| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
After length decisions, we've decided that the if_wg(4) driver and
related work is not yet ready to live in the tree. This driver has
larger security implications than many, and thus will be held to
more scrutiny than other drivers.
Please also see the related message sent to the freebsd-hackers@
and freebsd-arch@ lists by Kyle Evans <kevans@FreeBSD.org> on
2021/03/16, with the subject line "Removing WireGuard Support From Base"
for additional context.
|
| |
|
|
|
|
|
|
| |
This file got resynced with OpenBSD to pick up fixes that had taken
place after the version initially ported to FreeBSD. KASSERT there is
more like MPASS here.
Reported by: David Wolfskill <david@catwhisker.org>
|
| |
|
|
|
| |
This fixes the remaining cred leak that prevented jails from fully dying
in some error cases.
|
| |
|
|
|
|
| |
We're now xlocked when we create sockets, so we're now guaranteed that
the creds won't be released out from underneath us over in
wg_prison_remove().
|
| |
|
|
|
| |
INET is still required, so formally don't build it in !INET
configurations.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the culmination of about a week of work from three developers to
fix a number of functional and security issues. This patch consists of
work done by the following folks:
- Jason A. Donenfeld <Jason@zx2c4.com>
- Matt Dunwoodie <ncon@noconroy.net>
- Kyle Evans <kevans@FreeBSD.org>
Notable changes include:
- Packets are now correctly staged for processing once the handshake has
completed, resulting in less packet loss in the interim.
- Various race conditions have been resolved, particularly w.r.t. socket
and packet lifetime (panics)
- Various tests have been added to assure correct functionality and
tooling conformance
- Many security issues have been addressed
- if_wg now maintains jail-friendly semantics: sockets are created in
the interface's home vnet so that it can act as the sole network
connection for a jail
- if_wg no longer fails to remove peer allowed-ips of 0.0.0.0/0
- if_wg now exports via ioctl a format that is future proof and
complete. It is additionally supported by the upstream
wireguard-tools (which we plan to merge in to base soon)
- if_wg now conforms to the WireGuard protocol and is more closely
aligned with security auditing guidelines
Note that the driver has been rebased away from using iflib. iflib
poses a number of challenges for a cloned device trying to operate in a
vnet that are non-trivial to solve and adds complexity to the
implementation for little gain.
The crypto implementation that was previously added to the tree was a
super complex integration of what previously appeared in an old out of
tree Linux module, which has been reduced to crypto.c containing simple
boring reference implementations. This is part of a near-to-mid term
goal to work with FreeBSD kernel crypto folks and take advantage of or
improve accelerated crypto already offered elsewhere.
There's additional test suite effort underway out-of-tree taking
advantage of the aforementioned jail-friendly semantics to test a number
of real-world topologies, based on netns.sh.
Also note that this is still a work in progress; work going further will
be much smaller in nature.
MFC after: 1 month (maybe)
|
| |
|
|
|
|
|
|
|
|
| |
The names are self-explanatory; these are currently only used by the
wg(8) tool, but they are handy data points to have.
Reviewed by: grehan
MFC after: 3 days
Discussed with: decke
Differential Revision: https://reviews.freebsd.org/D29143
|
| |
|
|
|
|
|
|
|
| |
We have no use for the udphdr or this hlen local, just spell out the
addition inline.
MFC after: 3 days
Reviewed by: grehan, markj
Differential Revision: https://reviews.freebsd.org/D29142
|
| |
|
|
|
|
|
|
|
|
| |
The kernel-side already accepted a persistent-keepalive-interval, so
just add a verb to ifconfig(8) for it and start exporting it so that
ifconfig(8) can view it.
PR: 253790
MFC after: 3 days
Discussed with: decke
|
| |
|
|
|
|
|
|
|
|
| |
No sleeping allowed here, so avoid it. Collect the subset of data we
want inside of the epoch, as we'll need extra allocations when we add
items to the nvlist.
Reviewed by: grehan (earlier version), markj
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D29124
|
| |
|
|
|
|
|
|
|
|
|
| |
This partially reverts df55485085 but still fixes the leak. It was
overlooked (sigh) that some packets will exceed MHLEN and cannot be
physically contiguous without clustering, but we don't actually need
it to be. m_defrag() should pull up enough for any of the headers that
we do need to be accessible.
Fixes: df55485085
Pointy hat; kevans
|
| |
|
|
|
|
| |
df55485085 fixed a leak that I had initially fixed in a11009dccb.
Fixes: a11009dccb
|
| |
|
|
|
| |
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
| |
Reviewed by: grehan
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D29011
|
| |
|
|
|
|
| |
While we're here, sync up with OpenBSD and don't use a keypair !kp_valid
MFC after: 3 days
|
| |
|
|
|
|
|
| |
m_defrag() will not free the chain on failure, leaking the mbuf.
Obtained from: OpenBSD
MFC after: 3 days
|
| |
|
|
|
|
|
| |
The keypair lock is not taken until later.
Obtained from: Jason A. Donenfeld via OpenBSD
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Merge the following fixes from https://github.com/pfsense/FreeBSD-src
1940e7d3 Save address of ingress packets to allow wg to work on HA
8f5531f1 Fix connection to IPv6 endpoint
825ed9ee Fix tcpdump for wg IPv6 rx tunnel traffic
2ec232d3 Fix issue with replying to INITIATION messages in server mode
ec77593a Return immediately in wg_init if in DETACH'd state
0f0dde6f Remove unnecessary wg debug printf on transmit
2766dc94 Detect and fix case in wg_init() where sockets weren't cleaned up
b62cc7ac Close the UDP tunnel sockets when the interface has been stopped
Reviewed by: kevans
Obtained from: pfSense 2.5
MFC after: 3 days
Relnotes: yes
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D28962
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes an issue where a private key contained bits that should
have been cleared by the clamping process, but were passed through
to the scalar multiplication routine and resulted in an invalid
public key.
Issue diagnosed (and an initial fix proposed) by shamaz.mazum in
PR 252894.
This fix suggested by Jason Donenfeld.
PR: 252894
Reported by: shamaz.mazum
Reviewed by: dch
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Only x86 provides optimized implementations via the blake2 module. The
software "reference" implementation is already included in the crypto(4)
module, we can drop the extra MODULE_DEPEND for other platforms.
Without this change, if_wg.ko could not be loaded due to the missing
dependency.
PR: 252156
Reported by: gbe
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- remove -ferror-limit option
- quiet -Wredundant-decls
Reviewed by: mmacy
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D27559
Notes:
svn path=/head/; revision=368566
|
| |
|
|
|
|
|
| |
Reported by: Jessica Clarke
Notes:
svn path=/head/; revision=368196
|
| |
|
|
| |
Notes:
svn path=/head/; revision=368195
|
|
|
Data path largely shared with the OpenBSD implementation by
Matt Dunwoodie <ncon@nconroy.net>
Reviewed by: grehan@freebsd.org
MFC after: 1 month
Sponsored by: Rubicon LLC, (Netgate)
Differential Revision: https://reviews.freebsd.org/D26137
Notes:
svn path=/head/; revision=368163
|
