wg: no need to put this on the stack

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: remove undocumented unused syntax

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

contrib: keygen-html for generating keys in the browser

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: fix removing preshared keys

Also clean up related logic quite a bit and add unit tests.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

global: switch from timeval to timespec

This gets us nanoseconds instead of microseconds, which is better, and
we can do this pretty much without freaking out existing userspace,
which doesn't actually make use of the nano/micro seconds field:

zx2c4@thinkpad ~ $ cat a.c
void main()
{
        puts(sizeof(struct timeval) == sizeof(struct timespec) ? "success" : "failure");
}
zx2c4@thinkpad ~ $ gcc a.c -m64 && ./a.out
success
zx2c4@thinkpad ~ $ gcc a.c -m32 && ./a.out
success

This doesn't solve y2038 problem, but timespec64 isn't yet a thing in
userspace.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: tighten up strtoul parsing

Reported-by: Cedric Buxin <cedric.buxin@izri.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: document localhost exception and v6 rule

Reported-by: Hermann Lienstromberg <nurtic-vibe@grmml.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: allow for NULL keys everywhere

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: remove ioctl cruft

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: allow for tabs in keys

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: stat the correct enclosing folder of config file

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: save all hooks on save

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: fsync the temporary file before renaming

This ensures that on an unclean shutdown, we either see the old content
or the new content, but not empty content.

Suggested-by: Ka Ho Ng <ngkaho1234@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: allow for saving existing interface

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

contrib: add reresolve-dns

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: correct type for CTRL_ATTR_FAMILY_ID

Suggested-by: Jörg Thalheim <joerg@thalheim.io>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: allow for the hatchet, but not by default

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: remember to rewind DNS settings on failure

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: allow specifiying multiple hooks

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

global: style nits

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

global: infuriating kernel iterator style

One types:

   for (i = 0 ...

So one should also type:

  for_each_obj (obj ...

But the upstream kernel style guidelines are insane, and so we must
instead do:

  for_each_obj(obj ...

Ugly, but one must choose his battles wisely.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: account for padding being in zero attribute

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: newline after warning

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: style

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: add pass example to wg-quick man page

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: don't insist on having a private key

This lets us do flexible things from wg-quick such as:

PostUp = wg set %i private-key <(pass WireGuard/private-keys/%i)

It also was never a very sensible policy to enforce.

Suggested-by: Luis Ressel <aranea@aixah.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: retry resolution except when fatal

The reference to this is <https://sourceware.org/glibc/wiki/NameResolver>,
which mentions:

"From the perspective of the application that calls getaddrinfo() it
perhaps doesn't matter that much since EAI_FAIL, EAI_NONAME and
EAI_NODATA are all permanent failure codes and the causes are all
permanent failures in the sense that there is no point in retrying
later."

This should cover more early-boot situations.

While we're at it, we clean up the logic a bit so that we don't have a
retry message on the final non-retrying attempt. We also peer into errno
when receiving EAI_SYSTEM, to report to the user what actually happened.

Also, fix the quoting back tick front tick mess.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: encoding: be more paranoid

Needless, but overkill can be fun.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Makefile: even prettier output

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: man: include kill-switch documentation using fwmark

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: store tail pointer to make coalescing peers fast

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: warn once on unrecognized items

DaveM suggests we do in fact do this. Others on the same thread weren't
happy about the length of the proposed message, so we also give a bit of
a less dramatic warning.

This reverts commit a2cc976a3b572cf308cc2d97c080eacac60416fe.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: try again if dump is interrupted

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Makefile: clang now builds the kernel, so use scan-build

Also add little stub for coccinelle and clean up semicolon issue it
found.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Makefile: add non-verbose mode to tools

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

global: satisfy bitshift pedantry

Suggested-by: Sultan Alsawaf <sultanxda@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

contrib: remove worthless build artifact

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: compile on non-Linux

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: simmer down silly compilers

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: do not warn on unrecognized items

Upstream advice is to simply be silent.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: check permissions of parent directory

Also prefix octal 0, in case these files are actually of modes that
don't start with 0 by accident (such as SUID or sticky bit).

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: verify wireguard interface in more clever way

This helps with old Debian which has ancient iproute2, as well as paving
the path toward this script supporting userspace implementations.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: anchor sysctl regex to start and end

This doesn't actually fix a real problem, but it is more correct than
not having it.

