architecture macros in assembly code, which puts us in closer alignment with upstream CRYPTOGAMS code, and is cleaner. * Non-static symbols are prefixed with wg_ to avoid polluting the global namespace. * Return a bool from simd_relax() indicating whether or not we were rescheduled. * Reflect the proper simd conditions on arm. * Do not reorder lines in Kbuild files for the simd asm-generic addition, since we don't want to cause merge conflicts. * WARN() if the selftests fail in Zinc, since if this is an initcall, it won't block module loading, so we want to be loud. * Document some interdependencies beside include statements. * Add missing static statement to fpu init functions. * Use union in chacha to access state words as a flat matrix, instead of casting a struct to a u8 and hoping all goes well. Then, by passing around that array as a struct for as long as possible, we can update counter[0] instead of state[12] in the generic blocks, which makes it clearer what's happening. * Remove __aligned(32) for chacha20_ctx since we no longer use vmovdqa on x86, and the other implementations do not require that kind of alignment either. * Submit patch to ARM tree for adjusting RiscPC's cflags to be -march=armv3 so that we can build code that uses umull. * Allow CONFIG_ARM[64] to imply [!]CONFIG_64BIT, and use zinc arch config variables consistently throughout. * Document rationale for the 2^26->2^64/32 conversion in code comments. * Convert all of remaining BUG_ON to WARN_ON. * Replace `bxeq lr` with `reteq lr` in ARM assembler to be compatible with old ISAs via the macro in <asm/assembler.h>. * Do not allow WireGuard to be a built-in if IPv6 is a module. * Writeback the base register and reorder multiplications in the NEON x25519 implementation. * Try all combinations of different implementations in selftests, so that potential bugs are more immediately unearthed. * Self tests and SIMD glue code work with #include, which lets the compiler optimize these. Previously these files were .h, because they were included, but a simple grep of the kernel tree shows 259 other files that carry out this same pattern. Only they prefer to instead name the files with a .c instead of a .h, so we now follow the convention. * Support many more platforms in QEMU, especially big endian ones. * Kernels < 3.17 don't have read_cpuid_part, so fix building there. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> (backported from b6658564505e1f9a582ac63bd06cdf4b423818be)
* odhcpd: update to latest git HEAD (FS#1853)Hans Dedecker2018-12-181-4/+4
| | | | | | | | | 57f639e (HEAD -> master, origin/master, origin/HEAD) odhcpd: make DHCPv6/RA/NDP support optional 402c274 dhcpv6: check return code of dhcpv6_ia_init() ee7472a router: don't leak RA message in relay mode (FS#1853) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (backported from af78e90d4cdb3c944d9c4f3d4d4648dd67886c4d)
* odhcpd-ipv6only: fix dependency for IPV6Rosy Song2018-12-181-1/+2
| | | | | Signed-off-by: Rosy Song <rosysong@rosinson.com> (backported from 456df06071f54d3c799725227d1ac77afbe61891)
* hostapd: expose device taxonomy signature via ubusFelix Fietkau2018-12-181-0/+6
| | | | | Signed-off-by: Felix Fietkau <nbd@nbd.name> (backported from 7d8681ccb99730ca0b35a5c341b468a86cadbf35)
* hostapd: add support for client taxonomy in the full configFelix Fietkau2018-12-182-5/+29
| | | | | | | | This can be used to fingerprint clients to try to identify the exact model Signed-off-by: Felix Fietkau <nbd@nbd.name> (backported from 23c1827e341fce302ba2841ecabeeb3f95e21d68)
* hostapd: fix MAC filter related log spamJo-Philipp Wich2018-12-184-11/+78
| | | | | | | | | Backport two upstream fixes to address overly verbose logging of MAC ACL rejection messages. Fixes: FS#1468 Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from 3e633bb3709611d79965fab667e3239fd3bde151)
* wireguard: bump to 0.0.20180925Kevin Darbyshire-Bryant2018-12-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 33523a5 version: bump snapshot 0759480 curve25519-hacl64: reduce stack usage under KASAN b9ab0fc chacha20: add bounds checking to selftests 2e99d19 chacha20-mips32r2: reduce stack and branches in loop, refactor jumptable handling d6ac367 qemu: bump musl 28d8b7e crypto: make constant naming scheme consistent 56c4ea9 hchacha20: keep in native endian in words 0c3c0bc chacha20-arm: remove unused preambles 3dcd246 chacha20-arm: updated scalar code from Andy 6b9d5ca poly1305-mips64: remove useless preprocessor error 3ff3990 crypto-arm: rework KERNEL_MODE_NEON handling again dd2f91e crypto: flatten out makefile 67a3cfb curve25519-fiat32: work around