general protection fault: 0000 [#1] SMP with latest commit a073ccac17a85f0c453698d0213cc8b86ecc3dfe
Latest commit [0] crashes at loading. Commit: https://git.zx2c4.com/WireGuard/commit/?id=a073ccac17a85f0c453698d0213cc8b86ecc3dfe This commit it still works: https://git.zx2c4.com/WireGuard/commit/?id=0d7fc5f3cbb84d2f803a6add9f4b58875c12ad9b Dmesg: [1.906839] wireguard: loading out-of-tree module taints kernel. [1.908347] wireguard: allowedips self-tests: pass [1.909216] wireguard: nonce counter self-tests: pass [1.910217] wireguard: curve25519 self-tests: pass [1.910735] general protection fault: [#1] SMP [1.911230] Modules linked in: wireguard(O+) ip6_udp_tunnel udp_tunnel tun crct10dif_pclmul crc32_pclmul ghash_clmulni_intel ppdev joydev evdev pcspkr serio_raw virtio_balloon virtio_console parport_pc parport button sunrpc ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 crc32c_generic fscrypto ecb ata_generic virtio_blk virtio_net crc32c_intel aesni_intel aes_x86_64 crypto_simd cryptd glue_helper psmouse ata_piix floppy libata scsi_mod i2c_piix4 virtio_pci virtio_ring virtio [1.915665] CPU: 0 PID: 555 Comm: modprobe Tainted: G O 4.13.0-0.bpo.1-amd64 #1 Debian 4.13.4-2~bpo9+1 [1.916752] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1.fc26 04/01/2014 [1.917617] task: 965c0f5b8040 task.stack: a58d0051 [1.918185] RIP: 0010:chacha20_ssse3+0x44/0xc20 [wireguard] [1.918646] RSP: :a58d00512dc8 EFLAGS: 00010292 [1.919067] RAX: RBX: 007f RCX: a58d00512ed0 [1.919624] RDX: 0040 RSI: a58d00512ff8 RDI: a58d00512ff8 [1.920253] RBP: a58d00512ec0 R08: a58d00512ef0 R09: a58d00512e10 [1.920983] R10: a58d00513090 R11: 8ccd2ded R12: a58d00512ec0 [1.921680] R13: 0040 R14: 0001 R15: 0001 [1.922400] FS: 7fe93e257700() GS:965c1280() knlGS: [1.923195] CS: 0010 DS: ES: CR0: 80050033 [1.923759] CR2: 7f80169f59b8 CR3: 0c46a000 CR4: 003406f0 [1.924485] Call Trace: [1.924753] ? chacha20_crypt.part.0+0x36/0x70 [wireguard] [1.925322] ? chacha20_crypt+0x106/0x110 [wireguard] [1.925841] ? __chacha20poly1305_encrypt+0xfd/0x3e0 [wireguard] [1.926489] ? chacha20poly1305_encrypt+0x81/0xa0 [wireguard] [1.927103] ? chacha20poly1305_encrypt+0x81/0xa0 [wireguard] [1.927702] ? chacha20poly1305_selftest+0x68/0x225 [wireguard] [1.928337] ? 0xc0345000 [1.928692] ? mod_init+0x37/0x8f [wireguard] [1.929124] ? do_one_initcall+0x4e/0x190 [1.929548] ? __vunmap+0x71/0xb0 [1.929887] ? __vunmap+0x71/0xb0 [1.930244] ? do_init_module+0x5b/0x1f8 [1.930656] ? load_module+0x2587/0x2c70 [1.931065] ? SYSC_finit_module+0xd2/0x100 [1.931456] ? SYSC_finit_module+0xd2/0x100 [1.931847] ? system_call_fast_compare_end+0xc/0x97 [1.932358] Code: 00 48 83 ec 48 66 0f 6f 05 7a 0f 01 00 f3 0f 6f 09 f3 0f 6f 51 10 f3 41 0f 6f 18 66 0f 6f 35 44 0f 01 00 66 0f 6f 3d 4c 0f 01 00 <66> 0f 7f 04 24 66 0f 7f 4c 24 10 66 0f 7f 54 24 20 66 0f 7f 5c [1.934310] RIP: chacha20_ssse3+0x44/0xc20 [wireguard] RSP: a58d00512dc8 [1.935055] ---[ end trace 0c922123e56459c5 ]--- CPUINFO Dual core: root@gateway:~# cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 94 model name : Intel Core Processor (Skylake) stepping: 3 microcode : 0x1 cpu MHz : 3504.000 cache size : 4096 KB physical id : 0 siblings: 1 core id : 0 cpu cores : 1 apicid : 0 initial apicid : 0 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl cpuid pni pclmulqdq ssse3 cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt aes xsave rdrand hypervisor lahf_lm abm 3dnowprefetch cpuid_fault fsgsbase tsc_adjust smep erms invpcid mpx rdseed smap clflushopt xsaveopt xsavec xgetbv1 xsaves arat bugs: bogomips: 7008.00 clflush size: 64 cache_alignment : 64 address sizes : 40 bits physical, 48 bits virtual power management: Distro: Debian 9, kernel 4.13.0-0.bpo.1-amd64 #1 SMP Debian 4.13.4-2~bpo9+1 (2017-10-17) x86_64 GNU/Linux Greats, René van Dorst. ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: general protection fault: 0000 [#1] SMP with latest commit a073ccac17a85f0c453698d0213cc8b86ecc3dfe
Fixed, rebased, force pushed. Let me know if the current master works now. git fetch && git reset --hard origin/master ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: general protection fault: 0000 [#1] SMP with latest commit a073ccac17a85f0c453698d0213cc8b86ecc3dfe
Thanks for the report! You'll notice I CCd you in the last email, hoping you'd find just this. :) Investigating. ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
netns.sh stuck at ncat.
Hi Jason, Tested the latest code on my Solidrun Cubox with Marvell Dove 88AP510 SoC. But is get stuck on ncat. Device did not crash. I can terminate the script with ctrl-c. Probably a weird config ;-) Crosscompiled kernel 4.13.14 and wireguard on F26 from git source. Linux cubox-es 4.13.14 #8 Mon Nov 20 17:47:03 CET 2017 armv7l armv7l armv7l GNU/Linux console: [ 15.283929] wireguard: loading out-of-tree module taints kernel. [ 15.339447] wireguard: allowedips self-tests: pass [ 15.341220] wireguard: nonce counter self-tests: pass [ 15.370589] wireguard: curve25519 self-tests: pass [ 15.371282] wireguard: chacha20poly1305 self-tests: pass [ 15.374534] wireguard: blake2s self-tests: pass [ 15.798922] wireguard: ratelimiter self-tests: pass [ 15.799019] wireguard: WireGuard 0.0.2017-16-gaffc38e loaded. See www.wireguard.com for information. [ 15.799023] wireguard: Copyright (C) 2015-2017 Jason A. Donenfeld. All Rights Reserved. [+] NS2: wg show wg0 endpoints [+] NS1: wg set wg0 peer wXPE01il/3J9gBYCroPUc7mHgIxXjKW/TPULllHFWmc= allowed-ips 192.168.241.0/24 [+] NS1: wait for udp: [+] NS1: ncat -l -u -p [ 318.566899] wireguard: wg0: Sending keepalive packet to peer 6 ([::1]:2/0%0) [ 318.567104] wireguard: wg0: Receiving keepalive packet from peer 7 ([::1]:9998/0%0) [ 325.607881] wireguard: wg0: Packet has unallowed src IP (fd00::2) from peer 6 ([::1]:2/0%0) [ 325.607898] wireguard: wg0: Packet has unallowed src IP (fd00::2) from peer 6 ([::1]:2/0%0) [ 325.607915] wireguard: wg0: Packet has unallowed src IP (fd00::2) from peer 6 ([::1]:2/0%0) [ 325.607925] wireguard: wg0: Packet has unallowed src IP (fd00::2) from peer 6 ([::1]:2/0%0) [ 325.607936] wireguard: wg0: Packet has unallowed src IP (fd00::2) from peer 6 ([::1]:2/0%0) [ 325.607946] wireguard: wg0: Packet has unallowed src IP (fd00::2) from