wg-quick: linux: filter bogus injected packets and don't disable rpfilter

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: linux: only touch net.ipv4 for v4

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: android: check for null in binder cleanup functions

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: android: use Binder for setting DNS on Android 10

Signed-off-by: Nicolas Douma <nicolas@serveur.io>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: windows: enforce named pipe ownership and use protected prefix

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: linux: don't fail down when using systemd-resolved

systemd-resolved has a compatibility interface for use with resolvconf
scripts when resolvectl is called from a symlink from resolvconf.
However, when tearing down the interface, cmd_down calls del_if and then
unset_dns. In the case of systemd-resolved, deleting the interface also
removes the systemd-resolved entry and causes resolvconf -d to fail when
resolvconf really is a symlink to resolvectl. This causes `wg-quick
down` and 'wg-quick@.service' to exit with failure.

Instead we use the resolvconf '-f' flag to ignore non-existent
interfaces, supported by both openresolv and sd-resolved resolvconf.

Signed-off-by: Ronan Pigott <rpigott@berkeley.edu>
[zx2c4: moved -f argument to end to remain compatible with Debian's resolvconf]
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: openbsd: fix alternate routing table syntax

route(8) has always used the `-T` option to specify the
routing table; there is no `rdomain` option.

Signed-off-by: Ankur Kothari <ankur@lipidity.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: android: refactor and add incoming allow rules

Suggested-by: Yağmur Oymak <yagmur.oymak@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: darwin: support being called from launchd

This causes wg-quick up to wait for the monitor to exit before it exits,
so that launchd can correctly wait on it.

Reported-by: Cameron Palmer <cameron@promon.no>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: pass WG_ENDPOINT_RESOLUTION_RETRIES=infinity to systemd unit

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: add wincompat layer to wg(8)

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: allow setting WG_ENDPOINT_RESOLUTION_RETRIES

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: specify protocol to ip(8), because of inconsistencies

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: look up existing routes properly

This was never really correct, and then 5.1 broke it entirely.

Reported-by: piraty1@inbox.ru
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: make darwin and freebsd path search strict like linux

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: freebsd: workaround SIOCGIFSTATUS race in FreeBSD kernel

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: avoid unneccessary next_peer assignments in sort_peers()

Signed-off-by: Luis Ressel <aranea@aixah.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: add 'strip' subcommand

`wg-quick strip` prints the config file to stdout after stripping it of
all wg-quick-specific options.

This enables tricks such as `wg addconf $DEV <(wg-quick strip $DEV)`.

Signed-off-by: Luis Ressel <aranea@aixah.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: warn if an AllowedIP has a nonzero host part

Signed-off-by: Luis Ressel <aranea@aixah.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: freebsd: export TMPDIR when restoring and don't make empty

Otherwise mktemp doesn't see it, and if it's empty we wind up in /.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: add support for Haiku

Signed-off-by: Alexander von Gluck IV <kallisti5@unixzen.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: genkey: account for short reads of /dev/urandom

Apparently Haiku has a misbehaving /dev/urandom.

While we're at it, simplify the function signature to completely succeed
or completely fail and make sure the caller checks the result.

Reported-by: Alexander von Gluck IV <kallisti5@unixzen.com>
Nitpicked-by: Aaron Jones <aaronmdjones@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: freebsd: rebreak interface loopback, while fixing localhost

The commit 7c833642 ("wg-quick: freebsd: allow loopback to work") was
supposed to make things better, but actually it just started sending
legitimate localhost traffic over the WireGuard interface, which is
really quite bad.

This reverts commit 7c833642dfa342218602ab18e7091e86408d2982.

Reported-by: Matt Smith <matt.xtaz@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: c_acc doesn't need to be initialized

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: fight compiler slightly harder

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

noise: store clamped key instead of raw key

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

highlighter: when subtracting char, cast to unsigned

Windows.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

systemd: wg-quick should depend on nss-lookup.target

Since wg-quick(8) calls wg(8) which does hostname lookups, we should
probably only run this after we're allowed to look up hostnames.

Reported-by: Anton Castelli <anton.c42@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: remove unused check phony declaration

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: freebsd: allow loopback to work

FreeBSD adds a route for point-to-point destination addresses. We don't
really want to specify any destination address, but unfortunately we
have to. Before we tried to cheat by giving our own address as the
destination, but this had the unfortunate effect of preventing
loopback from working on our local ip address. We work around this with
yet another kludge: we set the destination address to 127.0.0.1. Since
127.0.0.1 is already assigned to an interface, this has the same effect
of not specifying a destination address, and therefore we accomplish the
intended behavior.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

netlink: use __kernel_timespec for handshake time

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

contrib: introduce simple highlighter library

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

global: normalize -> clamp

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

keygen-html: bring back pure javascript implementation

This reverts commit 9d5baf7d1d14ca7eb0852b41566330259229d489.

Benoît Viguier has proofs that values will stay well within 2^53. We
also have an improved carry function that's much simpler.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Kconfig: IPsec isn't IPSec

Reported-by: Raf Czlonka <rczlonka@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

global: update copyright

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: curve25519: handle unaligned loads/stores safely

Reported-by: Chris Hewitt <chris@chrishewitt.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

makefile: use immediate expansion and use correct template patterns

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: bring interface up while setting MTU

This avoids another ip(8) invocation for little benefit.
Confirmed to work with iproute2 and busybox.