m68k compiler stack frame bug 9aa2943 allowedips: work around kasan stack frame bug in selftest 317b318 chacha20-arm: use new scalar implementation b715e3b crypto-arm: rework KERNEL_MODE_NEON handling 77b07d9 global: reduce stack frame size ddc2bd6 chacha20: add chunked selftest and test sliding alignments and hchacha20 2eead02 chacha20-mips32r2: reduce jumptable entry size and stack usage a0ac620 chacha20-mips32r2: use simpler calling convention 09247c0 chacha20-arm: go with Ard's version to optimize for Cortex-A7 a329e0a chacha20-mips32r2: remove reorder directives 3b22533 chacha20-mips32r2: fix typo to allow reorder again d4ac6bb poly1305-mips32r2: remove all reorder directives 197a30c global: put SPDX identifier on its own line 305806d ratelimiter: disable selftest with KASAN 4e06236 crypto: do not waste space on selftest items 5e0fd08 netlink: reverse my christmas trees a61ea8b crypto: explicitly dual license b161aff poly1305: account for simd being toggled off midway 470a0c5 allowedips: change from BUG_ON to WARN_ON aa9e090 chacha20: prefer crypto_xor_cpy to avoid memmove 1b0adf5 poly1305: no need to trick gcc 8.1 a849803 blake2s: simplify final function 073f3d1 poly1305: better module description Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (backported from 37961f12baa756caf5d735fdafff46205d21a93d)
* wireguard: bump to 0.0.20180918Jason A. Donenfeld2018-12-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * blake2s-x86_64: fix whitespace errors * crypto: do not use compound literals in selftests * crypto: make sure UML is properly disabled * kconfig: make NEON depend on CPU_V7 * poly1305: rename finish to final * chacha20: add constant for words in block * curve25519-x86_64: remove useless define * poly1305: precompute 5*r in init instead of blocks * chacha20-arm: swap scalar and neon functions * simd: add __must_check annotation * poly1305: do not require simd context for arch * chacha20-x86_64: cascade down implementations * crypto: pass simd by reference * chacha20-x86_64: don't activate simd for small blocks * poly1305-x86_64: don't activate simd for small blocks * crypto: do not use -include trick * crypto: turn Zinc into individual modules * chacha20poly1305: relax simd between sg chunks * chacha20-x86_64: more limited cascade * crypto: allow for disabling simd in zinc modules * poly1305-x86_64: show full struct for state * chacha20-x86_64: use correct cut off for avx512-vl * curve25519-arm: only compile if symbols will be used * chacha20poly1305: add __init to selftest helper functions * chacha20: add independent self test Tons of improvements all around the board to our cryptography library, including some performance boosts with how we handle SIMD for small packets. * send/receive: reduce number of sg entries This quells a powerpc stack usage warning. * global: remove non-essential inline annotations We now allow the compiler to determine whether or not to inline certain functions, while still manually choosing so for a few performance-critical sections. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> (backported from f07a94da50b8a31928cb34c19695747e0df74beb)
* wireguard: bump to 0.0.20180910Jason A. Donenfeld2018-12-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | * curve25519: arm: do not modify sp directly * compat: support neon.h on old kernels * compat: arch-namespace certain includes * compat: move simd.h from crypto to compat since it's going upstream This fixes a decent amount of compat breakage and thumb2-mode breakage introduced by our move to Zinc. * crypto: use CRYPTOGAMS license Rather than using code from OpenSSL, use code directly from AndyP. * poly1305: rewrite self tests from scratch * poly1305: switch to donna This makes our C Poly1305 implementation a bit more intensely tested and also faster, especially on 64-bit systems. It also sets the stage for moving to a HACL* implementation when that's ready. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> (backported from a54f492d0cf1f9bff1dd449961441e789c724995)