peer 6 ([::1]:2/0%0) [ 330.727519] wireguard: wg0: Packet has unallowed src IP (fd00::2) from peer 6 ([::1]:2/0%0) [ 330.727536] wireguard: wg0: Packet has unallowed src IP (fd00::2) from peer 6 ([::1]:2/0%0) [ 330.727547] wireguard: wg0: Packet has unallowed src IP (fd00::2) from peer 6 ([::1]:2/0%0) [ 335.846999] wireguard: wg0: Sending keepalive packet to peer 6 ([::1]:2/0%0) [ 335.847198] wireguard: wg0: Receiving keepalive packet from peer 7 ([::1]:9998/0%0) [ 346.087013] wireguard: wg0: Sending keepalive packet to peer 6 ([::1]:2/0%0) [ 346.087203] wireguard: wg0: Receiving keepalive packet from peer 7 ([::1]:9998/0%0) [ 356.328019] wireguard: wg0: Packet has unallowed src IP (fd00::2) from peer 6 ([::1]:2/0%0) [ 356.328037] wireguard: wg0: Packet has unallowed src IP (fd00::2) from peer 6 ([::1]:2/0%0) [ 356.328047] wireguard: wg0: Packet has unallowed src IP (fd00::2) from peer 6 ([::1]:2/0%0) [ 356.328057] wireguard: wg0: Packet has unallowed src IP (fd00::2) from peer 6 ([::1]:2/0%0) [ 356.328067] wireguard: wg0: Packet has unallowed src IP (fd00::2) from peer 6 ([::1]:2/0%0) [ 356.328077] wireguard: wg0: Packet has unallowed src IP (fd00::2) from peer 6 ([::1]:2/0%0) [ 366.567072] wireguard: wg0: Sending keepalive packet to peer 6 ([::1]:2/0%0) [ 366.567207] wireguard: wg0: Receiving keepalive packet from peer 7 ([::1]:9998/0%0) [ 376.807090] wireguard: wg0: Sending keepalive packet to peer 6 ([::1]:2/0%0) [ 376.807281] wireguard: wg0: Receiving keepalive packet from peer 7 ([::1]:9998/0%0) Kernel CONFIG: https://paste.fedoraproject.org/paste/W6aa6vCAmrDMEgSwdAxbYA root@cubox-es:/usr/src/WireGuard/src/tests# cat /proc/cpuinfo processor : 0 model name : ARMv7 Processor rev 5 (v7l) BogoMIPS: 333.33 Features: half thumb fastmult vfp edsp iwmmxt thumbee vfpv3 vfpv3d16 tls idivt CPU implementer : 0x56 CPU architecture: 7 CPU variant : 0x0 CPU part: 0x581 CPU revision: 5 Hardware: Marvell Dove Revision: Serial : gcc version 7.0.1 20170309 (Red Hat Cross 7.0.1-0.4) Greats, René van Dorst. ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
new bug on armhf
Hello! I have new bug on armhf. build from: https://git.zx2c4.com/WireGuard/commit/?id=82cacee3511e5c2f624203487124e5ba0151c84d software: Ubuntu Xenial 16.04 hardware: PC: Orange Pi Plus 2E SOC: Allwinner H3 cat /proc/cpuinfo processor: 0 model name: ARMv7 Processor rev 5 (v7l) BogoMIPS: 11.42 Features: half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32 lpae evtstrm CPU implementer: 0x41 CPU architecture: 7 CPU variant: 0x0 CPU part: 0xc07 CPU revision: 5 processor: 1 model name: ARMv7 Processor rev 5 (v7l) BogoMIPS: 11.42 Features: half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32 lpae evtstrm CPU implementer: 0x41 CPU architecture: 7 CPU variant: 0x0 CPU part: 0xc07 CPU revision: 5 processor: 2 model name: ARMv7 Processor rev 5 (v7l) BogoMIPS: 11.42 Features: half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32 lpae evtstrm CPU implementer: 0x41 CPU architecture: 7 CPU variant: 0x0 CPU part: 0xc07 CPU revision: 5 processor: 3 model name: ARMv7 Processor rev 5 (v7l) BogoMIPS: 