Re: [WireGuard] Suggestion: Hide private key by default with wg tool

https://git.zx2c4.com/WireGuard/commit/?id=ded0e645cfa45130e42c4d5bfba8f7d54e1855a9 Set WG_HIDE_KEYS=never to see the keys. Otherwise they're hidden. ___ WireGuard mailing list WireGuard@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/wireguard

[WireGuard] Continuous Integration Server

Hi guys, Alex Xu and I have been working on polishing the testing infrastructure. You can now type `make test-qemu` to have a minimal kernel built, an initramfs forged, and qemu booted with the ever-growing test suite. On my 4 year-old laptop, it takes roughly two minutes to compile the kernel,

[WireGuard] [ANNOUNCE] Snapshot `experimental-0.0.20160808` Available

. Thank you, Jason Donenfeld -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQItBAEBCAAXBQJXqKvJEBxqYXNvbkB6eDJjNC5jb20ACgkQSfxwEqXeA676MQ// UUGD5990FO+4XFONmhW+4rTfmbq+4zvgNYU+FBC5QuQVBvC5u9C8eeDf4bF4Rktr HYEG3r/PDnEHvyUK+lCnlpYUAFafooSfW/wRjVM9S13+PBxTQpW7aOvUn97U3pYG kgiY+4aYw8zQEOEE5uk

Re: [WireGuard] News about MIPS and ARM optimized code?

Would you like to write it? ___ WireGuard mailing list WireGuard@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] Using wireguard link as a proxy?

I usually do something like: wg set wg0 peer ABCD allowed-ips 0.0.0.0/0 ip route add 0/1 dev wg0 ip route add 128/1 dev wg0 ./tungate.sh proxyserver.wireguard.io The tungate.sh script just ensures that proxyserver.wireguard.io is reachable with the original route, and takes into account ifupdown

Re: [WireGuard] Fedora WireGuard RPMs

Hey Joe, This is great news! Thanks for doing that. Are you a Fedora developer per chance? A few notes for fixing this: 1) http://copr-dist-git.fedorainfracloud.org/cgit/jdoss/wireguard/wireguard-tools.git/tree/wireguard-tools.spec a) > BuildRequires: libmnl-devel, kernel-devel, systemd >

Re: Working on a Rust implementation, and request for test vectors

Hey guys, I've got all the infra for this set up already. I'm on IRC today and generally available now so let's talk. Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: wg binary in armhf deb from ppa missing; armbian with Allwinner A20 chip modprobe wg not working

nk-wireguard author: Jason A. Donenfeld <ja...@zx2c4.com> <ja...@zx2c4.com> description:Fast, secure, and modern VPN tunnel license:GPL v2 depends:udp_tunnel,ip6_udp_tunnel,x_tables vermagic: 4.9.7-sunxi SMP mod_unload ARMv7 thumb2 p2v8 In dmesg, it shows: [ 1404

Mullvad public WireGuard server for testing

Hi Fred, This is nice to hear. Congratulations on getting it up and running. That then makes 3 public servers: 1. Mine - https://www.wireguard.io/quickstart/#demo-server 2. Veil - https://veil.nuke.red/ 3. Yours I'm very happy about this! Those instructions are very thorough, but they're not

[ANNOUNCE] WireGuard Snapshot `0.0.20170223` Available

ot package maintainer, please bump your package version. If you're a user, the WireGuard team welcomes any and all feedback on this latest snapshot. Thank you, Jason Donenfeld -BEGIN PGP SIGNATURE- iQJEBAEBCAAuFiEEq5lC5tSkz8NBJiCnSfxwEqXeA64FAliu/5gQHGphc29uQHp4 MmM0LmNvbQAKCRBJ/HASpd4Druf

Re: [ wireguard-dev ] dmesg when using ipv6

Hello, For the second time today, please provide more debugging information than that. Full dmesg output, full configs, exactly what you're doing. Otherwise nobody can help you. Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com

[ANNOUNCE] WireGuard Snapshot `0.0.20170213` Available

u're a snapshot package maintainer, please bump your package version. If you're a user, the WireGuard team welcomes any and all feedback on this latest snapshot. Thank you, Jason Donenfeld -BEGIN PGP SIGNATURE- iQJEBAEBCAAuFiEEq5lC5tSkz8NBJiCnSfxwEqXeA64FAliiH/QQHGphc29uQHp4 MmM0LmNvbQAK