* wireguard: bump to 0.0.20180904Jason A. Donenfeld2018-12-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Kconfig: use new-style help marker * global: run through clang-format * uapi: reformat * global: satisfy check_patch.pl errors * global: prefer sizeof(*pointer) when possible * global: always find OOM unlikely Tons of style cleanups. * crypto: use unaligned helpers We now avoid unaligned accesses for generic users of the crypto API. * crypto: import zinc More style cleanups and a rearrangement of the crypto routines to fit how this is going to work upstream. This required some fairly big changes to our build system, so there may be some build errors we'll have to address in subsequent snapshots. * compat: rng_is_initialized made it into 4.19 We therefore don't need it in the compat layer anymore. * curve25519-hacl64: use formally verified C for comparisons The previous code had been proved in Z3, but this new code from upstream KreMLin is directly generated from the F*, which is preferable. The assembly generated is identical. * curve25519-x86_64: let the compiler decide when/how to load constants Small performance boost. * curve25519-arm: reformat * curve25519-arm: cleanups from lkml * curve25519-arm: add spaces after commas * curve25519-arm: use ordinary prolog and epilogue * curve25519-arm: do not waste 32 bytes of stack * curve25519-arm: prefix immediates with # This incorporates ASM nits from upstream review. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> (backported from 4ccbe7de6cb20766fd309bc3824c7591e33b0b96)
* wireguard: bump to 0.0.20180809Jason A. Donenfeld2018-12-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * send: switch handshake stamp to an atomic Rather than abusing the handshake lock, we're much better off just using a boring atomic64 for this. It's simpler and performs better. Also, while we're at it, we set the handshake stamp both before and after the calculations, in case the calculations block for a really long time waiting for the RNG to initialize. * compat: better atomic acquire/release backport This should fix compilation and correctness on several platforms. * crypto: move simd context to specific type This was a suggestion from Andy Lutomirski on LKML. * chacha20poly1305: selftest: use arrays for test vectors We no longer have lines so long that they're rejected by SMTP servers. * qemu: add easy git harness This makes it a bit easier to use our qemu harness for testing our mainline integration tree. * curve25519-x86_64: avoid use of r12 This causes problems with RAP and KERNEXEC for PaX, as r12 is a reserved register. * chacha20: use memmove in case buffers overlap A small correctness fix that we never actually hit in WireGuard but is important especially for moving this into a general purpose library. * curve25519-hacl64: simplify u64_eq_mask * curve25519-hacl64: correct u64_gte_mask Two bitmath fixes from Samuel, which come complete with a z3 script proving their correctness. * timers: include header in right file This fixes compilation in some environments. * netlink: don't start over iteration on multipart non-first allowedips Matt Layher found a bug where a netlink dump of peers would never terminate in some circumstances, causing wg(8) to keep trying forever. We now have a fix as well as a unit test to mitigate this, and we'll be looking to create a fuzzer out of Matt's nice library. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> (backported from 42dc0e25947a77b02ea18fa0e5fa04382250d5db)
* wireguard: bump to 0.0.20180802Jason A. Donenfeld2018-12-181-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog taken from the version announcement > == Changes == > > * chacha20poly1305: selftest: split up test vector constants > > The test vectors are encoded as long strings -- really long strings -- and > apparently RFC821 doesn't like lines longer than 998. > https://cr.yp.to/smtp/message.html > > * queueing: keep reference to peer after setting atomic state bit > > This fixes a regression introduced when preparing the LKML submission. > > * allowedips: prevent double read in kref > * allowedips: avoid window of disappeared peer > * hashtables: document immediate zeroing semantics > * peer: ensure resources are freed when creation fails > * queueing: document double-adding and reference conditions > * queueing: ensure strictly ordered loads and stores > * cookie: returned keypair might disappear if rcu lock not held > * noise: free peer references on failure > * peer: ensure destruction doesn't race > > Various fixes, as well as lots of code comment documentation, for a > small variety of the less obvious aspects of object lifecycles, > focused on correctness. > > * allowedips: free root inside of RCU callback > * allowedips: use different macro names so as to avoid confusion > > These incorporate two suggestions from LKML. > > This snapshot contains commits from: Jason A. Donenfeld and Jann Horn. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> (backported from 68e2ebe64a0f27eb25c0e56ef1125ce1318e2279)
* lldpd: inhibit linking of libbsd on !GLIBCJo-Philipp Wich2018-12-181-0/+4
| | | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from 4f277eb6402684ca79c9834e8eb30c0e93368e8b)