SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for wireguard-tools-0.0.20170918-1.5.i586.rpm :

* Mon Sep 18 2017 mardnhAATTgmx.de- Update to version 0.0.20170907 == Changes ==
* queue: entirely rework parallel system This is one of the most significant changes in WireGuard\'s codebase in a long time, so I\'d appreciate some thorough testing of this snapshot. Work here began as part of Samuel Holland (smaeul)\'s project for Google Summer of Code, and then I gradually morphed it into its present design. It\'s a rewrite of the entire multicore processing algorithm of WireGuard. No longer are we relying on padata, an inefficient kernel library that weighs a whopping 1000 lines of code alone. Instead, we\'ve implemented parallel processing using algorithms specifically tailored for WireGuard\'s structures and ordering concerns. In spite of having to provide ourselves what this library priorly provided, this snapshot actually weighs in _shorter_ than the previous one, which goes to show how cumbersome even using padata\'s APIs were and how much leaner we can make things. The result is a big improvement in performance on most systems. On my laptop, I\'m seeing about 1.4x performance as before, which is quite nice. We\'re still working on the best way to scale this to systems with absurd quantities of cores, but overall it\'s working quite well. Future work also involves using the DQL and qdisc systems. In the process, the entire project\'s code was significantly cleaned up and revised. Samuel was extremely instrumental in kickstarting these efforts, and his GSoC was most certainly valuable for getting this project started. He knows large parts of the WireGuard codebase well, and I expect for him to be a valuable colleague moving forward.
* device: IFF_NO_QUEUE is a private flag, not a public one This will prevent the weird \"20000\" flag from showing up in ip-link when the device is down.
* socket: satisfy sparse
* routingtable: satisfy sparse
* timers: style
* compat: ensure we can build without compat.h
* send: no need to check for NULL since ref is valid Style and correctness fixes.
* qemu: enable debug info for debug qemu A welcome improvement for all those trying to debug things.
* compat: support RHEL 7.4 This snapshot drops support for RHEL 7.3, moving on instead to RHEL 7.4.
* Thu Sep 07 2017 mardnhAATTgmx.de- Update to version 0.0.20170810 == Changes ==
* socket: improve reply-to-src algorithm This follows an extensive discussion on the mailing list. We store the destination IP of incoming packets as the source IP of outgoing packets. When we send outgoing packets, we then ask the routing table for which interface to use and which source address, given our inputs of the destination address and a suggested source address. This all is good and fine, since it means we\'ll successfully reply using the correct source address, correlating with the destination address for incoming packets. However, what happens when default routes change? Or when interface IP addresses change? Prior to this commit, after getting the response from the routing table of the source address, destination address, and interface, we would then make sure that the source address actually belonged to the outbound interface. If it didn\'t, we\'d reset our source address to zero and re-ask the routing table, in which case the routing table would then give us the default IP address for sending that packet. This worked mostly fine for most purposes, but there was a problem: what if WireGuard legitimately accepted an inbound packet on a default interface using an IP of another interface? In this case, falling back to asking for the default source IP was not a good strategy, since it\'d nearly always mean we\'d fail to reply using the right source. So, this commit changes the algorithm slightly. Rather than falling back to using the default IP if the preferred source IP doesn\'t belong to the outbound interface, we have two checks: we make sure that the source IP address belongs to _some_ interface on the system, no matter which one (so long as it\'s within the network namespace), and we check whether or not the interface of an incoming packet matches the returned interface for the outbound traffic. If both these conditions are true, then we proceed with using this source IP address. If not, we fall back to the default IP address.
* tools: fix removal of psk Small bug fix for some leftovers of moving from interface-psk to peer-psk way back when.
* wg-quick: only bash complete existing interfaces for down Bash completion is smarter now.
* compat: fix padata to work with 4.13 WireGuard now works with the newly released 4.13 kernel.
* Thu Aug 10 2017 mardnhAATTgmx.de- Update to version 0.0.20170810
* Wed Jul 26 2017 mardnhAATTgmx.de- Update to version 0.0.20170706 == Changes ==
* global: wireguard.io --> wireguard.com We have a new domain name -- WireGuard.com -- moving away from the .io, due to security concerns. Along with the new domain, we also have a commonly requested page for donations: https://www.wireguard.com/donations/ in addition to a Patreon page for those who are into that: https://www.patreon.com/zx2c4 .
* ratelimiter: consistently use non-bh rcu
* socket: style
* wg-quick: usage typos
* qemu: update default testing kernel
* qemu: warn on all unseeded random usage when in debug mode
* compat: work around odd kernels that backport kvfree
* selftests: ensure that there isnt CPU lag when testing rate limiter The usual set of small fixes.
* send: orphan skbs when buffering longterm This works around situations where some apps use the same socket for multiple interfaces. It\'s important in this case that indefinately queued packets don\'t eat away at the socket\'s send buffer; otherwise sending to other interfaces will be blocked.
* device: support 4.13\'s extact newlink param We continue to support the newest kernels, in this case adjusting to recent changes in the upcoming 4.13 release.
* global: use pointer to net_device This follows an upstream recommendation.
* ratelimiter: use KMEM_CACHE macro
* data: use KMEM_CACHE macro
* data: simplify no-keypair failure case
* send: use skb_queue_empty where appropriate Some nice cleanups from Samuel Holland, one of this summer\'s GSoC students.
* blake2s: move compression loop to assembly
* blake2s: fix up alignment issues Our BLAKE2s implementation now runs a bit faster, thanks to a commit and some additional suggestions from Samuel Neves, one of the BLAKE2 authors.
* wg-quick: do not set explicit src route for v6 default route Clueless network operators were trying to use fec0::/10 as a global address, except that range doesn\'t have the scope. Previously I worked around this by adding an explicit `src ...` to the routing table for all v6, but this is actually undesirable in some caes, so it\'s better that network operators give out the correct IPs (likely in fc00::/7).
* wg-quick: do not use grep This reduces the set of dependencies for wg-quick.