Signed-off-by: Aaron Jones <aaronmdjones@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

embeddable-wg-library: do not warn on unrecognized netlink attributes

This is a follow up of bcf8684c9ec90fe0d283a67d1654d05fb3eae019.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

global: various formatting tweeks

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: android: do not choke on empty allowed-ips

Reported-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

keygen-html: add missing glue macro

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg.8: AllowedIPs isn't actually required

An empty allowed IPs is totally valid, for folks wishing to move IP
addresses between multiple peers atomically.

Suggested-by: Comex <comexk@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg.8: specify that wg(8) shows runtime info too

Suggested-by: Comex <comexk@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: wait for interface to disappear on freebsd

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: don't fail if a netlink interface dump is inconsistent

Netlink returns NLM_F_DUMP_INTR if the set of all tunnels changed
during the dump. That's unfortunate, but is pretty common on busy
systems that are adding and removing tunnels all the time. Rather
than retrying, potentially indefinitely, we just work with the
partial results.

Reported-by: Robert Gerus <ar@is-a.cat>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: compile on gnu99

We don't actually use any C11 features, so we can at least compile with
ancient gcc.

Reported-by: Aaron M. D. Jones <aaronmdjones@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: use libc's endianness macro if no compiler macro

This lets us be compiled with ancient gcc.

Reported-by: Jeff Brandt <jeff@jeffcolo.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

global: rename struct wireguard_ to struct wg_

This required a bit of pruning of our christmas trees.

Suggested-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

netlink: do not stuff index into nla type

It's not used for anything, and LKML doesn't like the type being used as
an index value.

Suggested-by: Eugene Syromiatnikov <esyr@redhat.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

crypto: clean up remaining .h->.c

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick.8: add policy routing example

Suggested-by: Toke Høiland-Jørgensen <toke@toke.dk>
Suggested-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

crypto: make constant naming scheme consistent

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

global: put SPDX identifier on its own line

The kernel has very specific rules correlating file type with comment
type, and also SPDX identifiers can't be merged with other comments.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

global: prefer sizeof(*pointer) when possible

Suggested-by: Sultan Alsawaf <sultanxda@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

crypto: import zinc

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: ipc: do not warn on unrecognized netlink attributes

It makes extending things more difficult.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

crypto: use unaligned helpers

This is not useful for WireGuard, but for the general use case we
probably want it this way, and the speed difference is mostly lost in
the noise.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: check correct variable for route deduplication

Reported-by: John Sager <john@sager.me.uk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: darwin: prefer system paths for tools

The only things wg-quick(8) needs from Homebrew are bash(1) and wg(8).
Other than that, it's explicitly coded against the native system
utilities. Since wg-quick(8) and bash(1) are invoked in auto_su by their
full absolute path (via $SELF and $BASH, respectively), we can simply
set the $PATH to be prefixed by the default system binary paths. This
way, if users install tools that conflict with system tools -- such as
GNU coreutils -- we won't accidently call those.

Reported-by: Deirdre Connolly <durumcrustulum@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: android: remove compat code

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: android: allow package to be overridden

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

embeddable-wg-library: do not left shift negative numbers

Otherwise we incur undefined behavior.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: allow link local default gateway

It's unclear why it was like this in the first place, but it apparently
broke certain IPv6 setups.

Reported-by: Jonas Blahut <j@die-blahuts.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: only error on wg show if all interfaces fail

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: android: support excluding applications

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: android: prevent outgoing handshake packets from being dropped

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: fix misspelling of strchrnul in comment

Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

manpages: eliminate whitespace at the end of the line

This eliminates a few style warnings from "mandoc -T lint src/tools/wg*.8".

Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: android: don't forget to free compiled regexes

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: android: disable roaming to v6 networks when v4 is specified

This works around an unfortunate bug in 464XLAT transitions.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

dns-hatchet: apply resolv.conf's selinux context to new resolv.conf

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: getentropy requires 10.12

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: support getentropy(3)

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: encoding: add missing static array constraints

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: android: change name of intent

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: android: delay setting users until end

`ndc users add` eventually invokes SOCK_DESTROY on user sockets, causing
them to reconnect. By delaying this until after routes are set, we
ensure that the sockets reconnect using the tunnel, rather than the old
route.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: constanter time encoding

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: darwin: set DNS servers after delay on route change

This works around a race condition in macOS's network daemons, while
also adding one in the form of possibly calling kill -ALRM on a stale
PID; unfortunately bash can't wait from a trap.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: freebsd: configure as p2p link

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: darwin: add multiple IP addresses

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: determine IPs when saving interface

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: freebsd: work around security vulnerabilities in bash

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: allow enumeration of socket files

These OSes have an unpriv'd ifconfig, so this isn't an even larger info
leak.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: better bash completion for non-renaming OSes

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: support FreeBSD/Darwin search path

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: always pass -v as first argument to install

This lets crippled OSes sed out our -v more easily.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: openbsd: add new implementation

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: freebsd: add new implementation

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: darwin: do not remove routes when no real interface

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: darwin: rename namefile environment variable

This paves the way for an openbsd implementation.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: fix OpenBSD build

License: MIT
Signed-off-by: Filippo Valsorda <valsorda@google.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

ncat-client-server: do not always call sudo and use env bash

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg: fix errno propagation and messages

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: darwin: simpler inclusion check

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: darwin: reorder functions

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: darwin: networksetup does not like missing stdio

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: darwin: avoid routing loop if no default

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick: darwin: sometimes there are no network services

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>