11.42 Features: half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32 lpae evtstrm CPU implementer: 0x41 CPU architecture: 7 CPU variant: 0x0 CPU part: 0xc07 CPU revision: 5 Hardware: Allwinner sun8i Family Revision: Serial: 02c0008149ab5a29 uname -a Linux LAB-HOME-SERVER 4.13.14-sunxi #240 SMP Mon Nov 20 00:09:06 CET 2017 armv7l armv7l armv7l GNU/Linux I use mainline kernel. Kernel config: https://drive.google.com/open?id=1H6Vk7P8bCNAktBhmfJpTtGse2rRauRiB sudo modprobe wireguard modprobe: ERROR: could not insert 'wireguard': Exec format error dmesg | grep wiregu [ 532.927236] wireguard: loading out-of-tree module taints kernel. [ 532.930604] wireguard: unknown relocation: 51 [ 533.005892] wireguard: unknown relocation: 51 -- Thanks, Roman Gavrilov ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: netns.sh stuck at ncat.
This is pretty strange looking, and appears like it's a userland issue -- like the versions of ncat or ss or whatever weird scripting hacks in netns.sh aren't working well with the tools installed or some networking sysctl I forgot to toggle... Maybe one quick way of testing if it's an ss issue (old RHEL tools, or the like) would be to change the function body of waitncatudp into just `sleep 2` or something. ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: Gateway for Wireguard VPN
If you want A and C to communicate through B as a trusted intermediary for A and C's IPs, then your configs actually need to be: === Host A (Fedora 26) === # cat /etc/wireguard/wg0.conf [Interface] Address = 10.1.0.21/24 PrivateKey = *censored* [Peer] PublicKey = *censored* Endpoint = vpn.foo.xx:51820 # vpn.foo.xx is Host B AllowedIPs = 10.1.0.2/32, 10.1.0.22/32 === Host B (vpn.foo.xx) (CentOS 7) === ip forwarding active: net.ipv4.ip_forward = 1 # cat wg0.conf [Interface] Address = 10.1.0.2/24 ListenPort = 51820 PrivateKey = *censored* [Peer] PublicKey = *censored* AllowedIPs = 10.1.0.21/32 [Peer] PublicKey = *censored* AllowedIPs = 10.1.0.22/32 === Host C (CentOS 7) === # cat wg0.conf [Interface] Address = 10.1.0.22/24 ListenPort = 51820 PrivateKey = *censored* [Peer] PublicKey = *censored* Endpoint = 192.168.1.1:51820 AllowedIPs = 10.1.0.2/32, 10.1.0.21/32 Alternatively, since you're likely going to be doing this for many peers, you might be best off with this config instead: === Host A (Fedora 26) === # cat /etc/wireguard/wg0.conf [Interface] Address = 10.1.0.21/24 PrivateKey = *censored* [Peer] PublicKey = *censored* Endpoint = vpn.foo.xx:51820 # vpn.foo.xx is Host B AllowedIPs = 10.1.0.0/24 === Host B (vpn.foo.xx) (CentOS 7) === ip forwarding active: net.ipv4.ip_forward = 1 # cat wg0.conf [Interface] Address = 10.1.0.2/24 ListenPort = 51820 PrivateKey = *censored* [Peer] PublicKey = *censored* AllowedIPs = 10.1.0.21/32 [Peer] PublicKey = *censored* AllowedIPs = 10.1.0.22/32 === Host C (CentOS 7) === # cat wg0.conf [Interface] Address = 10.1.0.22/24 ListenPort = 51820 PrivateKey = *censored* [Peer] PublicKey = *censored* Endpoint = 192.168.1.1:51820 AllowedIPs = 10.1.0.0/24 ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: netns.sh stuck at ncat.