* wg-quick: add explicit support for common DNS usage wg-quick supports a DNS = field for common usages of DNS. Folks doing complicated things or who don\'t want to use resolvconf can continue to use PostUp for this.
* android: add port of wg-quick wg-quick now runs on Android using the ndc command to interact with Android\'s built-in network management daemons.
* Sun Jul 16 2017 mardnhAATTgmx.de- Updated URL
* Thu Jul 06 2017 mardnhAATTgmx.de- Update to version 0.0.20170706
* ratelimiter: use kvzalloc for hash table allocation
* ratelimiter: use IPv6 /64 instead of /96
* ratelimiter: add self-test These should make the rate-limiting a bit faster. We also switch to using a /64 instead of a /96 for IPv6, which seems to be what various RFCs recommend for this sort of thing.
* receive: cleanup error handlers
* gitignore: ignore split DWARF debug info
* socket: the checkers distinguish between _bh and non _bh
* counter: use correct unit for indices Various cleanups.
* compat: support OpenSUSE\'s backports
* compat: workaround Ubuntu 16.10 kernel weirdness
* compat: priv_destructor got backported
* device: cleanup register_netdev logic This is the main reason why this snapshot is being released a bit early. Kernel 4.11.9 came out, which backported some changes from 4.12, so we had to adjust the compat layer. This snapshot should now work with this recently released kernel (and all others >= 3.10) too. We also add support to a few more odd distro kernels.
* Fri Jun 30 2017 mardnhAATTgmx.de- Update to version 0.0.20170629 This release fixes a regression reported by Reuben Martin, which we then debugged together on his hardware. Certain length checking conflicted with GRO on particular hardware which only pulled the precise UDP header into the skb head fragment. This caused certain packets to be rejected unnecessarily. The regression was introduced during a cleanup of the last snapshot. The static analysis suite is being augmented to catch these types of errors in the future.
* Thu Jun 29 2017 mardnhAATTgmx.de- Update to version 0.0.20170628
* main: annotate init/exit functions to save memory
* selftest: remove antique siphash self test
* haskell: re-add updated haskell example
* socket: use ip_rt_put instead of dst_release
* device: avoid double icmp send on routing loop
* compat: clean up cruft
* global: cleanup IP header checking
* compat: do not export symbols unnecessarily Various cleanups and updates.
* device: netdevice destruction logic change for 4.12 When Linux 4.12 is released next week, we\'re good to go.
* device: only use one sleep notifier Rather than have a separate sleep notification for every interface, we now have a single notifier for every interface. This improves performance, especially when creating many interfaces at once.
* device: remove icmp conntrack hacks We\'re moving hacks upstream the proper way, and then backporting them to compat.
* receive: extend rate limiting to 1 second after under load detection After we determine that we\'re under load, we now wait 1 second before not being under load again, a timer which is global across all interfaces on a given system.
* curve25519: satisfy sparse and use short types
* curve25519: keep certain sandy2x functions in C Certain functions have been made into C, which should improve stack frames and reliability.
* ratelimiter: rewrite from scratch This is a big change. We no longer rely on x_tables or xt_hashlimit, instead using a super minimal and sleek token bucket ratelimiter. This works much better than the old cruft and should allow us to run more places. It also has the benefit of being global, so that it\'s possible to have thousands of interfaces without killing the system with separate GCs and vmallocs, which is what happened prior.
* socket: verify saddr belongs to interface We now more quickly react to changes of the v4 routing table, by ensuring that the sticky source address is actually still valid.
* wg-quick: properly match IPv6 endpoint wg-quick now works better with IPv6.
* wg-quick: use printf -v instead of namerefs for bash 4.2 This adds support for old bash, which means wg-quick should be generically \"bash 4 and up\". I\'m not happy about this but EL7 uses old bash, so we\'re stuck with it.
* compat: support EL7.3 Support for RHEL, CentOS, ScientificLinux, and so forth.
* compat: support Ubuntu 14.04 An old crufty Ubuntu is now supported, since it\'s LTS.
* Sun Jun 18 2017 mardnhAATTgmx.de- Update to version 0.0.20170613 Apologies for such a quick bump after yesterday\'s. Ivan Kozik noticed that on systems with very little entropy in the RNG, systems would hang when WireGuard interface configuration was a blocking item in the boot sequence. The previous snapshot added some checks to ensure that ephemeral keys and nonces are not generated dangerously before the RNG has enough entropy. It did this by simply making interface configuration block the caller until it was ready. However, doing this while holding rtnl_lock() meant that it would also block the configuration of other interfaces. This in turn meant that everything would come to a halt, and enough entropy would only be generated after many minutes, which could exceed particular udevd timeouts. The solution is to move the waiting for entropy to be at exactly the moment when entropy is needed: immediately before generating an ephemeral key or a nonce. After quite a bit of testing, this works very well. A WireGuard interface can be fully configured as early as possible in the boot sequence, but it will only ever complete a handshake sometime later, after it has gathered enough entropy. Since nothing except handshake processing itself is blocked, the rest of the system is freed up to go gather lots of entropy from its usual sources. This is a continuation of the work begun on the upstream Linux kernel, described in this LWN article: https://lwn.net/SubscriberLink/724643/6a0cd411eefcce75/ Because this could be something of a large annoyance, I\'m releasing this quick patch a day after the previous snapshot.- Update to version 0.0.20170612
* timers: queue up killing ephemerals only if not already We fix up a small detail in the timer logic that changed during the last snapshot.
* receive: trim incoming packets to IP header length Packets are now trimmed to their actual length, not their length+padding, before handing to the rest of the network subsystem, so that packets look pretty in tcpdump. This doesn\'t actually affect what userspace sees, since the kernel trims it at a later stage, but it does make pcaps a bit nicer to use.
* curve25519: use more standard label convention in asm This ensures that perf(1) shows the function name instead of the label name.
* compat: remove padata hotplug code Fixes building on kernels that have HOTPLUG enabled but no PADATA support.
* config: add new line for style
* device: do-while assignment style
* peer: explicitly initialize atomic Style.