Re: (Unofficial) wireguard packages for Debian Stretch (testing)

On Sun, Feb 12, 2017 at 3:40 AM, David Anderson wrote: > > I'm failing at setting up arm builds, raspbian/rpi emulation is not in a > great shape these days. In the meantime, debian stable for amd64 is up. > Updated instructions for both debian versions are at >

[ANNOUNCE] WireGuard Snapshot `0.0.20170214` Available

BLAKE2b-256: 1d3c934d020a2daa984d1002f7dbcebaa3c0f57d295e9b975b1322a0e6d74a4a If you're a snapshot package maintainer, please bump your package version. If you're a user, the WireGuard team welcomes any and all feedback on this latest snapshot. Thank you, Jason Donenfeld -BEGIN PGP SIGNATURE

Re: (Unofficial) wireguard packages for Debian Stretch (testing)

Mellow yellow, That's a great idea. Do you intend to track dkg's sid package more or less faithfully? If so, I'd be happy to advertise this on the wireguard.io/install/ page, since I'm sure a lot of people (including myself!) would benefit immensely from that. Could you send some bulletproof

Re: (Unofficial) wireguard packages for Debian Stretch (testing)

Hi Dave, Good idea. I don't like the scary pipe to bash one liners. I'll go with what you suggested. However, is `linux-headers-amd64` really required? Thanks, Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com

Re: (Unofficial) wireguard packages for Debian Stretch (testing)

Hi Dave, Ahh right, that old debate. Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: FreeBSD

Hi David, I know the pfSense people were interested in this for the FreeBSD kernel and taking a look. I'm not sure of their current project, but I'll reach out. Are you interested in implementing it too? Jason ___ WireGuard mailing list

Wanted: Novice Guides

Hey guys, As WireGuard gets more and more popular, I have more people contacting me about novice guides and blog entries and step by step things. If anybody would be up for writing these or assisting with it, it would be much appreciated. Probably better to tackle this before horribly written

Re: (Unofficial) wireguard packages for Debian Stretch (testing)

Hey Daniel, That makes sense to me. I don't know much about Debian best practices, so I'll defer to your judgement and revert the /install/ page instruction. If David manages to convince you otherwise, I'll re-add it then. Jason ___ WireGuard mailing

Re: VXLAN

Hey Florian, Indeed that's strange, and MTU would be my first guess too, though fragmentation should be working anyway so perhaps it's not that. You can try this out by using the -s param to ping to test out the maximum packet size. If I understand correctly, you're putting VXLAN _on top of_

Re: [WireGuard] Pull-based peer configuration

Hey Jens, This work is in progress. Standby. Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: (Unofficial) wireguard packages for Debian Stretch (testing)

Hey Dave, On Sat, Feb 11, 2017 at 10:49 AM, David Anderson wrote: > Note that right now, only amd64 packages are available. If you think there's > demand for Debian on 32-bit x86, I can set up i386 builders as well. I doubt anybody cares about i386, but likely armv{6,7} and

Re: version mismatch

Hi David, Since WireGuard is still in active development, it's probably best to run the latest versions if you can, since every version is better than the previous. Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com

Re: Wanted: Novice Guides

Hi Daniel, On Wed, Feb 15, 2017 at 3:53 PM, Daniel Kahn Gillmor wrote: > A good "novice guide" usually has the following pattern: This is a nice list of suggestions on how to structure guides. Thanks for that. > Those of us who are not novices understand that tools like

Seeking competent PPA/Ubuntu maintainers

Hi folks, The current Ubuntu team could use some help. Does anyone here have the skills and motivation to maintain the Ubuntu PPA? Thanks, Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: FAQ and quickstart

Makes sense! ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: FAQ and quickstart

t;> Thanks a lot! >>> ___ >>> WireGuard mailing list >>> WireGuard@lists.zx2c4.com >>> https://lists.zx2c4.com/mailman/listinfo/wireguard >> >> ___ >> Wir

Re: [RFC] Handling multiple endpoints for a single peer

On Mon, Jan 9, 2017 at 9:46 AM, Ameretat Reith wrote: > Another use case would be circumventing some crazy state backed firewalls > that drop or throttle -mostly UDP- connections having high bandwidths. If > peer is being used as gateway and nameserver resolver, it can