Quoting "Jason A. Donenfeld": This is pretty strange looking, and appears like it's a userland issue -- like the versions of ncat or ss or whatever weird scripting hacks in netns.sh aren't working well with the tools installed or some networking sysctl I forgot to toggle... Maybe one quick way of testing if it's an ss issue (old RHEL tools, or the like) would be to change the function body of waitncatudp into just `sleep 2` or something. Maybe it did not work before but I didn't noticed because ncat was not installed until yesterday. I tried old wireguard module not the userland tools. But the same results stuck at ncat. This Cubox is running Ubuntu xenial 16.04.3 LTS (GNU/Linux 4.13.14 armv7l) ncat comes with package nmap root@cubox-es:~# apt show nmap Package: nmap Version: 7.01-2ubuntu2 ss utility, iproute2-ss151103 With sleep 2 it works again. My script modifications. root@cubox-es:/usr/src/WireGuard/src/tests# git diff ./netns.sh diff --git a/src/tests/netns.sh b/src/tests/netns.sh index 2ad8d88..7718da6 100755 --- a/src/tests/netns.sh +++ b/src/tests/netns.sh @@ -38,7 +38,7 @@ ip1() { pretty 1 "ip $*"; ip -n $netns1 "$@"; } ip2() { pretty 2 "ip $*"; ip -n $netns2 "$@"; } sleep() { read -t "$1" -N 0 || true; } waitiperf() { pretty "${1//*-}" "wait for iperf:5201"; while [[ $(ss -N "$1" -tlp 'sport = 5201') != *iperf3* ]]; do sleep 0.1; done; } -waitncatudp() { pretty "${1//*-}" "wait for udp:"; while [[ $(ss -N "$1" -ulp 'sport = ') != *ncat* ]]; do sleep 0.1; done; } +waitncatudp() { pretty "${1//*-}" "wait for udp:"; sleep 2; } waitncattcp() { pretty "${1//*-}" "wait for tcp:"; while [[ $(ss -N "$1" -tlp 'sport = ') != *ncat* ]]; do sleep 0.1; done; } waitiface() { pretty "${1//*-}" "wait for $2 to come up"; ip netns exec "$1" bash -c "while [[ \$(< \"/sys/class/net/$2/operstate\") != up ]]; do read -t .1 -N 0 || true; done;"; } Greats, René van Dorst. ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: disabling ipv6 with wg-quick
Thanks, removing all ipv6 addresses from configs works. I was looking for a switch in wg-quick so I can use the same configs in different networks but I work around this by editing the confs. Thanks again. On Thu, Nov 16, 2017, at 13:28, Jason A. Donenfeld wrote: > Remove the v6 addresses from Address= and AllowedIPs=, and then > you'll be set.> > -- > Sent from my telephone. > > On Nov 16, 2017 11:04 AM,wrote: >> Hi, >> >> Is there a way to disable ipv6 when using wg-quick? >> >> If I have the following line on my conf file: >> >> Address = xx.xx.x.39/32,::xxx:bb01::327/128 >> >> wg-quick will fail with the following error: >> >> ~ 2 wg-quick up mullvad-se2 >> [#] ip link add mullvad-se2 type wireguard >> [#] wg setconf mullvad-se2 /dev/fd/63 >> [#] ip address add xx.xx.x.39/3 dev mullvad-se2 >> [#] ip address add ::xxx:bb01::327/128 dev mullvad-se2 >> RTNETLINK answers: Permission denied >> >> I have ip6 disabled in my system. >> >> Removing ::xxx:bb01::327/128 works, but wg-quick still >> sets ups>> some ipv6 routes `ip -6 ..` etc. >> >> Is there a way to use ipv4 only with wg-quick? >> >> Thanks. >> >> ___ >> WireGuard mailing list >> WireGuard@lists.zx2c4.com >> https://lists.zx2c4.com/mailman/listinfo/wireguard ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard