[PATCH] timers: local_clock() is defined in linux/sched.h in kernel below v4.11

2019-06-13 Thread René van Dorst 
Fixes: 7a79457255d5  ("global: switch to local_clock()")
Signed-off-by: René van Dorst 
---
 src/timers.h | 4 
 1 file changed, 4 insertions(+)

diff --git a/src/timers.h b/src/timers.h
index ef1205690915..3af326056f3d 100644
--- a/src/timers.h
+++ b/src/timers.h
@@ -6,7 +6,11 @@
 #ifndef _WG_TIMERS_H
 #define _WG_TIMERS_H
 
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 11, 0)
+#include 
+#else
 #include 
+#endif
 
 struct wg_peer;
 
-- 
2.20.1

___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: "The OpenWRT Commit" (native chacha20 mips32 support)

2018-05-23 Thread René van Dorst 

Quoting Denis Kisselev <de...@dkisselev.net>:

Has anyone had a chance to play around with the new snapshot  
(<https://git.zx2c4.com/WireGuard/commit/?id=d67d89c7f9d83d22d750452236b0e16510ab1368>0.0.20180519<https://git.zx2c4.com/WireGuard/tag/?h=0.0.20180519>) on a mips  
device?



It looks like ChaCha20 is now natively supported but I'm curious  
about what kind of performance people are now seeing on devices.



Anecdotally, it looks like people were getting 50-60mbps on ~650mhz  
devices like the AR-300M when wireguard made its first splash about  
a year ago.


Chacha20 routine is around 114-117% faster.
Poly1305 routine is around ~275% faster.
Both compared with generic C version.
So you will see a 10-25% improvement in the speed.

Greats,

René van Dorst.

___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: RX Errors from Android Peer

2018-04-26 Thread René van Dorst 

Hi Eddie and Jason,

I seeing this too.

On the server: WireGuard 0.0.20180420-2-g802b85c (Mips32r2)

peer: bHFjNUyfx141TvuNXUyIQ2BDAF57zfcpgdRd09UOlSg=
  endpoint: :22649
  allowed ips: 10.0.0.8/32, fd00::8/128, :fff8::/64
  latest handshake: 17 minutes, 41 seconds ago
  transfer: 3.07 MiB received, 18.78 MiB sent

wg0   Link encap:UNSPEC  HWaddr  
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00

  inet addr:10.0.0.1  P-t-P:10.0.0.1  Mask:255.255.255.0
  inet6 addr: fd00::1/64 Scope:Global
  inet6 addr: :fff0::/60 Scope:Global
  UP POINTOPOINT RUNNING NOARP  MTU:1440  Metric:1
  RX packets:23629 errors:215 dropped:0 overruns:0 frame:215
  TX packets:23885 errors:6 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:3224980 (3.0 MiB)  TX bytes:19693516 (18.7 MiB)



Latest Android client 0.4.0 on a Backberry DTEK50 android 6.0.1. So  
fallback on userspace implementation.


Address: 10.0.0.8/32, :fff8::1/64
dns: 8.8.8.8
Allowed IPS: ::/0, 0.0.0.0/0
MTU: auto.


Before test
wg0   Link encap:UNSPEC  HWaddr  
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00

  inet addr:10.0.0.1  P-t-P:10.0.0.1  Mask:255.255.255.0
  inet6 addr: fd00::1/64 Scope:Global
  inet6 addr: :fff0::/60 Scope:Global
  UP POINTOPOINT RUNNING NOARP  MTU:1440  Metric:1
  RX packets:23714 errors:215 dropped:0 overruns:0 frame:215
  TX packets:23996 errors:6 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:3239760 (3.0 MiB)  TX bytes:19715932 (18.8 MiB)

dmesg:
wireguard: wg0: Sending handshake initiation to peer 6 (85d26a64)
wireguard: wg0: Receiving handshake initiation from peer 6 (85d26a64)
wireguard: wg0: Sending handshake response to peer 6 (85d26a64)
wireguard: wg0: Keypair 93 created for peer 6
wireguard: wg0: Keypair 91 destroyed for peer 6
wireguard: wg0: Receiving keepalive packet from peer 6 (85d26a64)
wireguard: wg0: Packet has unallowed src IP (8cd8bd50) from peer 6 (85d26a64)
wireguard: wg0: Receiving keepalive packet from peer 6 (85d26a64)
wireguard: wg0: Receiving keepalive packet from peer 6 (85d26a64)
wireguard: wg0: Receiving keepalive packet from peer 6 (85d26a64)
wireguard: wg0: Receiving handshake initiation from peer 6 (85d26a64)
wireguard: wg0: Sending handshake response to peer 6 (85d26a64)
wireguard: wg0: Keypair 94 created for peer 6
wireguard: wg0: Keypair 92 destroyed for peer 6
wireguard: wg0: Receiving keepalive packet from peer 6 (85d26a64)
wireguard: wg0: Retrying handshake with peer 6 (85d26a64) because we  
stopped hearing back after 15 seconds

wireguard: wg0: Sending handshake initiation to peer 6 (85d26a64)
wireguard: wg0: Receiving handshake response from peer 6 (85d26a64)


After test:
wg0   Link encap:UNSPEC  HWaddr  
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00

  inet addr:10.0.0.1  P-t-P:10.0.0.1  Mask:255.255.255.0
  inet6 addr: fd00::1/64 Scope:Global
  inet6 addr: :fff0::/60 Scope:Global
  UP POINTOPOINT RUNNING NOARP  MTU:1440  Metric:1
  RX packets:26810 errors:216 dropped:0 overruns:0 frame:216
  TX packets:26866 errors:6 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:3674552 (3.5 MiB)  TX bytes:21719820 (20.7 MiB)

Tunnel is working: test-ipv6.nl shows both my ISP ipv4 and ipv6 address.

Greats,

René van Dorst.

___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

[PATCH] Using the wrong variable in loop.

2018-02-08 Thread René van Dorst 
Fix compiler error:

WireGuard/src/crypto/../selftest/poly1305.h:1497:10: warning: iteration 35u 
invokes undefined behavior [-Waggressive-loop-optimizations]
   size_t inlen = poly1305_testvecs[i].input.size;
  ^
WireGuard/src/crypto/../selftest/poly1305.h:1494:2: note: containing loop
  for (i = 0; i < ARRAY_SIZE(chacha20poly1305_enc_vectors); ++i) {
---
 src/selftest/poly1305.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/selftest/poly1305.h b/src/selftest/poly1305.h
index 2b93d50..9428eba 100644
--- a/src/selftest/poly1305.h
+++ b/src/selftest/poly1305.h
@@ -1491,7 +1491,7 @@ bool __init poly1305_selftest(void)
bool success = true;
size_t i;
 
-   for (i = 0; i < ARRAY_SIZE(chacha20poly1305_enc_vectors); ++i) {
+   for (i = 0; i < ARRAY_SIZE(poly1305_testvecs); ++i) {
struct poly1305_ctx poly1305;
const u8 *in = poly1305_testvecs[i].input.data;
size_t inlen = poly1305_testvecs[i].input.size;
-- 
2.13.6

___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: ARM multitheaded?

2017-11-21 Thread René van Dorst 
 thr, 83 kthr; 4 running
2  [||| 
20.5%] Load average: 1.20 0.73 0.90
3  [||  
19.5%] Uptime: 4 days, 14:22:22

4  [|||96.8%]
Mem[|86.0M/1000M]
Swp[ 0K/244M]


So it seems that one of process in the chain has a bottleneck.
HTOP only show "kworkers" as a name. Not really useful for debugging.  
See below.


1  [||  
79.1%] Tasks: 29, 9 thr, 82 kthr; 5 running
2  [||  
24.5%] Load average: 2.07 1.33 1.35
3  [
23.2%] Uptime: 4 days, 14:34:57

4  [|||99.4%]
Mem[|86.3M/1000M]
Swp[ 0K/244M]
  PID USER  PRI  NI  VIRT   RES   SHR S CPU% MEM%   TIME+  Command
13706 root   20   0 0 0 0 R 61.8  0.0  1:20.60 kworker/3:6
7 root   20   0 0 0 0 R 20.6  0.0  2:39.03 ksoftirqd/0
13743 root   20   0 0 0 0 S 19.9  0.0  0:10.00 kworker/2:0
13755 root   20   0 0 0 0 R 17.9  0.0  0:18.32 kworker/3:3
13707 root   20   0 0 0 0 S 15.9  0.0  0:24.29 kworker/1:3
13747 root   20   0 0 0 0 S 14.6  0.0  0:03.73 kworker/3:0
13753 root   20   0 0 0 0 S 13.3  0.0  0:01.68 kworker/0:1
13754 root   20   0 0 0 0 R  7.3  0.0  0:03.91 kworker/0:2
13752 root   20   0 0 0 0 S  4.7  0.0  0:02.97 kworker/1:0
13751 root   20   0 0 0 0 S  4.0  0.0  0:03.97 kworker/3:2
13748 root   20   0  2944   608   536 S  2.7  0.1  0:01.14 iperf3  
-c 10.0.0.1 -t 1000 -Z -i 40

13749 root   20   0 0 0 0 S  2.7  0.0  0:02.61 kworker/2:1
13733 root   20   0 12860  3252  2368 R  2.0  0.3  0:16.53 htop
13757 root   20   0 0 0 0 S  0.7  0.0  0:01.54 kworker/2:2
13684 root   20   0 0 0 0 S  0.0  0.0  0:25.83 kworker/1:1
13750 root   20   0 0 0 0 S  0.0  0.0  0:04.12 kworker/3:1
13756 root   20   0 0 0 0 S  0.0  0.0  0:01.21 kworker/1:2

Any idea how to debug it and to improve the performance?

Greats,

René van Dorst.

___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

ARM multitheaded?

2017-11-21 Thread René van Dorst 

Hi Jason,



iperf3 -c 10.0.0.1 -t 10 -Z -i 40 -P 3

1  [
87.7%] Tasks: 29, 9 thr, 83 kthr; 6 running
2  [
28.5%] Load average: 0.86 0.64 0.87
3  [||| 
27.3%] Uptime: 4 days, 14:22:07

4  [||100.0%]
Mem[|85.9M/1000M]
Swp[ 0K/244M]


iperf3 -c 10.0.0.1 -t 10 -Z -i 40

htop output
1  [||| 
74.0%] Tasks: 29, 9 thr, 83 kthr; 4 running
2  [||| 
20.5%] Load average: 1.20 0.73 0.90
3  [||  
19.5%] Uptime: 4 days, 14:22:22

4  [|||96.8%]
Mem[|86.0M/1000M]
Swp[ 0K/244M]




___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: netns.sh stuck at ncat.

2017-11-20 Thread René van Dorst 

Quoting "Jason A. Donenfeld" <ja...@zx2c4.com>:


This is pretty strange looking, and appears like it's a userland issue
-- like the versions of ncat or ss or whatever weird scripting hacks
in netns.sh aren't working well with the tools installed or some
networking sysctl I forgot to toggle... Maybe one quick way of testing
if it's an ss issue (old RHEL tools, or the like) would be to change
the function body of waitncatudp into just `sleep 2` or something.