* noise: fix race when replacing handshake Handle a situation in which three peers, all running on the same system, begin a handshake with all three of each other, at exactly the same time, on a multi-CPU system.
* config: ensure the RNG is initialized before setting
* compat: use sys_getrandom instead of add_random_ready_callback We\'ve been working with upstream to add a new API to the kernel for ensuring that the RNG actually is seeded. Until they merge it for 4.13, we provide a poly-fill to the compat code. This means that WireGuard will block during configuration until the RNG has enough entropy, so that it\'s never in a circumstance in which ephemeral keys are generated from bad randomness.
* go test: properly pad message
* go test: correct tai64n and formatting
* external-tests: add keepalive packet
* go test: use x/crypto for blake2s now that we have 128-bit mac
* external-tests: trim the fat Improvements for the external tests.
* wg-quick: make sure we have empty table for both v6 and v4
* wg-quick: match ipv6 default route more broadly Tiny nits with wg-quick, one of which should now allow multiple v6-only wg-quick instances running at the same time.
* Wed May 31 2017 mardnhAATTgmx.de- update to version 0.0.20170517 This rather large snapshot touches quite a few sensitive areas, so I\'m releasing it now rather than later to receive feedback on any possible issues. It also contains fixes, so everybody should upgrade.
* man: fix psk mention in wg-quick man page
* man: update wg-quick(8) to show Debian resolvconf braindamage Documentation cleanups.
* wg-quick: use src routing for default routes in v6 ip-rule(8) doesn\'t do the right thing with source addresses, unless we explicitly set it inside the route. This fixes wg-quick on IPv6 systems.
* curve25519: actually, do some things on heap sometimes
* curve25519: align the basepoint to 32 bytes
* curve25519: add NEON versions for ARM
* data: enable BH during parallel crypto on ARM/NEON
* chacha20poly1305: move constants to rodata
* chacha20poly1305: add NEON versions for ARM and ARM64 We now have faster primitives on ARM and ARM64 processors, which should improve performance.
* handshake: process in parallel Handshakes are now processed in parallel using all cores, which should improve throughput during a storm.
* noise: no need to store ephemeral public key
* noise: precompute static-static ECDH operation We can precompute the ECDH(s, s) calculation, which improves handshake initiation message performance by double.
* style: spaces after for loops
* peer: use iterator macro instead of callback The most unreadable C ever produced. It might be wise to find a sexier-looking alternative at some point.
* compat: remove warning for < 4.1
* compat: ship padata if kernel doesn\'t have it The usual array of annoying compat things.
* rust test: convert screech test to snow
* rust test: add icmp ping We now use Jake\'s snow library for Noise in the test, which we\'ve expanded to complete a ping.
* config: do not error out when getting if no peers
* tools: allow creating device with no peers Fixing some small things in the tool/config interaction.
* device: keep going when share_check fails
* routingtable: remove unnecessary check in node_placement()
* config: it\'s faster to memcpy than strncpy
* timers: fix typo in comment Nits.
* debug: print interface name in dmesg For those who compile with `make debug`, you\'ll be happy to see a bit better information in dmesg.
* timers: rework handshake reply control flow
* timers: the completion of a handshake also is on key confirmation
* timers: reset retry-attempt counter when not retrying Tightening up our timer implementation, which is quite important.
* Wed May 17 2017 mardnhAATTgmx.de- update to version 0.0.20170517 This is a substantial release, containing lots of changes and fixes over last four weeks, including a major protocol improvement. Since this is a lot of churn, I imagine there will be a considerable amount of feedback, resulting in a new snapshot not too long after this one.
* compat: use existing iptunnel_xmit function for stats
* compat: ssse3 support
* compat: work around ubnt offloading
* compat: use real crypto_memneq
* compat: remember to call iptunnel_xmit_stats We\'ve made quite a few improvements to our compat layer, which should add support to more platforms.
* tools: retry name resolution on temporary failure If you\'re using wg(8) in an init script, you\'ll be happy about this. If DNS resolution fails, we\'ll keep trying for a little while before eventually giving up. This should allow for a looser init service ordering, for those who like to use tunnels with DNS endpoints.
* tools: wg-quick: auto MTU discovery The wg-quick utility now makes a conservative guestiment on the correct MTU, if you don\'t explicitly specify it yourself with the new MTU= directive.
* chacha20poly1305: implement vectorized hchacha20 Our implementation of HChaCha20 is now optimized via SSSE3, which should improve cookie encryption and decryption speed, which uses XChaCha20.
* qemu: new packages and better debugging
* qemu: new location for test kernels
* Kbuild: optimize debug builds too The usual set of improvements to our testing and debugging facilities.
* jerry-rig: symlinks are better for tree patching The jerry-rig script now uses symlinks, which should improve its compatibility in more odd environments.
* tools: stricter key file reading The wg(8) utility is now a bit stricter on garbage at the end of key files.
* tests: check for stats counter increases The test suite checks to see whether the interface stats are actually being incremented.
* tools: check for proto error on set too
* tools: opt-in globally to GNU-isms to keep the BSDs happy General improvements.
* noise: redesign preshared key mode Preshared keys are now local to each peer rather than to each interface. This allows different peers to have different preshared keys, which improves the compromise model. This has been joint work with Trevor Perrin\'s Noise project, and today revision 32 [1] has been published, which adds the handshake pattern used by WireGuard -- IKpsk2. This is a protocol change -- an accepted potentiality of a still experimental project -- and as such all peers will need to be updated to this latest snapshot. The wg(8) utility has been updated to account for the change of preshared-key being attached to the interface to now being attached to each peer. The WireGuard paper [2], protocol webpage [3], and Tamarin model all have been updated accordingly.