Re: Similar Problem with ArchARM

Can you send the output of: for i in vmlinuz-linux kernel.img Image zImage uImage; do [[ -f /boot/$i ]] && pacman -Qo /boot/$i; done ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Similar Problem with ArchARM

Actually, even more reliable, send the output of: pacman -Qo /lib/modules/$(uname -r) ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard

[WireGuard] Fwd: wireguard comparing to fastd - tests

Please reply on list. -- Forwarded message -- From: jens <j...@viisauksena.de> Date: Tue, Aug 16, 2016 at 3:51 AM Subject: Re: [WireGuard] wireguard comparing to fastd - tests To: "Jason A. Donenfeld" <ja...@zx2c4.com> thx, thats true ... we were mostly i

Re: [WireGuard] wireguard comparing to fastd - tests

> -- Forwarded message -- > From: jens > > thx, thats true ... we were mostly interested in comparing speed in > similar setups that we would deploy. > But you ' re right - reducing workload from 20 to 12 in cypher make > them not directly comparable

Re: [WireGuard] wireguard comparing to fastd - tests

On Tue, Aug 16, 2016 at 12:46 AM, jens wrote: > method "salsa2012+umac"; > method "null+salsa2012+umac"; If you want to compare the two, you'll need to use a cipher of equivalent security level. In other words, use salsa20 instead of salsa2012. Otherwise it's not an accurate

Re: Seeking Fedora Maintainer

Version bump? On Dec 22, 2016 19:57, "Jason A. Donenfeld" <ja...@zx2c4.com> wrote: > Hi all, > > A quick update. Joe is back in action! Fedora users should have a nice > update now. > > Jason > ___ WireGuard mailing

wg-quick rule bypasses [Was: Re: Announcement: Public Wireguard server for testing]

Hey Jorg, Moving this to a new thread. On Sun, Feb 26, 2017 at 7:25 PM, Jörg Thalheim wrote: > In this context, I found the following rules useful to bypass the vpn for > some routes: > > #!/usr/bin/env bash > # /etc/wireguard/.sh > > if [ "${1:-down}" = "up" ]; then >

Re: Kernel commit d35a00b8e33dab7385f724e713ae71c8be0a49f4 breaks wireguard

Hey Bruno, This has now been fixed in the repo. Note that since rc1 hasn't been released, you'll need to adjust the kernel's make file to show 4.11 yourself. Alternatively, just wait a few days for rc1. Jason ___ WireGuard mailing list

Re: kernel warning with 0.0.20170223: entered softirq 3 NET_RX net_rx_action+0x0/0x760 with preempt_count 00000101, exited with 00000100?

Hey Brad, Thanks for fixing this! Regards, Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: kernel warning with 0.0.20170223: entered softirq 3 NET_RX net_rx_action+0x0/0x760 with preempt_count 00000101, exited with 00000100?

Hey Pipacs, I've been receiving reports of strange bugs from grsec users with WireGuard. The first set of bugs was a heisenbug crash, and I never found the root cause, but it seemed to happen in the rx path. Then today Timothée emailed another different bug from a grsec box, also along the rx

Re: Kernel commit d35a00b8e33dab7385f724e713ae71c8be0a49f4 breaks wireguard

Fixed! ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Kernel commit d35a00b8e33dab7385f724e713ae71c8be0a49f4 breaks wireguard

Thanks! I wasn't compiling with the options to hit this, so I didn't see it before. Should be fixed now. Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] fq, ecn, etc with wireguard

> Nice to see you so quickly being productive. I am still constructing a > reply to your previous message. Awaiting it's arrival :) > In re-reading over your message, I think not dropping the packet when > there is an outer CE marking and no ecn enabling in in the inner > packet is probably the

Re: [WireGuard] auth-only wireguard

Dear NSA, No. Love, Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] [Cake] WireGuard Queuing, Bufferbloat, Performance, Latency, and related issues

On Sun, Oct 2, 2016 at 1:31 PM, Toke Høiland-Jørgensen wrote: > You don't need a timer. You already have a signal for when more queue > space is available in the encryption step: When a packet finishes > encryption. All you need to do is try to enqueue another one at this > point.

Re: [WireGuard] auth-only wireguard

Hi Bruno, On Oct 6, 2016 9:29 PM, "Bruno Wolff III" wrote: > Someone able to watch and modify traffic can wait for authentication to occur and then take over the connection. So you don't know you are still communicating with the party that did the authentication. You need

Re: [WireGuard] [PATCHv2] Add support for platforms which has no efficient unaligned memory access

at 9:58 PM, Jason A. Donenfeld <ja...@zx2c4.com> wrote: > Hey René, > > This is an excellent find. Thanks. Pretty significant speed improvements. > I wonder where else this is happening too. > > Have you tested this on both endians? > > The main thing I'm wondering he

Re: [WireGuard] [PATCHv2] Add support for platforms which has no efficient unaligned memory access

h4 += (le32_to_cpuvp(src + 12) >> 8) | hibit; > +#else > + t0 = le32_to_cpuvp(src + 0); > + t1 = le32_to_cpuvp(src + 4); > + t2 = le32_to_cpuvp(src + 8); > + t3 = le32_to_cpuvp(src + 12); > + h0 += t0 & 0x3

Re: [WireGuard] [PATCH] poly1305: generic C can be faster on chips with slow unaligned access

Hi Eric, On Fri, Nov 4, 2016 at 6:37 PM, Eric Biggers wrote: > I agree, and the current code is wrong; but do note that this proposal is > correct for poly1305_setrkey() but not for poly1305_setskey() and > poly1305_blocks(). In the latter two cases, 4-byte alignment of the

Re: [WireGuard] [PATCH] poly1305: generic C can be faster on chips with slow unaligned access

On Mon, Nov 7, 2016 at 7:08 PM, Jason A. Donenfeld <ja...@zx2c4.com> wrote: > Hmm... The general data flow that strikes me as most pertinent is > something like: > > struct sk_buff *skb = get_it_from_somewhere(); > skb = skb_share_check(skb, GFP_ATOMIC); > num_

Re: [WireGuard] emerge failed once :-|

Hey Kalin, That's some messed up eclass. Check this out: >From your log: > make --jobs=8 --load-average=12 HOSTCC=x86_64-pc-linux-gnu-gcc > CROSS_COMPILE=x86_64-pc-linux-gnu- 'LDFLAGS=-m elf_x86_64' > KERNELDIR=/usr/src/linux V=1 clean module > make -C /usr/src/linux >

Re: [WireGuard] mips32 crash

> <7>[13905.531148] wireguard: Sending handshake initiation to peer 1 > (x.x.x.x:16) > <4>[13905.629622] [ cut here ] So you said the crash 100% occurs 100ms after sending handshake initiation. If related this could be because: a) The scheduler ticks come in 100ms

Re: [WireGuard] mips32 crash

Strange, spam filters don't like your domain. Got the message. Analyzing now. Think you could "instrument" where you think the crash happens with a bunch of printks? ___ WireGuard mailing list WireGuard@lists.zx2c4.com

Re: [WireGuard] mips32 crash

On Sun, Nov 6, 2016 at 9:07 AM, wrote: >> <4>[13905.634933] Process (pid: 41189632, threadinfo=82bca000, >> task=81ce, tls=8100cea5) > >> Likely caused by memory corruption. > > Look at pid value. Its defenitly not valid pid. Task structure was > corrupted. Indeed.

Re: [WireGuard] mips32 crash

> Wireguard ver 20161103, 20161105 If I understand this right, the one that's crashing is on 1105? In which case, could you tell me if 1103 crashes, or if it's only 1105? ___ WireGuard mailing list WireGuard@lists.zx2c4.com

Re: [WireGuard] mips32 crash

Not a lot of participation from the LEDE package maintainer, so I just ordered a TL-WR841N for €10, which should arrive on Tuesday, and then I'll try to reproduce on actual hardware, and in general keep things rolling well on this platform. ___ WireGuard

Re: [WireGuard] Proposal: HAVE_SEPARATE_IRQ_STACK?

Hey Thomas, On Wed, Nov 9, 2016 at 10:40 PM, Thomas Gleixner wrote: > That preempt_disable() prevents merily preemption as the name says, but it > wont prevent softirq handlers from running on return from interrupt. So > what's the point? Oh, interesting. Okay, then in that

Re: [WireGuard] Proposal: HAVE_SEPARATE_IRQ_STACK?

On Thu, Nov 10, 2016 at 1:17 AM, David Daney wrote: > Easiest thing to do would be to select 16K page size in your .config, I > think that will give you a similar sized stack. I didn't realize that was possible... I'm mostly concerned about the best way to deal with

Re: [WireGuard] emerge failed once :-|

>> I could override this in the ebuild, which I guess I'll do. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=70367ea5bdc56fc0ed9ce5f51d7f37459c874a79 Voila. ___ WireGuard mailing list WireGuard@lists.zx2c4.com

Re: [WireGuard] OpenWRT/MIPS Improvements

regards, > > > n3ph > > On Thu, Nov 10, 2016 at 07:40:39PM +0100, Jason A. Donenfeld wrote: > > Hey Jens & Folks, > > > > I now have the same hardware you do, and have been optimizing for it. > > > > I am now able to get almost 40mbps using Wire

[WireGuard] [ANNOUNCE] Snapshot `experimental-0.0.20161110` Available

and all feedback on this latest snapshot. Thank you, Jason Donenfeld -BEGIN PGP SIGNATURE- iQItBAEBCAAXBQJYJLyZEBxqYXNvbkB6eDJjNC5jb20ACgkQSfxwEqXeA64J5xAA nkVXT5UPr4oJACZVDSK36t5h3ldQtxlFiwjYaUH7wn0TeA1Ww6vYQC06CgWqE/V0 7Sp3XT5v+CGD8o6otZ46luSoqq3lMkvDwgvmZWowQqdfzg5FDO09Bz4WH2xiqrAv kp

[WireGuard] OpenWRT/MIPS Improvements

Hey Jens & Folks, I now have the same hardware you do, and have been optimizing for it. I am now able to get almost 40mbps using WireGuard, which is incredible. With the latest builds of WireGuard, I haven't been able to trigger these OOM conditions either. Please test and let me how it goes.

Re: [WireGuard] Proposal: HAVE_SEPARATE_IRQ_STACK?

Hi Matt, On Thu, Nov 10, 2016 at 5:36 PM, Matt Redfearn wrote: > > I don't see a reason not to do this - I'm taking a look into it. Great thanks! This is good to hear. If you go into the arch/ directory and simply grep for "irq_stack", you can pretty easily base your

Re: [WireGuard] Proposal: HAVE_SEPARATE_IRQ_STACK?

Hi Thomas, On Thu, Nov 10, 2016 at 2:00 PM, Thomas Gleixner wrote: > Do not even think about going there. That's going to be a major > mess. Lol! Okay. Thank you for reigning in my clearly reckless propensities... Sometimes playing in traffic is awfully tempting. > > As a

Re: [WireGuard] mips32 crash

Hey k, Excellent work! My MIPS VM is still alive. :) On Mon, Nov 7, 2016 at 7:54 AM, wrote: > After 10 hours of testing it crashed but another way. > I did mistake. It did not shutdown arm<>mips connection. It was almost > idle but still on. Do you mean to indicate that

Re: [WireGuard] mips32 crash

Hey k, > So , guys, I found where shit lies ! > Crash happens only when l2tp is involved. > I reproduced crash in the following scenario : > > Windows ETH -> ETH Dlink ETH L2TP WG -> WG L2TP ETH Ubuntu Brilliant! Are you able to trigger this with ordinary iperf? Or just CIFS? Are you able to

Re: [WireGuard] mips32 crash

1138.193952] [<800be79c>] profile_tick+0x8/0x48 Sometimes another exception triggered : <4>[ 309.518201] Unhandled kernel unaligned access[#1]: Likely caused by memory corruption. > <4>[13905.634933] Process (pid: 41189632, threadinfo=82bca000, > task=81ce, tls

Re: [WireGuard] Error building against grsec-enabled kernel

Hi, I've switched to using the same strategy of tun.c, and simply resetting all the fields, even if this is semantically incorrect, as the rest of the kernel seems to do this in fact: https://git.zx2c4.com/WireGuard/commit/?id=95a869e45905766878cc4fee1a27a1c933786361 This should make WireGuard

Re: [WireGuard] Source address fib invalidation on IPv6

Hi David, On Sat, Nov 12, 2016 at 7:14 PM, David Ahern wrote: > I believe that is coming from __ip_route_output_key_hash(), line 2232 with > __ip_dev_find not finding a device with that address. It's possible we simply are looking at different source trees, but I have

Re: [WireGuard] [PATCH v3] ip6_output: ensure flow saddr actually belongs to device

Hey Hannes, David, On Mon, Nov 14, 2016 at 7:33 PM, Hannes Frederic Sowa wrote: > I meant to say, we don't require the IPv6 "API" to behave in a similar > way like the IPv4 one. We do this function pointer trick to allow > _in-kernel_ tree modules to use the function

[WireGuard] Source address fib invalidation on IPv6

Hi folks, If I'm replying to a UDP packet, I generally want to use a source address that's the same as the destination address of the packet to which I'm replying. For example: Peer A sends packet: src = 10.0.0.1, dst = 10.0.0.3 Peer B replies with: src = 10.0.0.3, dst = 10.0.0.1 But let's

Qt Creator for Linux Kernel Development

Hello Eike & Qt Creator mailing list, I'm insane and decided to try using an IDE for Linux kernel development. Much to my delight, it actually works well. (Everybody on the mailing list to which this message is cross-posted just vomited a little bit in their mouth and swallowed, but fear not: I'm

Re: [Qt-creator] Qt Creator for Linux Kernel Development

Hello All, Responses to each of you are inline below. Sounds to me like there's a lot of work to be done, still, and I haven't received any enthusiastic responses from the Qt team of, "yes! we'd love to work on this and make Qt Creator suitable for kernel development!" Bummer. Seems like a great

[WireGuard] [ANNOUNCE] Snapshot `experimental-0.0.20161116.1` Available

eGuard-experimental-0.0.20161116.1.tar.xz SHA256: 730d9d919e1942cf83e59dcb8c6ee6ac6696c62ce363c4802474774a5db8238d If you're a snapshot package maintainer, please bump your package version. If you're a user, the WireGuard team welcomes any and all feedback on this latest snapshot. Thank you, Jason Don

Re: [WireGuard] RFE: A notion of VERSION (was: Debugging AllowedIps)

On Wed, Nov 16, 2016 at 10:01 PM, Daniel Kahn Gillmor <d...@fifthhorseman.net> wrote: > On Thu 2016-11-17 02:40:30 +0900, Jason A. Donenfeld wrote: >> Trying again with no line breaks: >> > Please don't assume that the source code is built from a git repository. &g

Re: [WireGuard] [PATCH] kernel: enable pcrypt

Hi Felix, Patchwork was changed to "accepted" -- http://patchwork.ozlabs.org/patch/694517/ -- but this hasn't shown up in the actual LEDE repo. What's up? Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com

Re: [WireGuard] [PATCH] kernel: enable pcrypt

On Wed, Nov 16, 2016 at 8:35 PM, Felix Fietkau wrote: > It's in my staging tree and will make it to the main repo soon. Good to hear. Thanks. ___ WireGuard mailing list WireGuard@lists.zx2c4.com

Re: [WireGuard] Seeking Ubuntu PPA Maintainer

Hey Daniel, On Wed, Nov 16, 2016 at 11:17 PM, Daniel Kahn Gillmor wrote: >https://qa.debian.org/madison.php?package=wireguard Perfect, thanks. I wound up using: https://qa.debian.org/madison.php?package=wireguard=debian===on==on And then I just match on the capture

Re: [WireGuard] Seeking Ubuntu PPA Maintainer

ason On Tue, Nov 15, 2016 at 9:44 PM, Jason A. Donenfeld <ja...@zx2c4.com> wrote: > Hey folks, > > Looks like there are various Ubuntu PPAs for WireGuard floating > around. I'd like to officially endorse one on the install section of > the website. Is anybody interested in be

[WireGuard] Seeking Ubuntu PPA Maintainer

Hey folks, Looks like there are various Ubuntu PPAs for WireGuard floating around. I'd like to officially endorse one on the install section of the website. Is anybody interested in being the Ubuntu downstream for WireGuard? Thanks, Jason ___ WireGuard

Re: [WireGuard] Seeking Ubuntu PPA Maintainer

Hey Egbert, On Wed, Nov 16, 2016 at 3:22 PM, Egbert Verhage wrote: > Hey Jason, > Ofc. Source (wireguard-src in git) is a submodule of the last taged > experimental Oh, awesome. Git submodules for the win! Jason ___ WireGuard

Re: [WireGuard] Demo Server: Dual stack?