Maybe it did not work before but I didn't noticed because ncat was not  
installed until yesterday.
I tried old wireguard module not the userland tools. But the same  
results stuck at ncat.


This Cubox is running Ubuntu xenial 16.04.3 LTS (GNU/Linux 4.13.14 armv7l)

ncat comes with package nmap

root@cubox-es:~# apt show nmap
Package: nmap
Version: 7.01-2ubuntu2

ss utility, iproute2-ss151103


With sleep 2 it works again.


My script modifications.

root@cubox-es:/usr/src/WireGuard/src/tests# git diff ./netns.sh
diff --git a/src/tests/netns.sh b/src/tests/netns.sh
index 2ad8d88..7718da6 100755
--- a/src/tests/netns.sh
+++ b/src/tests/netns.sh
@@ -38,7 +38,7 @@ ip1() { pretty 1 "ip $*"; ip -n $netns1 "$@"; }
 ip2() { pretty 2 "ip $*"; ip -n $netns2 "$@"; }
 sleep() { read -t "$1" -N 0 || true; }
 waitiperf() { pretty "${1//*-}" "wait for iperf:5201"; while [[ $(ss  
-N "$1" -tlp 'sport = 5201') != *iperf3* ]]; do sleep 0.1; done; }
-waitncatudp() { pretty "${1//*-}" "wait for udp:"; while [[ $(ss  
-N "$1" -ulp 'sport = ') != *ncat* ]]; do sleep 0.1; done; }

+waitncatudp() { pretty "${1//*-}" "wait for udp:"; sleep 2; }
 waitncattcp() { pretty "${1//*-}" "wait for tcp:"; while [[ $(ss  
-N "$1" -tlp 'sport = ') != *ncat* ]]; do sleep 0.1; done; }
 waitiface() { pretty "${1//*-}" "wait for $2 to come up"; ip netns  
exec "$1" bash -c "while [[ \$(< \"/sys/class/net/$2/operstate\") !=  
up ]]; do read -t .1 -N 0 || true; done;"; }


Greats,

René van Dorst.

___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

netns.sh stuck at ncat.

2017-11-20 Thread René van Dorst 

Hi Jason,

Tested the latest code on my Solidrun Cubox with Marvell Dove 88AP510 SoC.
But is get stuck on ncat. Device did not crash. I can terminate the  
script with ctrl-c.


Probably a weird config ;-)

Crosscompiled kernel 4.13.14 and wireguard on F26 from git source.

Linux cubox-es 4.13.14 #8 Mon Nov 20 17:47:03 CET 2017 armv7l armv7l  
armv7l GNU/Linux


console:

[   15.283929] wireguard: loading out-of-tree module taints kernel.
[   15.339447] wireguard: allowedips self-tests: pass
[   15.341220] wireguard: nonce counter self-tests: pass
[   15.370589] wireguard: curve25519 self-tests: pass
[   15.371282] wireguard: chacha20poly1305 self-tests: pass
[   15.374534] wireguard: blake2s self-tests: pass
[   15.798922] wireguard: ratelimiter self-tests: pass
[   15.799019] wireguard: WireGuard 0.0.2017-16-gaffc38e loaded.  
See www.wireguard.com for information.
[   15.799023] wireguard: Copyright (C) 2015-2017 Jason A. Donenfeld  
<ja...@zx2c4.com>. All Rights Reserved.


[+] NS2: wg show wg0 endpoints
[+] NS1: wg set wg0 peer wXPE01il/3J9gBYCroPUc7mHgIxXjKW/TPULllHFWmc=  
allowed-ips 192.168.241.0/24

[+] NS1: wait for udp:
[+] NS1: ncat -l -u -p 
[  318.566899] wireguard: wg0: Sending keepalive packet to peer 6  
([::1]:2/0%0)
[  318.567104] wireguard: wg0: Receiving keepalive packet from peer 7  
([::1]:9998/0%0)
[  325.607881] wireguard: wg0: Packet has unallowed src IP (fd00::2)  
from peer 6 ([::1]:2/0%0)
[  325.607898] wireguard: wg0: Packet has unallowed src IP (fd00::2)  
from peer 6 ([::1]:2/0%0)
[  325.607915] wireguard: wg0: Packet has unallowed src IP (fd00::2)  
from peer 6 ([::1]:2/0%0)
[  325.607925] wireguard: wg0: Packet has unallowed src IP (fd00::2)  
from peer 6 ([::1]:2/0%0)
[  325.607936] wireguard: wg0: Packet has unallowed src IP (fd00::2)  
from peer 6 ([::1]:2/0%0)
[  325.607946] wireguard: wg0: Packet has unallowed src IP (fd00::2)  
from peer 6 ([::1]:2/0%0)
[  330.727519] wireguard: wg0: Packet has unallowed src IP (fd00::2)  
from peer 6 ([::1]:2/0%0)
[  330.727536] wireguard: wg0: Packet has unallowed src IP (fd00::2)  
from peer 6 ([::1]:2/0%0)
[  330.727547] wireguard: wg0: Packet has unallowed src IP (fd00::2)  
from peer 6 ([::1]:2/0%0)
[  335.846999] wireguard: wg0: Sending keepalive packet to peer 6  
([::1]:2/0%0)
[  335.847198] wireguard: wg0: Receiving keepalive packet from peer 7  
([::1]:9998/0%0)
[  346.087013] wireguard: wg0: Sending keepalive packet to peer 6  
([::1]:2/0%0)
[  346.087203] wireguard: wg0: Receiving keepalive packet from peer 7  
([::1]:9998/0%0)
[  356.328019] wireguard: wg0: Packet has unallowed src IP (fd00::2)  
from peer 6 ([::1]:2/0%0)
[  356.328037] wireguard: wg0: Packet has unallowed src IP (fd00::2)  
from peer 6 ([::1]:2/0%0)
[  356.328047] wireguard: wg0: Packet has unallowed src IP (fd00::2)  
from peer 6 ([::1]:2/0%0)
[  356.328057] wireguard: wg0: Packet has unallowed src IP (fd00::2)  
from peer 6 ([::1]:2/0%0)
[  356.328067] wireguard: wg0: Packet has unallowed src IP (fd00::2)  
from peer 6 ([::1]:2/0%0)
[  356.328077] wireguard: wg0: Packet has unallowed src IP (fd00::2)  
from peer 6 ([::1]:2/0%0)
[  366.567072] wireguard: wg0: Sending keepalive packet to peer 6  
([::1]:2/0%0)
[  366.567207] wireguard: wg0: Receiving keepalive packet from peer 7  
([::1]:9998/0%0)
[  376.807090] wireguard: wg0: Sending keepalive packet to peer 6  
([::1]:2/0%0)
[  376.807281] wireguard: wg0: Receiving keepalive packet from peer 7  
([::1]:9998/0%0)


Kernel CONFIG: https://paste.fedoraproject.org/paste/W6aa6vCAmrDMEgSwdAxbYA

root@cubox-es:/usr/src/WireGuard/src/tests# cat /proc/cpuinfo
processor   : 0
model name  : ARMv7 Processor rev 5 (v7l)
BogoMIPS: 333.33
Features: half thumb fastmult vfp edsp iwmmxt thumbee vfpv3  
vfpv3d16 tls idivt

CPU implementer : 0x56
CPU architecture: 7
CPU variant : 0x0
CPU part: 0x581
CPU revision: 5

Hardware: Marvell Dove
Revision: 
Serial  : 


gcc version 7.0.1 20170309 (Red Hat Cross 7.0.1-0.4)

Greats,

René van Dorst.

___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

general protection fault: 0000 [#1] SMP with latest commit a073ccac17a85f0c453698d0213cc8b86ecc3dfe

2017-11-20 Thread René van Dorst 
Latest commit [0] crashes at loading. Commit:  
https://git.zx2c4.com/WireGuard/commit/?id=a073ccac17a85f0c453698d0213cc8b86ecc3dfe



This commit it still works:  
https://git.zx2c4.com/WireGuard/commit/?id=0d7fc5f3cbb84d2f803a6add9f4b58875c12ad9b



Dmesg:

[1.906839] wireguard: loading out-of-tree module taints kernel.
[1.908347] wireguard: allowedips self-tests: pass
[1.909216] wireguard: nonce counter self-tests: pass
[1.910217] wireguard: curve25519 self-tests: pass
[1.910735] general protection fault:  [#1] SMP
[1.911230] Modules linked in: wireguard(O+) ip6_udp_tunnel  
udp_tunnel tun crct10dif_pclmul crc32_pclmul ghash_clmulni_intel ppdev  
joydev evdev pcspkr serio_raw virtio_balloon virtio_console parport_pc  
parport button sunrpc ip_tables x_tables autofs4 ext4 crc16 mbcache  
jbd2 crc32c_generic fscrypto ecb ata_generic virtio_blk virtio_net  
crc32c_intel aesni_intel aes_x86_64 crypto_simd cryptd glue_helper  
psmouse ata_piix floppy libata scsi_mod i2c_piix4 virtio_pci  
virtio_ring virtio
[1.915665] CPU: 0 PID: 555 Comm: modprobe Tainted: G   O
 4.13.0-0.bpo.1-amd64 #1 Debian 4.13.4-2~bpo9+1
[1.916752] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),  
BIOS 1.10.2-1.fc26 04/01/2014

[1.917617] task: 965c0f5b8040 task.stack: a58d0051
[1.918185] RIP: 0010:chacha20_ssse3+0x44/0xc20 [wireguard]
[1.918646] RSP: :a58d00512dc8 EFLAGS: 00010292
[1.919067] RAX:  RBX: 007f RCX:  
a58d00512ed0
[1.919624] RDX: 0040 RSI: a58d00512ff8 RDI:  
a58d00512ff8
[1.920253] RBP: a58d00512ec0 R08: a58d00512ef0 R09:  
a58d00512e10
[1.920983] R10: a58d00513090 R11: 8ccd2ded R12:  
a58d00512ec0
[1.921680] R13: 0040 R14: 0001 R15:  
0001
[1.922400] FS:  7fe93e257700() GS:965c1280()  
knlGS:

[1.923195] CS:  0010 DS:  ES:  CR0: 80050033
[1.923759] CR2: 7f80169f59b8 CR3: 0c46a000 CR4:  
003406f0

[1.924485] Call Trace:
[1.924753]  ? chacha20_crypt.part.0+0x36/0x70 [wireguard]
[1.925322]  ? chacha20_crypt+0x106/0x110 [wireguard]
[1.925841]  ? __chacha20poly1305_encrypt+0xfd/0x3e0 [wireguard]
[1.926489]  ? chacha20poly1305_encrypt+0x81/0xa0 [wireguard]
[1.927103]  ? chacha20poly1305_encrypt+0x81/0xa0 [wireguard]
[1.927702]  ? chacha20poly1305_selftest+0x68/0x225 [wireguard]
[1.928337]  ? 0xc0345000
[1.928692]  ? mod_init+0x37/0x8f [wireguard]
[1.929124]  ? do_one_initcall+0x4e/0x190
[1.929548]  ? __vunmap+0x71/0xb0
[1.929887]  ? __vunmap+0x71/0xb0
[1.930244]  ? do_init_module+0x5b/0x1f8
[1.930656]  ? load_module+0x2587/0x2c70
[1.931065]  ? SYSC_finit_module+0xd2/0x100
[1.931456]  ? SYSC_finit_module+0xd2/0x100
[1.931847]  ? system_call_fast_compare_end+0xc/0x97
[1.932358] Code: 00 48 83 ec 48 66 0f 6f 05 7a 0f 01 00 f3 0f 6f  
09 f3 0f 6f 51 10 f3 41 0f 6f 18 66 0f 6f 35 44 0f 01 00 66 0f 6f 3d  
4c 0f 01 00 <66> 0f 7f 04 24 66 0f 7f 4c 24 10 66 0f 7f 54 24 20 66 0f  
7f 5c
[1.934310] RIP: chacha20_ssse3+0x44/0xc20 [wireguard] RSP:  
a58d00512dc8

[1.935055] ---[ end trace 0c922123e56459c5 ]---

CPUINFO

Dual core:

root@gateway:~# cat /proc/cpuinfo
processor   : 0
vendor_id   : GenuineIntel
cpu family  : 6
model   : 94
model name  : Intel Core Processor (Skylake)
stepping: 3
microcode   : 0x1
cpu MHz : 3504.000
cache size  : 4096 KB
physical id : 0
siblings: 1
core id : 0
cpu cores   : 1
apicid  : 0
initial apicid  : 0
fpu : yes
fpu_exception   : yes
cpuid level : 13
wp  : yes
flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge  
mca cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx pdpe1gb  
rdtscp lm constant_tsc rep_good nopl cpuid pni pclmulqdq ssse3 cx16  
pcid sse4_1 sse4_2 x2apic movbe popcnt aes xsave rdrand hypervisor  
lahf_lm abm 3dnowprefetch cpuid_fault fsgsbase tsc_adjust smep erms  
invpcid mpx rdseed smap clflushopt xsaveopt xsavec xgetbv1 xsaves arat

bugs:
bogomips: 7008.00
clflush size: 64
cache_alignment : 64
address sizes   : 40 bits physical, 48 bits virtual
power management:


Distro: Debian 9, kernel 4.13.0-0.bpo.1-amd64 #1 SMP Debian  
4.13.4-2~bpo9+1 (2017-10-17) x86_64 GNU/Linux



Greats,

René van Dorst.

___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: possible irq lock inversion dependency detected

2017-10-11 Thread René van Dorst 

Quoting "Jason A. Donenfeld" :


Hi René,

I'm having trouble parsing your message. You wrote:


So I am not sure if you patch works or not.
Because it was not that easy to reproduce the last one.


Do you mean to imply that you could NOT reproduce it with my patch?
But that you could reproduce it WITHOUT the patch?

Jason


I was trying to reproduce the bug before the patch.
I could not reproduce the first one. Only hitting the second one 3 times.

After the patch I could not reproduce any of them.

Greats,

René



___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

possible irq lock inversion dependency detected

2017-10-10 Thread René van Dorst 
53.421064] [] (packet_queue_free [wireguard]) from  
[] (rcu_release+0x48/0x6c [wireguard])

[12353.431101]  r5:caf14808 r4:caf14e38
[12353.434722] [] (rcu_release [wireguard]) from  
[] (rcu_process_callbacks+0x338/0x5d0)

[12353.444239]  r5:caf14e38 r4:cbd7b900
[12353.447841] [] (rcu_process_callbacks) from []  
(__do_softirq+0xf0/0x2a0)
[12353.456315]  r10:0100 r9:c0e020a0 r8:c0e020a4 r7:0009  
r6:c0e0 r5:4001

[12353.464175]  r4:
[12353.466729] [] (__do_softirq) from []  
(irq_exit+0xe8/0x160)
[12353.474070]  r10:f4000100 r9:c0e1e1e4 r8:cb808400 r7:0001  
r6: r5:

[12353.481930]  r4:c0d53c18
[12353.484484] [] (irq_exit) from []  
(__handle_domain_irq+0x60/0xc0)
[12353.492351] [] (__handle_domain_irq) from []  
(gic_handle_irq+0x64/0xc4)
[12353.500736]  r9:c0e1e1e4 r8:c0e01ea8 r7: r6:03ff  
r5:03eb r4:f400010c
[12353.508512] [] (gic_handle_irq) from []  
(__irq_svc+0x70/0x98)

[12353.516025] Exception stack(0xc0e01ea8 to 0xc0e01ef0)
[12353.521101] 1ea0:   0001 0001   
c0e0a840  cbd7a4e0
[12353.529313] 1ec0: 0d4e4248 0b3c 0cba1c80 0b3c   
c0e01f24 c0e01ec8 c0e01ef8

[12353.537521] 1ee0: c016df00 c0650398 200f0013 
[12353.542597]  r10: r9:c0e0 r8:0cba1c80 r7:c0e01edc  
r6: r5:200f0013

[12353.550457]  r4:c0650398
[12353.553012] [] (cpuidle_enter_state) from []  
(cpuidle_enter+0x1c/0x20)
[12353.561309]  r10:c0e01f48 r9:c0e0d1fc r8:c0d534d8 r7:cbd7a4e0  
r6:c0e0756c r5:c0e075b8

[12353.569170]  r4:c0e0 r3:cbd7a4e0
[12353.572768] [] (cpuidle_enter) from []  
(call_cpuidle+0x28/0x44)
[12353.580460] [] (call_cpuidle) from []  
(do_idle+0x10c/0x1e0)
[12353.587803] [] (do_idle) from []  
(cpu_startup_entry+0x20/0x24)
[12353.595406]  r10:c0d3da48 r9:cbfff980 r8:c0e6d000 r7:c0e07540  
r6:c0e6d000 r5:0002

[12353.603266]  r4:00bb r3:c0d4c31c
[12353.606864] [] (cpu_startup_entry) from []  
(rest_init+0x228/0x278)
[12353.614821] [] (rest_init) from []  
(start_kernel+0x32c/0x3a0)

[12353.622336]  r5: r4:c0e6d04c
[12353.625934] [] (start_kernel) from [<8000807c>] (0x8000807c)
[12353.769106] wireguard: wg0: Interface deleted




root@utilite:/usr/src/WireGuard# gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/arm-linux-gnueabihf/6/lto-wrapper
Target: arm-linux-gnueabihf
Configured with: ../src/configure -v --with-pkgversion='Debian  
6.3.0-18' --with-bugurl=file:///usr/share/doc/gcc-6/README.Bugs  
--enable-languages=c,ada,c++,java,go,d,fortran,objc,obj-c++  
--prefix=/usr --program-suffix=-6  
--program-prefix=arm-linux-gnueabihf- --enable-shared  
--enable-linker-build-id --libexecdir=/usr/lib  
--without-included-gettext --enable-threads=posix --libdir=/usr/lib  
--enable-nls --with-sysroot=/ --enable-clocale=gnu  
--enable-libstdcxx-debug --enable-libstdcxx-time=yes  
--with-default-libstdcxx-abi=new --enable-gnu-unique-object  
--disable-libitm --disable-libquadmath --enable-plugin  
--enable-default-pie --with-system-zlib --disable-browser-plugin  
--enable-java-awt=gtk --enable-gtk-cairo  
--with-java-home=/usr/lib/jvm/java-1.5.0-gcj-6-armhf/jre  
--enable-java-home  
--with-jvm-root-dir=/usr/lib/jvm/java-1.5.0-gcj-6-armhf  
--with-jvm-jar-dir=/usr/lib/jvm-exports/java-1.5.0-gcj-6-armhf  
--with-arch-directory=arm  
--with-ecj-jar=/usr/share/java/eclipse-ecj.jar  
--with-target-system-zlib --enable-objc-gc=auto --enable-multiarch  
--disable-sjlj-exceptions --with-arch=armv7-a --with-fpu=vfpv3-d16  
--with-float=hard --with-mode=thumb --enable-checking=release  
--build=arm-linux-gnueabihf --host=arm-linux-gnueabihf  
--target=arm-linux-gnueabihf

Thread model: posix
gcc version 6.3.0 20170516 (Debian 6.3.0-18)


root@utilite:/usr/src/WireGuard# lscpu
Architecture:  armv7l
Byte Order:Little Endian
CPU(s):4
On-line CPU(s) list:   0-3
Thread(s) per core:1
Core(s) per socket:4
Socket(s): 1
Model: 10
Model name:ARMv7 Processor rev 10 (v7l)
CPU max MHz:   996.
CPU min MHz:   396.
BogoMIPS:  3.00
Flags:         half thumb fastmult vfp edsp neon vfpv3 tls vfpd32


Greats,


René van Dorst.

___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: netns.sh: Sending cookie response for denied handshake

2017-10-06 Thread René van Dorst 

Hi Jason,

Quoting "Jason A. Donenfeld" :


Hey René,

Fascinating. Can you tell me if this fixes it? http://ix.io/ARe

Jason


After a bit of more testing and testing you patch.

Old situation:

I noticed that netns.sh fails before uptime reach 5m (300s).
Connecting to my home tunnel always works within 5mins.

Test oneliner: dmesg -w & sleep 2 && while [ 1 ]; do date; uptime;  
/usr/src/WireGuard/src/tests/netns.sh; sleep 10; done



Patched situation:

It works (tested it 3 times)

LOGGING with patch:

Fri Oct  6 15:36:17 CEST 2017
 15:36:17 up 1 min,  1 user,  load average: 0.75, 0.34, 0.13
[+] ip netns add wg-test-835-0
[+] ip netns add wg-test-835-1
[+] ip netns add wg-test-835-2
[+] NS0: ip link set up dev lo
[+] NS0: ip link add dev wg0 type wireguard
[  107.537250] wireguard: loading out-of-tree module taints kernel.
[  107.544470] wireguard: module verification failed: signature and/or  
required key missing - tainting kernel

[  107.558578] wireguard: routing table self-tests: pass
[  107.566686] wireguard: nonce counter self-tests: pass
[  107.577013] wireguard: curve25519 self-tests: pass
[  107.581938] wireguard: chacha20poly1305 self-tests: pass
[  107.590082] wireguard: blake2s self-tests: pass
[  107.944704] wireguard: ratelimiter self-tests: pass
[  107.949734] wireguard: WireGuard 0.0.20171005-dirty loaded. See  
www.wireguard.com for information.
[  107.958781] wireguard: Copyright (C) 2015-2017 Jason A. Donenfeld  
. All Rights Reserved.

[  107.971666] wireguard: wg0: Interface created
[+] NS0: ip link set wg0 netns wg-test-835-1
[+] NS0: ip link add dev wg0 type wireguard
[  108.055197] wireguard: wg0: Interface created
[+] NS0: ip link set wg0 netns wg-test-835-2
[+] wg genkey
[+] wg genkey
[+] wg pubkey
[+] wg pubkey
[+] wg genpsk
[+] NS1: ip addr add 192.168.241.1/24 dev wg0
[+] NS1: ip addr add fd00::1/24 dev wg0
[+] NS2: ip addr add 192.168.241.2/24 dev wg0
[+] NS2: ip addr add fd00::2/24 dev wg0
[+] NS1: wg set wg0 private-key /dev/fd/63 listen-port 1 peer  
Fsp5iHWTDVoAHmtuDw6K2CBAG5/Xow4+09hdGvdXv1w= preshared-key /dev/fd/62  
allowed-ips 192.168.241.2/32,fd00::2/128

[  108.338023] wireguard: wg0: Peer 1 created
[+] NS2: wg set wg0 private-key /dev/fd/63 listen-port 2 peer  
6VAZNmgmrNrfpYiU0BsThCXhF9wn7Z6UJybMy4vnWH0= preshared-key /dev/fd/62  
allowed-ips 192.168.241.1/32,fd00::1/128

[  108.390021] wireguard: wg0: Peer 2 created
[+] NS1: ip link set up dev wg0
[+] NS2: ip link set up dev wg0
[+] NS1: ip link show dev wg0
[+] NS1: wg set wg0 peer Fsp5iHWTDVoAHmtuDw6K2CBAG5/Xow4+09hdGvdXv1w=  
endpoint 127.0.0.1:2
[+] NS2: wg set wg0 peer 6VAZNmgmrNrfpYiU0BsThCXhF9wn7Z6UJybMy4vnWH0=  
endpoint 127.0.0.1:1

[+] NS2: ping -c 10 -f -W 1 192.168.241.1
PING 192.168.241.1 (192.168.241.1) 56(84) bytes of data.
.[  108.622524] wireguard: wg0: Sending handshake initiation to peer 2  
(127.0.0.1:1)
[  108.625439] wireguard: wg0: Receiving handshake initiation from  
peer 1 (127.0.0.1:2)
[  108.625472] wireguard: wg0: Sending handshake response to peer 1  
(127.0.0.1:2)

[  108.628233] wireguard: wg0: Keypair 1 created for peer 1
[  108.630247] wireguard: wg0: Receiving handshake response from peer  
2 (127.0.0.1:1)

[  108.630312] wireguard: wg0: Keypair 2 created for peer 2
--- 192.168.241.1 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 13ms
rtt min/avg/max/mdev = 0.298/1.309/8.785/2.495 ms, ipg/ewma 1.535/2.950 ms
[+] NS2: ip -stats link show dev wg0
[+] NS2: ping -c 10 -f -W 1 192.168.241.1
PING 192.168.241.1 (192.168.241.1) 56(84) bytes of data.

--- 192.168.241.1 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 0.325/0.427/0.624/0.087 ms, ipg/ewma 0.556/0.465 ms
[+] NS1: ping -c 10 -f -W 1 192.168.241.2
PING 192.168.241.2 (192.168.241.2) 56(84) bytes of data.

--- 192.168.241.2 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 0.350/0.489/0.772/0.137 ms, ipg/ewma 0.589/0.567 ms
[+] NS2: ping6 -c 10 -f -W 1 fd00::1
PING fd00::1(fd00::1) 56 data bytes

--- fd00::1 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 0.359/0.510/0.734/0.111 ms, ipg/ewma 0.632/0.544 ms
[+] NS1: ping6 -c 10 -f -W 1 fd00::2
PING fd00::2(fd00::2) 56 data bytes

--- fd00::2 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 0.374/0.514/0.744/0.116 ms, ipg/ewma 0.650/0.555 ms
[+] NS2: wait for iperf:5201
[+] NS2: iperf3 -s -1 -B 192.168.241.2
---
Server listening on 5201
---
[+] NS1: iperf3 -Z -n 1G -c 192.168.241.2
Connecting to host 192.168.241.2, port 5201
Accepted connection from 192.168.241.1, port 57634
[  6] local 192.168.241.2 port 5201 connected to 192.168.241.1 port 57636
[  5] local 192.168.241.1 port

Re: netns.sh: Sending cookie response for denied handshake

2017-10-06 Thread René van Dorst 

Also WireGuard 0.0.20171001 has it.


[root@cubox tests]# ./netns.sh
[+] ip netns add wg-test-863-0
[+] ip netns add wg-test-863-1
[+] ip netns add wg-test-863-2
[+] NS0: ip link set up dev lo
[+] NS0: ip link add dev wg0 type wireguard
[  172.621122] wireguard: loading out-of-tree module taints kernel.
[  172.628391] wireguard: module verification failed: signature and/or  
required
  key missing - tainting  
kernel

[  172.642541] wireguard: routing table self-tests: pass
[  172.650545] wireguard: nonce counter self-tests: pass
[  172.660875] wireguard: curve25519 self-tests: pass
[  172.665806] wireguard: chacha20poly1305 self-tests: pass
[  172.673951] wireguard: blake2s self-tests: pass
[  173.014255] wireguard: ratelimiter self-tests: pass
[  173.019415] wireguard: WireGuard 0.0.20171001 loaded. See  
www.wireguard.com f 
or information.
[  173.027933] wireguard: Copyright (C) 2015-2017 Jason A. Donenfeld  
. All Rights  
Reserved.

[  173.040380] wireguard: wg0: Interface created
[+] NS0: ip link set wg0 netns wg-test-863-1
[+] NS0: ip link add dev wg0 type wireguard
[  173.128583] wireguard: wg0: Interface created
[+] NS0: ip link set wg0 netns wg-test-863-2
[+] wg genkey
[+] wg genkey
[+] wg pubkey
[+] wg pubkey
[+] wg genpsk
[+] NS1: ip addr add 192.168.241.1/24 dev wg0
[+] NS1: ip addr add fd00::1/24 dev wg0
[+] NS2: ip addr add 192.168.241.2/24 dev wg0
[+] NS2: ip addr add fd00::2/24 dev wg0
[+] NS1: wg set wg0 private-key /dev/fd/63 listen-port 1 peer  
xU8gpc+t5m8/Aa7+Vs  

JXj/U7yS05L3+5ffVxLOOuWDw= preshared-key /dev/fd/62 allowed-ips  
192.168.241.2/32
 ,fd00::2/128

[  173.412056] wireguard: wg0: Peer 1 created
[+] NS2: wg set wg0 private-key /dev/fd/63 listen-port 2 peer  
XdjZJkqTsFnVFO/gHW  

Hf6Xqribof8bHd2BeFUZAjA2Y= preshared-key /dev/fd/62 allowed-ips  
192.168.241.1/32
 ,fd00::1/128

[  173.457206] wireguard: wg0: Peer 2 created
[+] NS1: ip link set up dev wg0
[+] NS2: ip link set up dev wg0
[+] NS1: ip link show dev wg0
[+] NS1: wg set wg0 peer xU8gpc+t5m8/Aa7+VsJXj/U7yS05L3+5ffVxLOOuWDw=  
endpoint 1  
   27.0.0.1:2
[+] NS2: wg set wg0 peer XdjZJkqTsFnVFO/gHWHf6Xqribof8bHd2BeFUZAjA2Y=  
endpoint 1  
   27.0.0.1:1

[+] NS2: ping -c 10 -f -W 1 192.168.241.1
PING 192.168.241.1 (192.168.241.1) 56(84) bytes of data.
.[  173.687604] wireguard: wg0: Sending handshake initiation to peer 2  
(127.0.0.   
  1:1)
[  173.689508] wireguard: wg0: Sending cookie response for denied  
handshake mess  
   age for 127.0.0.1:2

[  173.689608] wireguard: wg0: Receiving cookie response from 127.0.0.1:1
.
--- 192.168.241.1 ping statistics ---
10 packets transmitted, 0 received, 100% packet loss, time 98ms

[+] NS0: ip link del dev wg0
[+] NS1: ip link del dev wg0
[  174.898691] wireguard: wg0: Peer 1 (127.0.0.1:2) destroyed
[  174.908717] wireguard: wg0: Interface deleted
[+] NS2: ip link del dev wg0
[  174.960702] wireguard: wg0: Peer 2 (127.0.0.1:1) destroyed
[  174.982706] wireguard: wg0: Interface deleted
[+] ip netns del wg-test-863-1
[+] ip netns del wg-test-863-2
[+] ip netns del wg-test-863-0
[root@cubox tests]#
[+] ip netns add wg-test-863-2
[+] NS0: ip link set up dev lo
[+] NS0: ip link add dev wg0 type wireguard
[  172.621122] wireguard: loading out-of-tree module taints kernel.
[  172.628391] wireguard: module verification failed: signature and/or  
required key missing - tainting kernel

[  172.642541] wireguard: routing table self-tests: pass
[  172.650545] wireguard: nonce counter self-tests: pass
[  172.660875] wireguard: curve25519 self-tests: pass
[  172.665806] wireguard: chacha20poly1305 self-tests: pass
[  172.673951] wireguard: blake2s self-tests: pass
[  173.014255] wireguard: ratelimiter self-tests: pass
[  173.019415] wireguard: WireGuard 0.0.20171001 loaded. See  
www.wireguard.com for

netns.sh: Sending cookie response for denied handshake

2017-10-06 Thread René van Dorst 
vfpd32
CPU implementer : 0x41
CPU architecture: 7
CPU variant : 0x2
CPU part: 0xc09
CPU revision: 10

Hardware: Freescale i.MX6 Quad/DualLite (Device Tree)
Revision: 
Serial  : 


[root@cubox tests]# gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/armv7hl-redhat-linux-gnueabi/7/lto-wrapper
Target: armv7hl-redhat-linux-gnueabi
Configured with: ../configure --enable-bootstrap  
--enable-languages=c,c++,objc,obj-c++,fortran,ada,go,lto --prefix=/usr  
--mandir=/usr/share/man --infodir=/usr/share/info  
--with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-shared  
--enable-threads=posix --enable-checking=release --enable-multilib  
--with-system-zlib --enable-__cxa_atexit  
--disable-libunwind-exceptions --enable-gnu-unique-object  
--enable-linker-build-id --with-gcc-major-version-only  
--with-linker-hash-style=gnu --enable-plugin --enable-initfini-array  
--with-isl --disable-libmpx --enable-gnu-indirect-function  
--disable-sjlj-exceptions --with-tune=cortex-a8 --with-arch=armv7-a  
--with-float=hard --with-fpu=vfpv3-d16 --with-abi=aapcs-linux  
--build=armv7hl-redhat-linux-gnueabi

Thread model: posix
gcc version 7.2.1 20170915 (Red Hat 7.2.1-2) (GCC)


Greats,

René van Dorst.


___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Failed to give packet to userspace from peer with very poor wifi connection.

2017-10-03 Thread René van Dorst 

Quoting "Jason A. Donenfeld" :


Hey René,

I've got this fixed in the latest master branch, and it will roll out
in the upcoming snapshot.

Jason


I tried but I don't get the error any more.

Thanks,

René

___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Failed to give packet to userspace from peer with very poor wifi connection.

2017-09-22 Thread René van Dorst 

Quoting "Jason A. Donenfeld" :


Are you *positive* you don't have it reversed?

In my testing, 0.0.20170918 has the issue with "failed to give packet
to userspace", whereas current git master does _not_ have the issue.

Can you make sure that after building the new module, you're sure to
unload the previous one (rmmod)?


I recompiled and tested again with git master, 0.0.20170918-9-g31ae6e6

[root@cubox src]# modprobe wireguard
[  851.416239] wireguard: routing table self-tests: pass
[  851.425864] wireguard: nonce counter self-tests: pass
[  851.437725] wireguard: curve25519 self-tests: pass
[  851.443139] wireguard: chacha20poly1305 self-tests: pass
[  851.451343] wireguard: blake2s self-tests: pass
[  851.819278] wireguard: ratelimiter self-tests: pass
[  851.824417] wireguard: WireGuard 0.0.20170918-9-g31ae6e6 loaded.  
See www.wireguard.com for information.
[  851.833915] wireguard: Copyright (C) 2015-2017 Jason A. Donenfeld  
. All Rights Reserved.

[root@cubox src]# wg-quick up wg0
[#] ip link add wg0 type wireguard
[  859.735321] wireguard: wg0: Interface created
[#] wg setconf wg0 /dev/fd/63
[  859.784055] wireguard: wg0: Peer 1 created
[#] ip address add 10.0.0.2/24 dev wg0
[#] ip address add fd00::2/128 dev wg0
[#] ip link set mtu 1440 dev wg0
[#] ip link set wg0 up
[  859.827675] wireguard: wg0: Sending keepalive packet to peer 1  
(192.168.2.222:36464)
[  859.827733] wireguard: wg0: Sending handshake initiation to peer 1  
(192.168.2.222:36464)
[  859.882635] wireguard: wg0: Receiving handshake response from peer  
1 (192.168.2.222:36464)

[  859.882687] wireguard: wg0: Keypair 1 created for peer 1
[#] ip route add fd00::/64 dev wg0
[#] ip route add 2a02:/48 dev wg0
[root@cubox src]# iperf3 -c 10.0.0.1 -b 1M -t 30 -i 1
[  885.151542] wireguard: wg0: Sending keepalive packet to peer 1  
(192.168.2.222:36464)


Connecting to host 10.0.0.1, port 5201
[  4] local 10.0.0.2 port 58610 connected to 10.0.0.1 port 5201
[ ID] Interval   Transfer Bandwidth   Retr  Cwnd
[  4]   0.00-1.00   sec   117 KBytes   955 Kbits/sec0   43.4 KBytes
[  4]   1.00-2.00   sec   235 KBytes  1.93 Mbits/sec0   51.5 KBytes
[  4]   2.00-3.00   sec   128 KBytes  1.05 Mbits/sec0   56.9 KBytes
[  4]   3.00-4.00   sec  0.00 Bytes  0.00 bits/sec0   56.9 KBytes
[  4]   4.00-5.00   sec  88.9 KBytes   728 Kbits/sec0   56.9 KBytes
[  4]   5.00-6.00   sec   125 KBytes  1.02 Mbits/sec0   56.9 KBytes
[  4]   6.00-7.00   sec  0.00 Bytes  0.00 bits/sec5   27.1 KBytes
[  4]   7.00-8.00   sec  0.00 Bytes  0.00 bits/sec8   23.0 KBytes
[  4]   8.00-9.00   sec   125 KBytes  1.02 Mbits/sec0   43.4 KBytes
[  4]   9.00-10.00  sec  0.00 Bytes  0.00 bits/sec2   32.5 KBytes
[  4]  10.00-11.00  sec  0.00 Bytes  0.00 bits/sec   10   27.1 KBytes
[  4]  11.00-12.00  sec  0.00 Bytes  0.00 bits/sec8   24.4 KBytes
[  4]  12.00-13.00  sec  0.00 Bytes  0.00 bits/sec3   20.3 KBytes
[  4]  13.00-14.00  sec  0.00 Bytes  0.00 bits/sec0   20.3 KBytes
[  4]  14.00-15.00  sec  0.00 Bytes  0.00 bits/sec0   20.3 KBytes
[  4]  15.00-16.00  sec  0.00 Bytes  0.00 bits/sec0   20.3 KBytes
[  4]  16.00-17.00  sec  0.00 Bytes  0.00 bits/sec0   20.3 KBytes
[  4]  17.00-18.00  sec  0.00 Bytes  0.00 bits/sec1   1.36 KBytes
[  4]  18.00-19.00  sec  0.00 Bytes  0.00 bits/sec0   1.36 KBytes
[  4]  19.00-20.00  sec  0.00 Bytes  0.00 bits/sec0   1.36 KBytes
[  4]  20.00-21.00  sec  0.00 Bytes  0.00 bits/sec0   1.36 KBytes
[  4]  21.00-22.00  sec  0.00 Bytes  0.00 bits/sec0   1.36 KBytes
[  4]  22.00-23.00  sec  0.00 Bytes  0.00 bits/sec0   1.36 KBytes
[  4]  23.00-24.00  sec  0.00 Bytes  0.00 bits/sec0   1.36 KBytes
[  4]  24.00-25.00  sec  0.00 Bytes  0.00 bits/sec0   1.36 KBytes
[  4]  25.00-26.00  sec  0.00 Bytes  0.00 bits/sec0   1.36 KBytes
[  4]  26.00-27.00  sec  0.00 Bytes  0.00 bits/sec1   1.36 KBytes
[  4]  27.00-28.00  sec  62.4 KBytes   511 Kbits/sec   13   4.07 KBytes
[  4]  28.00-29.00  sec  0.00 Bytes  0.00 bits/sec3   6.78 KBytes
[  920.064607] wireguard: wg0: Failed to give packet to userspace from  
peer 1 (192.168.2.222:36464)
[  920.073695] wireguard: wg0: Failed to give packet to userspace from  
peer 1 (192.168.2.222:36464)
[  920.081211] wireguard: wg0: Failed to give packet to userspace from  
peer 1 (192.168.2.222:36464)

[  4]  29.00-30.00  sec   125 KBytes  1.02 Mbits/sec1   5.42 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval   Transfer Bandwidth   Retr
[  4]   0.00-30.00  sec  1005 KBytes   274 Kbits/sec   55 sender
[  4]   0.00-30.00  sec   780 KBytes   213 Kbits/sec  receiver

iperf Done.
[root@cubox src]#

Greats,

René

___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Failed to give packet to userspace from peer with very poor wifi connection.

2017-09-22 Thread René van Dorst 

Hi Jason,

I get "Failed to give packet to userspace from peer x" on my Solidrun  
Cubox I4pro with very poor wifi connection.
So i connect to my internal wireguard server via wifi. Run iperf3.  
Often I get Failed to give packet to userspace from peer x. See full  
log below.


I noticed it seems to happen before the last interval of iperf.

Running F26 with stock kernel 4.12.13-300.fc26.armv7hl

WireGuard 0.0.20170918-9-g31ae6e6: Fails often
WireGuard 0.0.20170918: No fails at the moment.

Related commit?:  
https://git.zx2c4.com/WireGuard/commit/?id=939c122c57ce834ac5624409272ece1428f70a4a


Number of Wifi AP in the aera:
[root@cubox src]# iw wlan0 scan | grep SSID | wc -l
17


dmesg and iperf3 log combined.

"dmesg -w &" # running dmesg in background.


[root@cubox ~]# iperf3 -c 10.0.0.1 -b 2M -t 120
Connecting to host 10.0.0.1, port 5201
[  4] local 10.0.0.2 port 51816 connected to 10.0.0.1 port 5201
[ ID] Interval   Transfer Bandwidth   Retr  Cwnd
[  4]   0.00-1.00   sec   144 KBytes  1.18 Mbits/sec0   17.6 KBytes
[  4]   1.00-2.00   sec  48.8 KBytes   400 Kbits/sec0   20.3 KBytes
[  4]   2.00-3.00   sec  89.5 KBytes   733 Kbits/sec0   24.4 KBytes
[  4]   3.00-4.00   sec   127 KBytes  1.04 Mbits/sec0   39.3 KBytes
[  4]   4.00-5.00   sec  0.00 Bytes  0.00 bits/sec0   39.3 KBytes
[  4]   5.00-6.00   sec  81.3 KBytes   666 Kbits/sec0   39.3 KBytes
[  4]   6.00-7.00   sec   125 KBytes  1.02 Mbits/sec0   59.6 KBytes
[  4]   7.00-8.00   sec  0.00 Bytes  0.00 bits/sec1   1.36 KBytes
[  4]   8.00-9.00   sec  0.00 Bytes  0.00 bits/sec3   10.8 KBytes
[  4]   9.00-10.00  sec   125 KBytes  1.02 Mbits/sec   13   40.7 KBytes
[  4]  10.00-11.00  sec  0.00 Bytes  0.00 bits/sec0   40.7 KBytes
[  4]  11.00-12.00  sec  0.00 Bytes  0.00 bits/sec0   40.7 KBytes
[  4]  12.00-13.00  sec  0.00 Bytes  0.00 bits/sec0   40.7 KBytes
[  4]  13.00-14.00  sec  0.00 Bytes  0.00 bits/sec0   40.7 KBytes
[  4]  14.00-15.00  sec  0.00 Bytes  0.00 bits/sec0   40.7 KBytes
[  4]  15.00-16.00  sec  0.00 Bytes  0.00 bits/sec1   1.36 KBytes
[  4]  16.00-17.00  sec  0.00 Bytes  0.00 bits/sec0   1.36 KBytes
[  4]  17.00-18.00  sec  0.00 Bytes  0.00 bits/sec0   1.36 KBytes
[  4]  18.00-19.00  sec  0.00 Bytes  0.00 bits/sec0   1.36 KBytes
[  4]  19.00-20.00  sec  0.00 Bytes  0.00 bits/sec0   1.36 KBytes
[  4]  20.00-21.00  sec  0.00 Bytes  0.00 bits/sec0   1.36 KBytes
[  4]  21.00-22.00  sec  0.00 Bytes  0.00 bits/sec1   1.36 KBytes
[  4]  22.00-23.00  sec  0.00 Bytes  0.00 bits/sec0   1.36 KBytes
[  4]  23.00-24.00  sec  0.00 Bytes  0.00 bits/sec0   1.36 KBytes
[  4]  24.00-25.00  sec  0.00 Bytes  0.00 bits/sec0   1.36 KBytes
[ 1141.138567] wireguard: wg0: Receiving handshake initiation from  
peer 2 (192.168.2.222:36464)
[ 1141.138579] wireguard: wg0: Sending handshake response to peer 2  
(192.168.2.222:36464)

[ 1141.140991] wireguard: wg0: Keypair 16 created for peer 2
[  4]  25.00-26.00  sec  0.00 Bytes  0.00 bits/sec0   1.36 KBytes
[  4]  26.00-27.00  sec  0.00 Bytes  0.00 bits/sec0   1.36 KBytes
[  4]  27.00-28.00  sec  0.00 Bytes  0.00 bits/sec0   1.36 KBytes
[  4]  28.00-29.00  sec  0.00 Bytes  0.00 bits/sec0   1.36 KBytes
[  4]  29.00-30.00  sec  0.00 Bytes  0.00 bits/sec0   1.36 KBytes
[ 1146.511071] wireguard: wg0: Receiving handshake initiation from  
peer 2 (192.168.2.222:36464)
[ 1146.511085] wireguard: wg0: Sending handshake response to peer 2  
(192.168.2.222:36464)

[ 1146.513501] wireguard: wg0: Keypair 17 created for peer 2
[ 1146.518677] wireguard: wg0: Keypair 16 destroyed for peer 2
[ 1146.523213] wireguard: wg0: Receiving keepalive packet from peer 2  
(192.168.2.222:36464)

[  4]  30.00-31.00  sec  0.00 Bytes  0.00 bits/sec0   1.36 KBytes
[  4]  31.00-32.00  sec  0.00 Bytes  0.00 bits/sec0   1.36 KBytes
[  4]  32.00-33.00  sec  0.00 Bytes  0.00 bits/sec0   1.36 KBytes
[  4]  33.00-34.00  sec  0.00 Bytes  0.00 bits/sec   31   28.5 KBytes
[  4]  34.00-35.00  sec   125 KBytes  1.02 Mbits/sec0   32.5 KBytes
[  4]  35.00-36.00  sec  0.00 Bytes  0.00 bits/sec0   36.6 KBytes
[  4]  36.00-37.00  sec  0.00 Bytes  0.00 bits/sec0   38.0 KBytes
[  4]  37.00-38.00  sec   125 KBytes  1.02 Mbits/sec6   27.1 KBytes
[  4]  38.00-39.00  sec  0.00 Bytes  0.00 bits/sec0   27.1 KBytes
[  4]  39.00-40.00  sec  0.00 Bytes  0.00 bits/sec1   27.1 KBytes
[  4]  40.00-41.00  sec  0.00 Bytes  0.00 bits/sec0   25.8 KBytes
[  4]  41.00-42.00  sec  0.00 Bytes  0.00 bits/sec0   25.8 KBytes
[  4]  42.00-43.00  sec  0.00 Bytes  0.00 bits/sec0   25.8 KBytes
[  4]  43.00-44.00  sec  0.00 Bytes  0.00 bits/sec0   25.8 KBytes
[  4]  44.00-45.00  sec  0.00 Bytes  0.00 bits/sec0   25.8 KBytes
[  4]  45.00-46.00  sec  0.00 Bytes  0.00 bits/sec0   25.8 KBytes
[  4]  46.00-47.00  sec  0.00 Bytes  0.00 bits/sec1   1.36 KBytes
[  4]  47.00-48.00  sec  0.00 Bytes  0.00

Re: Last pingtest always fails with netns.sh script on ARM device with F25.

2017-09-20 Thread René van Dorst 

Quoting "Jason A. Donenfeld" :


Hey René,

I figured it out; it was a bug in the test suite, relying on default
Linux values, instead of explicitly setting them. It was introduced
here:

https://git.zx2c4.com/WireGuard/diff/src/tests/netns.sh?id=af2435d180ebb5a3d89b21eb9118d1c643f03f95

And I've fixed it here:

https://git.zx2c4.com/WireGuard/commit/?id=9bd0558427d7eb7dc36b7f720d83ef835056fae6

Thanks for sending all the info!

Regards,
Jason


Hi Jason,

It is working here too.
Thanks for fixing it.

Greats,

René

___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Last pingtest always fails with netns.sh script on ARM device with F25.

2017-09-19 Thread René van Dorst 
2: wait for veth2 to come up
[+] NS2: wg set wg0 peer m0ZOHPMLWIJZofQvj1c19YXs78XAJ/n6pXXM51Aj1RQ=  
endpoint 10.0.0.1:1

[+] NS2: ping -W 1 -c 1 192.168.241.1
PING 192.168.241.1 (192.168.241.1) 56(84) bytes of data.
64 bytes from 192.168.241.1: icmp_seq=1 ttl=64 time=0.875 ms

--- 192.168.241.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.875/0.875/0.875/0.000 ms
[+] NS2: wg show wg0 endpoints
[+] NS2: wg set wg0 peer m0ZOHPMLWIJZofQvj1c19YXs78XAJ/n6pXXM51Aj1RQ=  
endpoint [fd00:aa::1]:1

[+] NS2: ping -W 1 -c 1 192.168.241.1
PING 192.168.241.1 (192.168.241.1) 56(84) bytes of data.
64 bytes from 192.168.241.1: icmp_seq=1 ttl=64 time=0.912 ms

--- 192.168.241.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.912/0.912/0.912/0.000 ms
[+] NS2: wg show wg0 endpoints
[+] NS2: wg set wg0 peer m0ZOHPMLWIJZofQvj1c19YXs78XAJ/n6pXXM51Aj1RQ=  
endpoint 10.0.0.2:1

[+] NS2: ping -W 1 -c 1 192.168.241.1
PING 192.168.241.1 (192.168.241.1) 56(84) bytes of data.
64 bytes from 192.168.241.1: icmp_seq=1 ttl=64 time=0.699 ms

--- 192.168.241.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.699/0.699/0.699/0.000 ms
[+] NS2: wg show wg0 endpoints
[+] NS2: wg set wg0 peer m0ZOHPMLWIJZofQvj1c19YXs78XAJ/n6pXXM51Aj1RQ=  
endpoint [fd00:aa::2]:1

[+] NS2: ping -W 1 -c 1 192.168.241.1
PING 192.168.241.1 (192.168.241.1) 56(84) bytes of data.
64 bytes from 192.168.241.1: icmp_seq=1 ttl=64 time=0.912 ms

--- 192.168.241.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.912/0.912/0.912/0.000 ms
[+] NS2: wg show wg0 endpoints
[+] NS1: ip link add dummy0 type dummy
[+] NS1: ip addr add 10.50.0.1/24 dev dummy0
[+] NS1: ip link set dummy0 up
[+] NS2: ip route add 10.50.0.0/24 dev veth2
[+] NS2: wg set wg0 peer m0ZOHPMLWIJZofQvj1c19YXs78XAJ/n6pXXM51Aj1RQ=  
endpoint 10.50.0.1:1

[+] NS2: ping -W 1 -c 1 192.168.241.1
PING 192.168.241.1 (192.168.241.1) 56(84) bytes of data.
64 bytes from 192.168.241.1: icmp_seq=1 ttl=64 time=0.809 ms

--- 192.168.241.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.809/0.809/0.809/0.000 ms
[+] NS2: wg show wg0 endpoints
[+] NS1: ip link del dummy0
[+] NS1: ip addr flush dev veth1
[+] NS2: ip addr flush dev veth2
[+] NS1: ip route flush dev veth1
[+] NS2: ip route flush dev veth2
[+] NS1: ip link add veth3 type veth peer name veth4
[+] NS1: ip link set veth4 netns wg-test-6573-2
[+] NS1: ip addr add 10.0.0.1/24 dev veth1
[+] NS2: ip addr add 10.0.0.2/24 dev veth2
[+] NS1: ip addr add 10.0.0.3/24 dev veth3
[+] NS1: ip link set veth1 up
[+] NS2: ip link set veth2 up
[+] NS1: ip link set veth3 up
[+] NS2: ip link set veth4 up
[+] NS1: wait for veth1 to come up
[+] NS2: wait for veth2 to come up
[+] NS1: wait for veth3 to come up
[+] NS2: wait for veth4 to come up
[+] NS1: ip route flush dev veth1
[+] NS1: ip route flush dev veth3
[+] NS1: ip route add 10.0.0.0/24 dev veth1 src 10.0.0.1 metric 2
[+] NS1: wg set wg0 peer qp5HZuPu/rlYBeupDbAkJGZlruGAm/YmdbzU/Cq5sAg=  
endpoint 10.0.0.2:2

[+] NS1: ping -W 1 -c 1 192.168.241.2
PING 192.168.241.2 (192.168.241.2) 56(84) bytes of data.
64 bytes from 192.168.241.2: icmp_seq=1 ttl=64 time=0.811 ms

--- 192.168.241.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.811/0.811/0.811/0.000 ms
[+] NS2: wg show wg0 endpoints
[+] NS1: ip route add 10.0.0.0/24 dev veth3 src 10.0.0.3 metric 1
[+] NS1: wg
interface: wg0
  public key: m0ZOHPMLWIJZofQvj1c19YXs78XAJ/n6pXXM51Aj1RQ=
  private key: wLr9KiOFW7h8FCHVJn2GYGYTuXlSyDyow8fe5uxYanQ=
  listening port: 1

peer: qp5HZuPu/rlYBeupDbAkJGZlruGAm/YmdbzU/Cq5sAg=
  preshared key: qI2OTus+9Kb+7NPmXtyi9+1ZIvLslZrJDEaatUMBzjA=
  endpoint: 10.0.0.2:2
  allowed ips: 192.168.241.2/32, fd00::2/128
  latest handshake: 2 seconds ago
  transfer: 932 B received, 1.39 KiB sent
[+] NS2: wg
interface: wg0
  public key: qp5HZuPu/rlYBeupDbAkJGZlruGAm/YmdbzU/Cq5sAg=
  private key: oEjfcatLDq37pzE/vevcTO1ld4t7jUFuYeAAczs/uUs=
  listening port: 2

peer: m0ZOHPMLWIJZofQvj1c19YXs78XAJ/n6pXXM51Aj1RQ=
  preshared key: qI2OTus+9Kb+7NPmXtyi9+1ZIvLslZrJDEaatUMBzjA=
  endpoint: 10.0.0.1:1
  allowed ips: 192.168.241.1/32, fd00::1/128
  latest handshake: 2 seconds ago
  transfer: 988 B received, 1.34 KiB sent
[+] NS1: ping -W 5 -c 5 192.168.241.2
PING 192.168.241.2 (192.168.241.2) 56(84) bytes of data.

--- 192.168.241.2 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4135ms

[+] NS0: ip link del dev wg0
[+] NS1: ip link del dev wg0
[+] NS2: ip link del dev wg0
[+] ip netns del wg-test-6573-1
[+] ip netns del wg-test-6573-2
[+] ip netns del wg-test-6573-0

Greats,

René van Dorst.


___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Last pingtest always fails with netns.sh script on ARM device with F25.

2017-09-19 Thread René van Dorst 
147,161

tests
ip1 link set wg0 mtu $big_mtu
ip2 link set wg0 mtu $big_mtu
tests

ip1 link set wg0 mtu $orig_mtu
ip2 link set wg0 mtu $orig_mtu

# Test using IPv6 as outer transport
n1 wg set wg0 peer "$pub2" endpoint [::1]:2
n2 wg set wg0 peer "$pub1" endpoint [::1]:1
tests
ip1 link set wg0 mtu $big_mtu
ip2 link set wg0 mtu $big_mtu
tests

346,353c361
<
<
< n1 wg
< n2 wg
<
< n1 ping -W 5 -c 5 192.168.241.2
<
<
---

n1 ping -W 1 -c 1 192.168.241.2

355d362
<



[root@cubox src]# ifconfig
eth0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
ether d0:63:b4:00:1d:2f  txqueuelen 1000  (Ethernet)
RX packets 0  bytes 0 (0.0 B)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 0  bytes 0 (0.0 B)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
inet 127.0.0.1  netmask 255.0.0.0
inet6 ::1  prefixlen 128  scopeid 0x10
loop  txqueuelen 1000  (Local Loopback)
RX packets 32  bytes 2768 (2.7 KiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 32  bytes 2768 (2.7 KiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
inet 192.168.2.32  netmask 255.255.255.0  broadcast 192.168.2.255
inet6 fe80::663e:f78a:785f:d431  prefixlen 64  scopeid 0x20
inet6 2a02::8e97  prefixlen 64  scopeid 0x0
ether 40:2c:f4:ae:28:f4  txqueuelen 1000  (Ethernet)
RX packets 2928  bytes 228334 (222.9 KiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 2718  bytes 975589 (952.7 KiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@cubox src]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric RefUse Iface
0.0.0.0 192.168.2.254   0.0.0.0 UG    600    0    0 wlan0
192.168.2.0 0.0.0.0 255.255.255.0   U 60000 wlan0

Greats,

René van Dorst.





___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Any Android client news?

2017-09-12 Thread René van Dorst 

Hi Jason,

Is there any news about the Wireguard Android client?
I saw that the v0.1.0 tags was made 3 weeks ago.

So can it be used? Or even beter, how to install it from the play store?

Greats,

René van Dorst.


___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] News about MIPS and ARM optimized code?

2016-09-14 Thread René van Dorst 

An update of my current findings.

Most improvements I have seen at the moment is writing and optimize  
poly1305_generic_blocks function.

This gives a improvement of more than 1%.
I also noticed that the ping time does not change.

Improvement at the moment is around UDP: ~1.47% TCP: ~1.68% on large  
transfers like iperf.


Wireguard mix of Asm and C variant:  
https://github.com/vDorst/wireguard/commit/6f9187c325ee883b1f2b9f9da3deb0a61655b504


root@lede:~# iperf3 -c 10.0.0.1 -i 10 -u -b 1G -t 60
Connecting to host 10.0.0.1, port 5201
[  4] local 10.0.0.2 port 47996 connected to 10.0.0.1 port 5201
[ ID] Interval   Transfer Bandwidth   Total Datagrams
[  4]   0.00-10.00  sec  57.5 MBytes  48.2 Mbits/sec  7354
[  4]  10.00-20.00  sec  57.4 MBytes  48.2 Mbits/sec  7350
[  4]  20.00-30.00  sec  57.4 MBytes  48.2 Mbits/sec  7353
[  4]  30.00-40.00  sec  57.5 MBytes  48.2 Mbits/sec  7356
[  4]  40.00-50.00  sec  57.5 MBytes  48.2 Mbits/sec  7357
[  4]  50.00-60.00  sec  57.5 MBytes  48.2 Mbits/sec  7358
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval   Transfer Bandwidth   Jitter 
Lost/Total Datagrams

[  4]   0.00-60.00  sec   345 MBytes  48.2 Mbits/sec  0.037 ms  0/44128 (0%)
[  4] Sent 44128 datagrams

root@lede:~# iperf3 -c 10.0.0.1 -i 10-b 1G -t 60
Connecting to host 10.0.0.1, port 5201
[  4] local 10.0.0.2 port 37950 connected to 10.0.0.1 port 5201
[ ID] Interval   Transfer Bandwidth   Retr  Cwnd
[  4]   0.00-10.14  sec  52.5 MBytes  43.4 Mbits/sec0147 KBytes
[  4]  10.14-20.02  sec  51.2 MBytes  43.5 Mbits/sec0147 KBytes
[  4]  20.02-30.14  sec  52.5 MBytes  43.5 Mbits/sec0147 KBytes
[  4]  30.14-40.01  sec  51.2 MBytes  43.5 Mbits/sec0147 KBytes
[  4]  40.01-50.16  sec  52.5 MBytes  43.4 Mbits/sec0220 KBytes
[  4]  50.16-60.01  sec  42.5 MBytes  36.2 Mbits/sec0220 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval   Transfer Bandwidth   Retr
[  4]   0.00-60.01  sec   302 MBytes  42.3 Mbits/sec0 sender
[  4]   0.00-60.01  sec   302 MBytes  42.3 Mbits/sec  receiver


Wireguard C variant:  
https://github.com/vDorst/wireguard/commit/13fae657624aac6b9c1f411aa6472a91aae7fcc3


root@lede:~# iperf3 -c 10.0.0.1 -i 10 -u -b 1G -t 60
Connecting to host 10.0.0.1, port 5201
[  4] local 10.0.0.2 port 40439 connected to 10.0.0.1 port 5201
[ ID] Interval   Transfer Bandwidth   Total Datagrams
[  4]   0.00-10.00  sec  56.6 MBytes  47.5 Mbits/sec  7246
[  4]  10.00-20.00  sec  56.6 MBytes  47.5 Mbits/sec  7243
[  4]  20.00-30.00  sec  56.6 MBytes  47.5 Mbits/sec  7244
[  4]  30.00-40.00  sec  56.6 MBytes  47.5 Mbits/sec  7245
[  4]  40.00-50.00  sec  56.6 MBytes  47.5 Mbits/sec  7245
[  4]  50.00-60.00  sec  56.6 MBytes  47.5 Mbits/sec  7247
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval   Transfer Bandwidth   Jitter 
Lost/Total Datagrams

[  4]   0.00-60.00  sec   340 MBytes  47.5 Mbits/sec  0.039 ms  0/43470 (0%)
[  4] Sent 43470 datagrams

root@lede:~# iperf3 -c 10.0.0.1 -i 10 -b 1G -t 60
Connecting to host 10.0.0.1, port 5201
[  4] local 10.0.0.2 port 37956 connected to 10.0.0.1 port 5201
[ ID] Interval   Transfer Bandwidth   Retr  Cwnd
[  4]   0.00-10.02  sec  49.6 MBytes  41.5 Mbits/sec0137 KBytes
[  4]  10.02-20.00  sec  49.6 MBytes  41.7 Mbits/sec0209 KBytes
[  4]  20.00-30.02  sec  49.6 MBytes  41.6 Mbits/sec0209 KBytes
[  4]  30.02-40.01  sec  49.2 MBytes  41.3 Mbits/sec0209 KBytes
[  4]  40.01-50.02  sec  49.6 MBytes  41.6 Mbits/sec0209 KBytes
[  4]  50.02-60.02  sec  49.6 MBytes  41.6 Mbits/sec0209 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval   Transfer Bandwidth   Retr
[  4]   0.00-60.02  sec   297 MBytes  41.6 Mbits/sec0 sender
[  4]   0.00-60.02  sec   297 MBytes  41.6 Mbits/sec  receiver


Greats,

René van Dorst.

___
WireGuard mailing list
WireGuard@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] News about MIPS and ARM optimized code?

2016-09-09 Thread René van Dorst 

Here is my last source code https://github.com/vDorst/wireguard/tree/mips32r2
Including the long history of try and fail ;).
But also good ideas like try to optimize the code for better data dependency.
Which makes the code less readable but more efficient.

This is the assembly part  
https://github.com/vDorst/wireguard/blob/mips32r2/src/crypto/chacha20-mips32r2.S


Created functions:
* asmlinkage void chacha20_keysetup(struct chacha20_ctx *ctx, const u8  
key[static 32], const u8 nonce[static 8]);

* asmlinkage void chacha20_generic_block(struct chacha20_ctx *ctx);
* asmlinkage unsigned int poly1305_generic_blocks(struct poly1305_ctx  
*ctx, const u8 *src, unsigned int srclen, u32 hibit);


poly1305_generic_blocks is fixed in the last commit.

Code is written for MIPS32r2 Big endian.
Code has some define for __ORDER_BIG_ENDIAN__ which enable the endian  
swap for that data but is not tested for Litte endian.


Todo:
* Change the C code to see how fast that works and set benchmark baseline.
* Look if I can optimize assembler version even more.

Greats,

René van Dorst.


___
WireGuard mailing list
WireGuard@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] News about MIPS and ARM optimized code?

2016-09-09 Thread René van Dorst 

Not yet.

But it think more platforms suffer of this misaligned memory fetching.

So if someone fix this also in the C code that it will boost the  
performance without the assembly version.


Greats,

René

Quoting Baptiste Jonglez <bapti...@bitsofnetworks.org>:


Nice work!  I had tried to write chacha20_generic_block in MIPS assembly,
but I got confused with endianness issues and the code didn't work in the
end.

Is your code available somewhere?  I'd be happy to test on a variety of
MIPS routers.

On Fri, Sep 09, 2016 at 01:46:11PM +, René van Dorst wrote:

Duo the misaligned data fetching function like poly1305 causes regression on
the mips.

h0 += (le32_to_cpuvp(src +  0) >> 0) & 0x3ff;
h1 += (le32_to_cpuvp(src +  3) >> 2) & 0x3ff;
h2 += (le32_to_cpuvp(src +  6) >> 4) & 0x3ff;
h3 += (le32_to_cpuvp(src +  9) >> 6) & 0x3ff;
h4 += (le32_to_cpuvp(src + 12) >> 8) | hibit;


Had 26MBit now +42.

root@lede:~# iperf3 -c 10.0.0.1 -i 10
Connecting to host 10.0.0.1, port 5201
[  4] local 10.0.0.2 port 36216 connected to 10.0.0.1 port 5201
[ ID] Interval   Transfer Bandwidth   Retr  Cwnd
[  4]   0.00-10.08  sec  51.2 MBytes  42.7 Mbits/sec0171 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval   Transfer Bandwidth   Retr
[  4]   0.00-10.08  sec  51.2 MBytes  42.7 Mbits/sec0 sender
[  4]   0.00-10.08  sec  51.2 MBytes  42.7 Mbits/sec 
  receiver


iperf Done.
root@lede:~# iperf3 -c 10.0.0.1 -u -b 1G -i 10
Connecting to host 10.0.0.1, port 5201
[  4] local 10.0.0.2 port 60714 connected to 10.0.0.1 port 5201
[ ID] Interval   Transfer Bandwidth   Total Datagrams
[  4]   0.00-10.00  sec  56.3 MBytes  47.2 Mbits/sec  7209
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval   Transfer Bandwidth   JitterLost/Total
Datagrams
[  4]   0.00-10.00  sec  56.3 MBytes  47.2 Mbits/sec  0.034 ms  0/7209 (0%)
[  4] Sent 7209 datagrams

iperf Done.
root@lede:~#


Work is not done yet but a good start.

Greats,

René van Dorst.

Quoting René van Dorst <opensou...@vdorst.com>:

>I did try to write some MIPS32r2 code.
>I wrote the chacha20_keysetup, chacha20_generic_block and
>poly1305_generic_blocks in assembly.
>Tried to load all needed variables in the registers. Which should reduce
>the memory overhead.
>But it is very difficult for me to do code profiling and/or isolate the
>code and make some benchmark programs like supercop.
>So testing was simple. Crosscompile the code. Copy and load the module on
>the target. Run setup script and iperf.
>
>#ifdef CONFIG_CPU_MIPS32_R2
>asmlinkage void chacha20_keysetup(struct chacha20_ctx *ctx, const u8
>key[static 32], const u8 nonce[static 8]);
>asmlinkage void chacha20_generic_block(struct chacha20_ctx *ctx);
>asmlinkage unsigned int poly1305_generic_blocks(struct poly1305_ctx *ctx,
>const u8 *src, unsigned int srclen, u32 hibit);
>#endif
>
>But the speed is equal or less on my TP WR1043ND device which is a
>MIPS32r2 24kc big endian.
>So GCC does a good job. Also 24kc has no special CoProcessors or FPU.
>
>Most improvement what I had it to change the buildroot default
>optimization -Os to -O2.
>This gives around 1-3% speed improvement.
>
>ideas:
>- remove the little endian parts on the MIPS.
>  Offcourse do it also on the other side.
>  On this device I can't switch endian.
>  But I did not see any improvements. Need 2 instruction for swapping
>32bit register.
>  After a quick calculation it could save around 0.4% which is ~0.1MBit/s
>on this device.
>
>Greats,
>
>René van Dorst.
>
>___
>WireGuard mailing list
>WireGuard@lists.zx2c4.com
>http://lists.zx2c4.com/mailman/listinfo/wireguard



___
WireGuard mailing list
WireGuard@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/wireguard




___
WireGuard mailing list
WireGuard@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] News about MIPS and ARM optimized code?

2016-09-08 Thread René van Dorst 

I did try to write some MIPS32r2 code.
I wrote the chacha20_keysetup, chacha20_generic_block and  
poly1305_generic_blocks in assembly.
Tried to load all needed variables in the registers. Which should  
reduce the memory overhead.
But it is very difficult for me to do code profiling and/or isolate  
the code and make some benchmark programs like supercop.
So testing was simple. Crosscompile the code. Copy and load the module  
on the target. Run setup script and iperf.


#ifdef CONFIG_CPU_MIPS32_R2
asmlinkage void chacha20_keysetup(struct chacha20_ctx *ctx, const u8  
key[static 32], const u8 nonce[static 8]);

asmlinkage void chacha20_generic_block(struct chacha20_ctx *ctx);
asmlinkage unsigned int poly1305_generic_blocks(struct poly1305_ctx  
*ctx, const u8 *src, unsigned int srclen, u32 hibit);

#endif

But the speed is equal or less on my TP WR1043ND device which is a  
MIPS32r2 24kc big endian.

So GCC does a good job. Also 24kc has no special CoProcessors or FPU.

Most improvement what I had it to change the buildroot default  
optimization -Os to -O2.

This gives around 1-3% speed improvement.

ideas:
- remove the little endian parts on the MIPS.
  Offcourse do it also on the other side.
  On this device I can't switch endian.
  But I did not see any improvements. Need 2 instruction for swapping  
32bit register.
  After a quick calculation it could save around 0.4% which is  
~0.1MBit/s on this device.


Greats,

René van Dorst.

___
WireGuard mailing list
WireGuard@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/wireguard

[WireGuard] News about MIPS and ARM optimized code?

2016-08-08 Thread René van Dorst 


News about MIPS and ARM optimized code?

Greats,

René van Dorst.


___
WireGuard mailing list
WireGuard@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] LEDE / OpenWrt test - on TP-Link841Nv11 - 15MBs and crash

2016-08-03 Thread René van Dorst 
 protocol family 17
[    1.35] bridge: automatic filtering via arp/ip/ip6tables has  
been deprecated. Update your scripts to load br_netfilter if you need  
this.

[    1.368356] Bridge firewalling registered
[    1.372578] 8021q: 802.1Q VLAN Support v1.8
[    1.378869] hctosys: unable to open rtc device (rtc0)
[    1.391003] VFS: Mounted root (squashfs filesystem) readonly on  
device 31:2.

[    1.399744] Freeing unused kernel memory: 268K (8044d000 - 8049)
[    2.877793] init: Console is alive
[    2.881562] init: - watchdog -
[    4.201262] init: - preinit -
[    4.941373] ar71xx: pll_reg 0xb8050014: 0x1a00
[    4.941412] eth0: link up (1000Mbps/Full duplex)
[    4.971517] random: procd urandom read with 8 bits of entropy available
[    8.155982] jffs2: notice: (368) jffs2_build_xattr_subsystem:  
complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan)  
and 0 of xref (0 dead, 0 orphan) found.

[    8.174917] mount_root: switching to jffs2 overlay
[    8.196628] urandom-seed: Seeding with /etc/urandom.seed
[    8.474797] eth0: link down
[    8.492080] procd: - early -
[    8.495110] procd: - watchdog -
[    9.077170] procd: - ubus -
[    9.134480] procd: - init -
[    9.821676] wireguard: WireGuard loaded. See www.wireguard.io for  
information.
[    9.828955] wireguard: (C) Copyright 2015-2016 Jason A. Donenfeld  
<ja...@zx2c4.com>. All Rights Reserved.

[    9.842593] ip6_tables: (C) 2000-2006 Netfilter Core Team
[    9.868011] Loading modules backported from Linux version  
wt-2016-06-20-0-gbc17424
[    9.875704] Backport generated by backports.git  
backports-20160216-7-g5735958

[    9.886894] ip_tables: (C) 2000-2006 Netfilter Core Team
[    9.904908] nf_conntrack version 0.5.0 (434 buckets, 1736 max)
[    9.957814] xt_time: kernel timezone is -
[   10.034798] PPP generic driver version 2.4.2
[   10.042280] NET: Registered protocol family 24
[   10.138100] ath: EEPROM regdomain: 0x0
[   10.138128] ath: EEPROM indicates default country code should be used
[   10.138142] ath: doing EEPROM country->regdmn map search
[   10.138166] ath: country maps to regdmn code: 0x3a
[   10.138182] ath: Country alpha2 being used: US
[   10.138195] ath: Regpair used: 0x3a
[   10.179744] ieee80211 phy0: Selected rate control algorithm 'minstrel_ht'
[   10.183754] ieee80211 phy0: Atheros AR9100 MAC/BB Rev:7 AR2133 RF  
Rev:a2 mem=0xb80c, irq=2

[   19.824140] ar71xx: pll_reg 0xb8050014: 0x1a00
[   19.824898] eth0: link up (1000Mbps/Full duplex)
[   19.846332] device eth0.1 entered promiscuous mode
[   19.851233] device eth0 entered promiscuous mode
[   19.867997] br-lan: port 1(eth0.1) entered forwarding state
[   19.873723] br-lan: port 1(eth0.1) entered forwarding state
[   21.870241] br-lan: port 1(eth0.1) entered forwarding state
[   76.210298] random: nonblocking pool is initialized
[  238.115582] br-lan: port 1(eth0.1) entered disabled state
[  238.271197] device eth0.1 left promiscuous mode
[  238.275779] device eth0 left promiscuous mode
[  238.280314] br-lan: port 1(eth0.1) entered disabled state
[  238.301614] IPv6: ADDRCONF(NETDEV_UP): eth0.1: link is not ready
[  238.745386] eth0: link down
[  243.024555] ar71xx: pll_reg 0xb8050014: 0x1a00
[  243.024616] eth0: link up (1000Mbps/Full duplex)
[  243.046511] device eth0.1 entered promiscuous mode
[  243.051419] device eth0 entered promiscuous mode
[  243.067847] br-lan: port 1(eth0.1) entered forwarding state
[  243.073573] br-lan: port 1(eth0.1) entered forwarding state
[  245.070617] br-lan: port 1(eth0.1) entered forwarding state

This router is a spare router and only used for the vacations to share  
wifi connection.

I would like to use Wireguard to secure my trafic.

Greats,

René van Dorst.
 


On 03.08.2016 08:48, René van Dorst wrote:


...
I also tested wireguard on a router. TP-Link WR1043ND v1.08 with a  
Atheros AR9132 400MHz cpu.

Running LEDE 28-july-2016, wireguard & iperf3 via packagemanager.


  so you do not observe crashing of the router like we do with the  
tp-link wr841Nv11 -


  do you also test iperf with udp packets , around 200 Mbit or so ?
acording to openwrt wiki say that 1043v1.xx runs even slower cpu ,  
but have 8Mb of flash



  TL-WR1043ND 	 v1-v1.11 	 Atheros AR9132 	 400 	 8  
	 32 	 Atheros AR9100 (integrated) 	 b/g/n 	 5 	  
1x 2.0 	 Yes


  as far as i understand is the lan also on the wifi chip, so this  
differs .. 
for the 841v11 it should be QCA9533-AL3A running with 560 MHz with  
32 MB Ram Zentel A3S56D40GTP-50L. switch QCA9533-BL3A built-in


  https://wiki.openwrt.org/toh/TP-Link/tl-wr841nd
https://wiki.openwrt.org/toh/TP-Link/tl-wr1043nd
sidenode tplink name convention (to prevent confusion): mainly  
important is running number like 1043 or 841 and the hardware  
revision like v11, the N or ND are only antenna related, the .123  
are factory firmware revision of the specific hardware revision -  
which is more