* tools: support text-based ipc As discussed on the mailing list, the wg(8) tool now talks to userspace WireGuard implementations using a text-based format [4] over a UNIX socket that has been designed to be exceedingly easy to parse in all languages. The wg(8) tool now runs fine on FreeBSD. [5]
* Sat Apr 22 2017 mardnhAATTgmx.de- update to version 0.0.20170421
* tools: check for malloc failure
* tools: argc is always 1
* tools: no hyphen in preshared, to keep uniformity
* device: use rcu_barrier_bh
* cookie: move the bangs
* config: don\'t allow no-privatekey to mask preshared
* receive: netif_rx consumes General bug fixes.
* qemu: work on ARM64
* netns: cleanup and add diagram Our QEMU test suite now works on ARM64.
* tools: side channel resistant base64 Our implementation of base64 in wg(8) no longer uses the system base64 and instead uses a handrolled constant time implementation, in order to avoid timing side-channel attacks on private key data.
* compat: work on old 3.10 Supporting ancient 3.10 allows us to run on the Ubiquiti EdgeRouter. There\'s now a package for this: https://community.ubnt.com/t5/EdgeMAX/Release-WireGuard-for-EdgeRouter/td-p/1904764
* routingtable: rewrite core functions The routing table has had some core utilities rewritten, bugs fixed, and the test suite greatly expanded, complete with a randomized comparison against a slow reference implementation and a graphviz output option, which produced these amazing PDFs: https://data.zx2c4.com/trie_v4.pdf https://data.zx2c4.com/trie_v6.pdf
* Sun Apr 09 2017 mardnhAATTgmx.de- update to version 0.0.20170409
* compat: allow create-patch to work on debian-based builds
* main: add /sys/module/wireguard/version
* tools: do not use addrconfig with port in gai
* config: do not allow peers with public keys the same as the interface
* curve25519: protect against potential invalid point attacks
* chacha20poly1305: enforce authtag checking with compiler While Noise is resilliant to invalid point attacks, it\'s still better to check explicitly for NULLs from 25519. While we\'re at it, we make the compile warn if we don\'t check the return value of sensitive crypto functions.
* locking: always use _bh
* chacha20poly1305: check return values of sgops
* data: simplify flow
* data: cleanup parallel workqueue and use two max_active
* data: alloca is actually as dangerous as they say These should improve stability in certain cases, though this involved some potentially big rewrites, so I\'ll keep an eye on incoming bug reports.
* compat: support 3.16
* compat: support 3.14
* compat: support 3.12
* compat: support 3.10
* compat: careful with destructors
* compat: warn on < 4.1 We now experimentally support kernels going back to 3.10. This means that WireGuard should run on nearly all Android devices, the Ubiquiti EdgeRouter, and probably most other random Linux devices that you can find. I\'m looking forward to seeing the community pick up the work producing pre-compiled modules for various things.
* Fri Mar 24 2017 mardnhAATTgmx.de- update to version 0.0.20170324
* curve25519: 128-bit integer != x86_64 This will fix build problems on AArch64.
* tools: document # comments in wg(8) man page
* socket: avoid deadlock on port retry Fixes systems under port exhaustion.
* wg-quick: various cleanups
* uapi: add version magic While the problem will go away entirely when we switch (back) to Netlink, for now it\'s nice to warn users when wg(8) is out of sync with the module, so we do this by adding a version field.
* Mon Mar 20 2017 mardnhAATTgmx.de- update to 0.0.20170320.1 This is a critical same-day re-release for a bug affecting Sandy Bridge systems. All packagers who updated to 20170320 should update to this snapshot.
* Mon Mar 20 2017 mardnhAATTgmx.de- update to version 0.0.20170320
* device: 4.11 uses cnf for addr_gen_mode
* receive: last_rx use is discouraged and removed in recent kernels
* data: transition to skb_reset_tc for 4.11 This snapshot now should work with 4.11.
* create-patch: add context below to work with busybox patch It turns out that busybox has a patch that doesn\'t do fuzzy matching.
* device: move sysctl toggling to open time
* compat: use maybe_unused macro over gcc-specific
* timers: elide enable check
* config: satisfy sparse Cleanups.
* hashtables: get_random_int is now more secure, so expose directly
* cookie: no need to hash rng We\'re trusting the Linux RNG to not be backdoored!
* tools: wg-quick: support old ip(8) This should allow wg-quick usage with Ubuntu 16.04.
* data: big refactoring A rather invasive refactoring that may bring bugs with it. Please report strange behavior from this release, if any.
* blake2s: add AVX implementation
* curve25519: add AVX implementation
* Mon Feb 27 2017 mardnhAATTgmx.de- update to version 0.0.20170223
* device: disable ICMP redirects We now no longer send ICMP redirect messages when forwarding packets between two WireGuard peers on the same interface.
* socket: do not try to create v6 socket when disabled This allows WireGuard to work on systems booted with ipv6.disable=1.
* wg-quick: allow config files without trailing newline
* tools: give \"off\" value for fwmark
* tools: fix bash completion spaces
* tools: add wg show [interface] dump The wg(8) command learns a new way of dumping information, which should be a boost for script writers.
* contrib: add wg-json utility Using the aforementioned new dump command, it\'s trivial to transform into JSON using a bash script, so this is provided as an example.
* extract-keys: respect compat directives The extract-keys helper now builds with the new compat system, which should enable wireshark dissectors and such to work.
* Tue Feb 14 2017 mardnhAATTgmx.de- update to version 0.0.20170214
* wg-quick: unquote fwmark for bash 4.3
* Tue Feb 14 2017 mardnhAATTgmx.de- update to version 0.0.20170213
* curve25519: do everything on the stack Now that OpenWRT ships the MIPS SoftIRQ stack patch, and it\'s also made it upstream, we no longer need to do the mallocing, which should improve performance.
* tools: man: recommend correct port Before we used 41414 in the documentation, which we should be suggesting the use of 51820.
* tools: wg-quick: recommend using resolvconf in exclusive mode - x prevents DNS leakage.
* timers: use setup_timer macro helper
* timers: use simpler uninit sync technique Simplifies code a bit.
* socket: synchronize net on socket tear down
* device: shorter workqueue names to fit in ps
* main: add `wg` type alias
* socket: general ephemeral ports instead of name-based ports If no port is specified, a port is selected ephemerally, instead of trying to be overly clever with the interface name.