Suggested-by: Aaron Sigel <aaron@vtty.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

netlink: switch from ioctl to netlink for configuration

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: uapi: only make sure socket file is socket

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: use key_is_zero for comparing to zeros

Maybe an attacker on the system could use the infoleak in /proc to gauge
how long a wg(8) process takes to complete and determine the number of
leading zeros. This is somewhat ridiculous, but it's possible somebody
somewhere might at somepoint care in the future, so alright.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

contrib: add sticky sockets example code

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: only bash complete existing interfaces for down

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: fix removal of psk

This is an attribute of the peer, not the device.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: stricter userspace ipc parsing

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

contrib: move Android tools to wireguard-android repo

https: //git.zx2c4.com/wireguard-android/
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

android: fix readme

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: add explicit support for common DNS usage

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: do not use grep

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: do not set explicit src route for v6 default route

This was only required because clueless network operators were trying to
route fec0::/10 globally, when that range doesn't actually have global
scope. Now that we understand the cause was operator error, we revert
the change here, so that the routing table is kept consistent.

This reverts commit 64e47de870a2f0575b5564a70e5680b48ab83ff9.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

android: add port of wg-quick

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: usage typos

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

global: wireguard.io --> wireguard.com

Due to concerns with the .io TLD, we are switching to using
wireguard.com instead.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

gitignore: ignore split DWARF debug info

Signed-off-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: remove double include in ipc

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: use printf -v instead of namerefs for bash 4.2

I'm not happy about this.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: properly match IPv6 endpoint

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

haskell: re-add updated haskell example

Code-from: John Galt <jgalt@centromere.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: use proper __linux__ ifdef

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: match ipv6 default route more broadly

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: make sure we have empty table for both v6 and v4

Otherwise, we wind up not doing the right thing in the v6-only case, or
doing something totally borked when v4 and v6 are filled unevenly.

Reported-by: Roelf Wichertjes <contact@roelf.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

external-tests: trim the fat

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

go test: use x/crypto for blake2s now that we have 128-bit mac

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

go test: correct tai64n and formatting

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

external-tests: add keepalive packet

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

go test: properly pad message

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: allow creating device with no peers

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

rust test: add icmp ping

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

rust test: convert screech test to snow

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

man: update wg-quick(8) to show Debian resolvconf braindamage

While OpenResolv supports explicit ordering directives such as `-m` and
exclusivity directives such as `-x`, Debian's own resolvconf supports
none of this, instead using a hard coded list of interface name
templates for determining ordering. While trying to emulate `-x` is
difficult [*], we can at least try to mostly emulate `-m 0` by
masquerading as a `tun*` interface to resolvconf. Ugly, but it works.

[*] One heavy handed way of emulating `-x` would be something like:

   # echo nameserver 8.8.8.8 > /etc/resolv.conf.wg0-exclusive
   # mount --bind -o ro /etc/resolv.conf.wg0-exclusive /etc/resolv.conf
   # rm -f /etc/resolv.conf.wg0-exclusive

This in practice works quite well, but is a bit heavy to put in a man
page. It also doesn't "stack" well. For example, if we simply run
`umount /etc/resolv.conf`, how do we know which resolv.conf entry we're
unmounting?

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: use src routing for default routes in v6

Otherwise, traffic is sent with the IP address of a different interface,
and then packets don't actually get delivered.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

man: fix psk mention in wg-quick man page

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: opt-in globally to GNU-isms to keep the BSDs happy

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: support text-based ipc

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: check for proto error on set too

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: stricter key file reading

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

noise: redesign preshared key mode

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: auto MTU discovery

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: retry name resolution on temporary failure

This should solve many problems at init time.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: no hyphen in preshared, to keep uniformity

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: argc is always 1

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: check for malloc failure

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: side channel resistant base64

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: do not use addrconfig with port in gai

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

uapi: add version magic

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: various cleanups

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: document # comments in wg(8) man page

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: support old ip(8)

Old versions of ip(8) do not accept arguments to `ip rule show.` This
patch works around that limitation.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

contrib: add wg-json utility

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: fix bash completion spaces

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: add wg show [interface] dump

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: give "off" value for fwmark

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: allow config files without trailing newline

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

extract-keys: respect compat directives

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: unquote fwmark for bash 4.3

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>