* socket: enable setting of fwmark This is a nice new feature which enables policy-based routing on fwmarks, used by Android and wg-quick.
* tools: setconf should remove existing psk
* tools: remove key for any empty file
* tools: wg-quick: support v6 dual stack
* tools: wg-quick: set LC_ALL for consistent regex
* Kconfig: can be a module
* create-patch: be sure it\'s actually after NETFILTER
* compat: backport siphash & dst_cache from mainline Since siphash is upstream now, we use the mainline implementation. While we\'re at it with reorganizing compat, we also backport dst_cache, so older kernels can benefit from it.
* Sun Jan 15 2017 mardnhAATTgmx.de- update to version 0.0.20170115
* tools: wg-quick: enforce good permissions
* tools: wg-quick: parse IPv6 endpoints correctly
* tools: wg-quick: better removal of suppress_prefix rule The former is good practice, in the likes of SSH\'s warnings. The latter two are bug fixes.
* tools: error on short ret reads
* tools: ipc: read from socket incrementally
* uapi: add missing userspace headers
* uapi: use flag instead of C bitfield for portability
* uapi: use sockaddr union instead of sockaddr_storage This makes the UAPI a bit more portable across languages, which assists with the Go implementation efforts.
* config: useless newline
* Use __read_mostly attribute when possible General code quality improvements.
* ratelimiter: 800ms too fast, decrease to 2s sustained rate There\'s no need to allow 800ms handshakes, when there\'s already bursting and when more than 1 every 5 seconds is already too much, when under DoS.
* Thu Jan 05 2017 mardnhAATTgmx.de- install wg-quick
* Thu Jan 05 2017 mardnhAATTgmx.de- update to version 0.0.20170105
* tools: add bash completion for wg(8)
* tools: add wg-quick
* tools: add makefile instructions
* tools: add systemd unit and auto-detection This is an all-tools release. The new wg-quick tool could use some testing and exposure, so we\'re posting this snapshot a bit early to solicit feedback.
* Fri Dec 30 2016 mardnhAATTgmx.de- update to version 0.0.20161230 This is a fairly small release, and if you\'re a lazy package maintainer, you can skip it if you don\'t have the time. The primary improvement and motivation for making this snapshot is Android support.
* tools: rename \'bandwidth\' to \'transfer\' in output Nice catch from Tomasz Torcz.
* external-tests: update to latest The Go/Rust/Haskell examples have been updated.
* cookie: optimize
* blake2s: cleanup Some nice optimizations and cleanups to increase code quality.
* wg-config: use ip rules instead of tungate Rather than launching a routing daemon, we just use ip-rule(8). This should be more straight-forward, and work on more systems, such as Android.
* tools: syscall.h should actually be sys/syscall.h
* compat: support 3.18, 3.19, 4.0
* Fri Dec 23 2016 mardnhAATTgmx.de- update to version 0.0.20161223
* config: allow removing multiple peers at once Before, specifying several peers to remove on the command line at the same time would not work. This is now fixed.
* routing-table: simplify and mask reparented root Now reparented entries in the routing table are properly masked, so that you don\'t wind up with strange entries like \"192.0.0.0/0\".
* tools: allowed-ips is easier to parse with spaces instead of \", \" This is a slight change in the tools CLI that should make it easier to parse with scripts.
* tools: do not use AI_ADDRCONFIG It is now possible to configure IPv6 endpoints before IPv6 interfaces have successfully gotten their IPs.
* wg-config: cleanup ip parsing
* wg-config: cleanups General cleanups.
* cookies: use xchacha20poly1305 instead of chacha20poly1305 This is a big change. To simplify the security analysis, improve speed, and simplify the code, we now use XChaChaPoly1305 with a random 24-byte nonce, instead of using a random 32-byte salt.
* Sun Dec 18 2016 mardnhAATTgmx.de- update to version 0.0.20161218
* This is a quick snapshot to fix an error with the last one on big endian systems. Probably only OpenWRT cares about this, and everybody else can happily wait for the next more substantial snapshot.
* Fri Dec 16 2016 mardnhAATTgmx.de- update to version 0.0.20161216
* messages: increase header by 3 bytes for alignment PACKAGERS PLEASE UPDATE, as this is a protocol-breaking change.
* device: disable ipv6 auto address generation Now finally we have working tcpdump and no useless automatic IPv6 addresses.
* device: rc -> ret
* device: dellink is already implictly unregister_netdevice_queue
* device: simplify device_init, since it only returns -EEXIST
* main: consistent lines
* device: clean up xmit error path
* device: allocate tstats in newlink
* global: move to consistent use of uN instead of uintN_t for kernel code
* crypto: use kernel\'s bitops functions
* messages: remove unused constants
* blake2s: move self tests to correct directory
* tools: fix latest-handshake typo in documentation
* noise: update comments
* config: cleanups
* types: enforce consistency Numerous code quality cleanups.
* device: ensure icmp skb length check is done for v6
* receive: simplify ip header checking logic This adds a missing length check and generally simplifies length checks throughout.
* peer: don\'t use sockaddr_storage to reduce memory usage Now that we have struct endpoint, ditching sockaddr_storage is a no-brainer. It has the affect of making parallel decryption faster because it requires less of an allocation for the ctx, and thus our kmemcache can be merged.
* tests: avoid non-strict writes via printf Finally fixing this silly old bug.
* ratelimiter: drop family from action for 4.10 We\'re getting ready for the first rc of Linux 4.10.
* siphash: update against upstream submission I\'ve been preparing a big patch for upstream Linux to include SipHash, and in the process I improved the implementation considerably.
* hashtables: use counter and int to ensure forward progress This gives the best of both worlds between the two hashtable rng designs.
* Sat Dec 10 2016 mardnhAATTgmx.de- rebased patch: wireguard-remove-depmod.diff- fix URL- update to version 0.0.20161209
* hashtable: use random number each time This reverts some hashtable changes from a while back.
* tests: make sure ncat gets killed
* tests: directly kill nmap
* qemu: bump kernel version Now running `make test` cleans up some zombie ncat processes.
* build system: add dkms installation This is a biggie for packagers. You can now run `make dkms-install` to install the source and dkms.conf file to an environment-variable specified location. Since the majority of downstreams are using dkms, providing it upstream makes sense.
* data: reset tc when resetting skb Correctness fix.
* device: clear all peer ephemeral keys on sleep
* device: make suspend code conditional on CONFIG_PM_SLEEP WireGuard is now the only VPN software that will clear your ephemeral keys before the computer goes into sleep. This is a nice security feature for extreme cases.
* timers: add random jitter to handshake retry
* socket: clear src address when retrying handshake This increases the reliability of reconnections succeeding in the case of connection trouble.
* device: cleaner error teardown
* main: cleaner error teardown
* device: traditional if is cleaner than switch for this small
* compat: build dep errors belong here, since it\'s out of tree specific
* cookie: kill redundant forward declaration Just code cleanups.
* contrib: add wg-config This is a nice new example utility for adding a wireguard device and configuring its IPs and routes all in one go. It\'s extensively documented in its contrib directory and comes with a Makefile installer.
* Wed Nov 30 2016 mardnhAATTgmx.de- update to version experimental-0.0.20161129
* send: send packet initiation only after requeuing to prevent race
* tests: be sure we get all messages
* tests: veth does not come up immediately We\'ve made the internal testing suite a bit more reliable.
* main: add version to dmesg The module insertion message now shows the snapshot build date or the git revision, depending, which will help with more easily determining what\'s happening from people\'s logs. Too many incompetent bug reporters have inexplicably neglected to mention the version or commit being used when reporting a bug. This commit works around this human error, requested by Kalin Kozhuharov and others.
* device: conntrack is optional WireGuard can now run on machines that do not have connection tracking, requested by Willy Tarreau and Baptiste Jonglez.
* ratelimiter: load hashlimit at modinsert time Alex Xu pointed out an interesting deadlock, and we were able to trace it to internal kernel infrastructure locking things in opposing orders. To work around these bugs, WireGuard now loads the hashlimit module at insertion time rather than at interface creation time.
* tools: warn about clock going backward In the event that some script on your system is making the clock go wild backward, the tools should probably indicate that the \"last handshake completed\" date can\'t be correct, and that subsequent connections might fail. This was reported by W. Kennington.
* Wed Nov 16 2016 mardnhAATTgmx.de- update to version experimental-0.0.20161116.1
* The earlier snapshot today broke some builds on kernels <= 4.3. Packagers only need to bump versions for this single commit if distribution kernels use <= 4.3.
* Wed Nov 16 2016 mardnhAATTgmx.de- update to version experimental-0.0.20161116
* socket: keep track of src address in sending packets
* socket: ensure that saddr routing can deal with interface removal This is a rather important change. WireGuard will now reply using the same source address on which it received a packet. This improves compatibility with multi-homed hosts.
* debug: cleanup skb printing
* compat: rearrange
* tests: use private ipv6 addresses
* tests: trim output
* various: nits from willy
* packets: consolidate constants
* device: better debug message A whole series of cleanups.
* device: we need NONE for libpcap In the previous snapshot, we switched to using a VOID device type, so that IPv6 autoconfiguration wouldn\'t assign a useless IP. But this broke libpcap and tcpdump. So, we\'re back to using the NONE type, and getting a useless v6 address. This requires upstream Linux fixes to solve.
* chacha20poly1305: rely on avx and avx2 This works around braindead VPS providers who disable random opcodes.
* Thu Nov 10 2016 mardnhAATTgmx.de- update to version experimental-0.0.20161110
* data: we care about per-peer, not per-device, inflight encryptions
* data: squelch compiler warning on PARALLEL=n
* socket: release dst on routing loop These are cleanups of the previous refactoring.
* qemu: use sparsemem always, for kasan
* qemu: kasan needs more memory Automatically detecting memory corruption bugs should not be much easier.
* send: remove redundant time stamp
* cookie: avoid void pointer arithmatic
* debug: support dynamic debug on skb addr
* data: only uses kmem_cache for parallism
* chacha20poly1305: don\'t forget version header General bug fixes.
* socket: use more reasonable skb padding Rather than the somewhat arbitrary ETH_HLEN + VLAN_HLEN + 16, we now use NET_SKB_PAD.
* chacha20poly1305: it\'s just as fast to use these more simple unaligned access helpers This completes our fixup of chacha20poly1305 for platforms with slow unaligned access, such as MIPS.
* send: simplify handshake initiation queueing and introduce lock Rate limiting is now applied globally, and while locked, which should make it impossible for two threads to simultaneously cause a new handshake.
* selftest: add routing table tests for small subnets
* routing-table: mask self for better IP display Giving allowed IPs an address like 192.168.121.128/16 will now be normalized to 192.168.0.0/16 automatically.
* curve25519: use kmalloc in order to not overflow stack This is HUGE. And OPENWRT PEOPLE SHOULD UPDATE IMMEDIATELY. This is a major fix for platforms that do not use a separate IRQ stack, such as MIPS. All MIPS users should update immediately for improved stability. An interesting mailing list thread crossposted to LKML is on this list.
* Sun Nov 06 2016 mardnhAATTgmx.de- update to version experimental-0.0.20161105
* socket: use dst_cache instead of handrolled cache
* compat: stub out dst_cache for old kernels
* socket: route() returns an error pointer, not NULL on failure
* socket: big refactoring Rather than our hand rolled routing cache, we now use the kernel\'s own dst_cache, which was added to the kernel after 4.5 and wasn\'t available when wireguard was first developed. The performance is on par with ours, but this way we reduce complexity.
* data: take reference to peer
* data: use smaller types
* send: queue bundles on same CPU
* data: keep FPU on when possible
* data: use a memory cache for parallel ctx
* compat: fix variable assumptions This series of optimizations is huge, resulting in
*doubled throughput
* on my development laptop. This is a major performance win, achieved by batching up sequential packets on the same processor core, with the observation that waiting for cores to synchronize takes time and defeats multi-core improvements. Wireguard should now scale better to systems with tons of cores.
* compat: some grsec have get_random_long; others do not Wireguard now builds with the stable release of grsec that used to be testing. In otherwords, distro stable grsec packages that are out of date and unmaintained can now use wireguard without modification.
* qemu: move build outside of kernel dir to avoid kernel\'s make clean
* qemu: work around termio race condition
* qemu: move marker to top and flush
* qemu: fail if module selftests fail The qemu test suite received more stability improvements and a workaround for a virtio bug.
* tools: chill modern gcc out
* c89: the static keyword is okay in c99, but not in c89
* chacha20poly1305: cleanup magic constants General code and compiler fixes.
* Thu Nov 03 2016 mardnhAATTgmx.de- update to version experimental-0.0.20161102
* timers: take reference like a lookup table
* qemu: newer default kernel Small improvements as usual.
* device: use ARPHDR_VOID instead of ARPHDR_NONE We now avoid auto-assigning randomly generated IPv6 addresses to interfaces, since this doesn\'t make sense in the context of cryptokey routing. This should prevent those pesky log messages about trying to send to unrouted RA IPs.
* chacha20poly1305: src is different from dst on last piece This is a critical patch and the reason why this snapshot is being cut so soon after the previous. PACKAGERS: bump your packages.
* Wed Nov 02 2016 mardnhAATTgmx.de- update to version experimental-0.0.20161102
* peer: kref is most likely to succeed
* data: do not allow usage of keypair just before hash removal
* kref: elide checks These fix a potential race condition that could trigger kernel warning messages.
* tools: everybody hates automatic stripping
* tools: abstract pkg-config to PKG_CONFIG
* Sun Oct 30 2016 mardnhAATTgmx.de- update to version experimental-0.0.20161025
* noise: comment/document the key swapping It turns out this is a bit interesting, and there\'s an interesting TODO item in there now regarding a KPI choice that may or may not be an issue.
* debug: keep alive -> keepalive
* device: better debug message for unroutable packets The latter should make it more clear why certain packets aren\'t being sent. In most cases for properly configured interfaces, this will just show v6 RA addresses.
* timers: avoid thundering herd for simultaneous initiation By applying slack time to the initiation schedule, we can take advantage of the fact that jiffies does not have the same exact start quantum on all computers, giving us the natural jitter we need.
* timers: kill half-open handshakes after a while This ensures partial ephemeral sessions are cleared, even if they\'re never used.
* timers: always delay handshakes for responder
* timers: only have initiator rekey These are two different solutions to the same problem. Namely, we don\'t want the responder to reinitiate a handshake at the same time as the initiator, in the case that a TCP SYN is sent after 120 seconds of the session. See the individual commit messages for an in depth explanation of the two different approaches and the one I ultimately chose.
* receive: always send confirmation, even if queue is empty It\'s essential that the initiator always sends confirmation to the responder, so that the responder can send packets using the new key ASAP. This is required when handshakes roll-over during sparsely utilized links.
* compat: support PaX constify plugin
* data: reset all packet fields like tun.c
* compat: grsecurity backports get_random_long WireGuard now compiles and runs fine on both grsecurity/PaX stable and testing.
* Fri Oct 14 2016 mardnhAATTgmx.de- update to version experimental-0.0.20161014
* send: only avoid parallel path when there aren\'t inflight jobs
* send: requeue jobs for later if padata is full
* send: ensure that rekey retries are staggered
* device: show debug message when no peer has allowed-ips for packet
* compat: more functions moved upstream into 4.9
* Sat Oct 01 2016 mardnhAATTgmx.de- update to version experimental-0.0.20161001
* poly1305: optimize unaligned access This is a very appreciated fix from René van Dorst, adjusting the arithmetic in Poly1305 to work fast on platforms with slow unaligned access, such as MIPS. According to his calculation, this gives a 50% improvement on small MIPS boxes.
* hashtables: use rdrand() instead of counter Rather than incrementing a counter, we instead use rdrand, which gives us an extremely fast source of random numbers. We\'re still running this through siphash with a secret, so a backdoored rdrand implementation won\'t be a problem.
* examples: add nat-hole-punching https://lists.zx2c4.com/pipermail/wireguard/2016-August/000372.html https://git.zx2c4.com/WireGuard/tree/contrib/examples/nat-hole-punching/README
* examples: add key extractor https://lists.zx2c4.com/pipermail/wireguard/2016-August/000373.html https://git.zx2c4.com/WireGuard/tree/contrib/examples/extract-keys/README
* tools: allow multiple AllowedIPs invocations Multiple AllowedIPs= lines can now be specified, which could improve readability of the config files.
* send: properly encapsulate ECN Thanks to the guidance of Dave Taht, we now support ECN.
* Rework headers and includes
* compat: Isolate more functions In anticipation of upstreaming WireGuard, we\'ve now moved most of our version-specific #ifdefs to compat.h, where we use horrible macro tricks to redefine functions for old versions. This allows us to keep the actual code as clean as possible. When we merge to mainline, compat.h will be deleted wholesale.
* tests: test jumbo frames with more transfer
* tests: add crypto-RP filter test
* qemu: enhancements With this an numerous other commits, we\'ve further expanded the test suite.
* Sun Aug 14 2016 mardnhAATTgmx.de- update to version experimental-0.0.20160808
* timers: upstream removed the slack concept We now group timers ourselves, this time with the ability to round down. This ensures that we don\'t wind up rescheduling timers for every packet, but instead keeping things within a quarter second window.
* c: specify static array size in function params See https://hamberg.no/erlend/posts/2013-02-18-static-array-indices.html
* contrib: move patchers to contrib/kernel-tree There are now two patchers: - contrib/kernel-tree/create-patch.sh This patcher simply spits out a patch for use with `patch(1)` to stdout. - contrib/kernel-tree/jerry-rig.sh This is the old hack that patches into the kernel tree a reference to the WireGuard tree.
* tools: do not show private keys in pretty output The `WG_HIDE_KEYS` environment variable now determines whether or not keys are shown in the pretty `wg show` output.
* persistent-keepalive: change range to [1,65535] Linux connection tracking is granular to 1 second, so it\'s important that we do the same.
* selftest: move to subfolder
* Kbuild: move module deps out of tests/
* tests: use makefile and expand greatly This is a big one. The entire testing subsystem has been entirely expanded. With the help of Alex Xu and Naveen Nathan, the test suite is now hugely expanded, and even does NAT testing with the persistent-keepalive feature. Not only that, but the QEMU runner now builds from a Makefile and is much more robust. We now build and run 7 kernels for every single commit, with the test results published on https://www.wireguard.io/build-status/
* ratelimiter: do not require IPv6 CONFIG_IPV6 is no longer required at all for WireGuard.
* Fri Jul 22 2016 mardnhAATTgmx.de- update to version experimental-0.0.20160722
* tools: abstract sockets are dangerous
* tools: Use seqpacket instead of dgram
* tools: use stream instead of seqpacket
* tools: propagate set errno
* tools: add default cflag
* tools: add -MP to makefile
* socket: simpler debug message
* socket: reset IPv4 socket to NULL after free
* socket: fix compat for 4.1 v6 sockets
* cookie: do not expose csprng directly
* index hashtable: run random indices through siphash
* Thu Jul 21 2016 mardnhAATTgmx.de- update to version experimental-0.0.20160721
* tests: improve test suite and add qemu tester You can now run `make test` to do some nice functional testing of the module. As well, there\'s now src/tests/qemu.sh which builds and installs a mini userspace and kernel, boots it up in qemu, and runs the tests. This does not require root access, and provides a good way of testing for packagers. Note that I very much would like to see some patches cleaning up qemu.sh if anybody is interested.
* Kconfig: select IP6_NF_IPTABLES if using IPV6
* build system: revamp building and configuration This build system is much more robust, and we\'ve gotten all the dependencies worked out. Check out wireguard.io/install/ and scroll to the bottom to see all the information about kernel dependencies.
* tools: fix numbering in man page
* tools: first additions of userspace integration
* tools: support horrible freebsd/osx/unix semantics
* tools: rename kernel to ipc The wg(8) tool now implements the neccessary protocol to work with new WireGuard userspace implementations! The extremely simple IPC protocol is documented here -- wireguard.io/xplatform/ -- and is essentially the same way in which wg(8) communicates with the kernel. This should be exceedingly simple to implement, and we fully expect for all userspace implementation efforts currently occurring to use this, so that wg(8) can administer any kind of implementation with the same interface. It also compiles on OS X now and there\'s a pull request for including this in Homebrew: https://github.com/Homebrew/homebrew-core/pull/3183
* Mon Jul 11 2016 mardnhAATTgmx.de- update to version experimental-0.0.20160711
* persistent keepalive: use authenticated keepalives This is by far the biggest and most important change of this snapshot, and indeed is the entire reason why we\'re releasing another one for folks to test out. It was pointed out on the mailing list that if keepalives aren\'t authenticated, it\'s impossible for the receiver to update the source IP/port of the sender. So, we make them authenticated, which means turning on the \"persistent-keepalive\" feature is basically saying \"always hold an active session open\". WireGuard is by default non-chatty -- there won\'t be an active session if you\'re not sending anything. So, if this is a problem with wanting to receive connections while idle and behind NAT, then you can use this feature for always maintaining an active session.
* timers: rename
*authorized
* functions to
*authenticated
*
* timers: do not consider keepalives to be data sent
* examples: update ncat-client-server readme
* keepalives: only queue keepalive when queue is empty
* persistent keepalive: use unsigned long to avoid multiplication in hotpath
* timers: document conditions for calling
* timers: move timer calls out of hot loop
* timers: apply slack to hotpath timers
* receive: no need to test for !len
* receive: assume we usually succeed with userspace
* Fri Jul 08 2016 mardnhAATTgmx.de- update to version experimental-0.0.20160708.1
* persistent keepalive: start sending immediately -- the previously released feature was not useful without this extra commit. So, getting this in here now so that people can actually test this out. Sorry for the churn. Don\'t bother packaging the previous snapshot.
* Fri Jul 08 2016 mardnhAATTgmx.de- update to version experimental-0.0.20160708
* Remove old development scripts and cruft from contrib/.
* Reorganize contrib/examples. Distribution packagers are now encouraged to install contrib/examples to /usr/share/${pkg}/examples.
* Make sure we add 4611686018427387914 to TAI64N second stamps, to be in spec.
* Improve error reporting and detection in wg(8), ignoring extra input and generally being more helpful.
* Enable always falling back to /dev/urandom when getrandom(2) fails.
* Add synergy example script.
* Use `pkg-config` for libmnl in tools Makefile if it exists. Otherwise we fallback to just specifying -lmnl statically.
* Improve go test to send and receive ICMP ping packet through tunnel.
* Add the new persistent keepalive mechanism, as discussed on the mailing list. This is available via `wg set wg0 peer ABCD persistent-keepalive 25` as well as `PersistentKeepalive = 25` in the `[Peer]` section of configuration files. This is off by default, as it\'s only useful for users behind NAT or stateful firewall that expect to receive external VPN connections while they are idle. This has been documented in the wg(8) man page as well as a small blurb on the quick start page of the website.- removed patch:
* wireguard-set-libmnl-includedir-with-pkgconfig.diff (fixed upstream)- packaged examples from contrib/examples
* Wed Jul 06 2016 mardnhAATTgmx.de- renamed subpackage for the userspace-tool wireguard -> wireguard-tools
* Tue Jul 05 2016 mardnhAATTgmx.de- use snapshot tags instead of of pulling from the git directly
* Tue Jul 05 2016 mardnhAATTgmx.de- initial package
  
ICM