Hey Dan, On Wed, Nov 16, 2016 at 3:38 PM, Dan Lüdtke wrote: > Hi Jason, > >> I guess I could provide IPv6 connectivity, but why? It's a demo. > > Because it is a demo of a brand new protocol, showing how it can be used with > legacy versions payload and transport protocol. I

[WireGuard] Hosting Companies with Dishonest CPUID [Was: Re: Seeking Ubuntu PPA Maintainer]

ate the PPA to remove my disable of AVX2. > > The problem is that the hosting company hides the cpuuid, but from the > call with the sysadmin it is a XEON E5-2??? v3. > > Greetz, > Egbert > > > On 2016-11-16 02:31, Jason A. Donenfeld wrote: >> Hey Egbert, &

Re: [WireGuard] Demo Server: Dual stack?

Hi Dan, I guess I could provide IPv6 connectivity, but why? It's a demo. If you're using it as an access point to the Internet with intentions beyond simply trying out WireGuard, then you're abusing my service. I'm happy to consider this, but I'll need to be convinced that this actually

Re: [WireGuard] Seeking Ubuntu PPA Maintainer

On Wed, Nov 16, 2016 at 3:37 PM, Anonymous Anonymous wrote: > Btw, as for jabber Jason, seems like I need to search for new tor gateway, > thats why I disconnected. Sounds sketchy. Egbert - take the lead, you're the boss, no obligation to work with sketchorama if you find this

Re: [WireGuard] RFE: A notion of VERSION (was: Debugging AllowedIps)

The best I could come with: > WIREGUARD_VERSION := $(shell parent_name=$$(readlink -f .. | sed -n > 's:.*/[wW]ire[Gg]uard[a-z-]*-\([0-9.]\+\)$$:\1:p'); if [ -d ../.git ]; then > echo "git-$$(git rev-parse --shor t HEAD)"; elif [ -n $parent_name ]; then echo "$$parent_name"; else echo

Re: [WireGuard] Wireguard in OpenWRT/LEDE: FYI: Pull Request

Live on wireguard.io/install/ now: > commit 6bd5f8cde97456e37415eab80c19d9e8241f7639 > Author: Jason A. Donenfeld <ja...@zx2c4.com> > Date: Wed Nov 16 18:44:17 2016 +0100 > > Add openwrt docs > > diff --git a/docs/install.md b/docs/install.md > index 094618

Re: [WireGuard] Wireguard in OpenWRT/LEDE: FYI: Pull Request

config wireguard_foo --> config wireguard_peer1 ___ WireGuard mailing list WireGuard@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] Wireguard in OpenWRT/LEDE: FYI: Pull Request

Oh, I see, that's not actually a correct suggestion. The config value has to be the same to correlate them. In that case, you should show an example with multiple peers, so that it's clear what's happening. ___ WireGuard mailing list

Re: [WireGuard] What is a good way to ingrate (as of now) wireguard into openrc in Gentoo?

Hey Kalin, Funny enough, I can't remember the exact interworkings of that script, because I didn't write it. A guy named zhasha in #wireguard did. I'll ask him to document it; that could be useful. I know another gentoo dev was working on a WireGuard gentoo page for the wiki. I think, in short,

Re: [WireGuard] Source address fib invalidation on IPv6

On Sun, Nov 13, 2016 at 1:43 AM, Jason A. Donenfeld <ja...@zx2c4.com> wrote: > In perusing through the v6 FIB code, I don't even see an analog of > __ip_dev_find... Hm? Of all places, the iscsi code actually has a nice side-by-side comparison. So far as I can see, the other protoco

[WireGuard] [PATCH v3] ip6_output: ensure flow saddr actually belongs to device

. In the event that the returned dst is not for a dst with a dev that has the saddr, we return -EINVAL, just like v4; this makes it easy to use the same error handlers for both cases. Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com> Cc: David Ahern <d...@cumulusnetworks.com> --- Cha

[WireGuard] [PATCH v2] ip6_output: ensure flow saddr actually belongs to device

. In the event that the returned dst is not for a dst with a dev that has the saddr, we return -EINVAL, just like v4; this makes it easy to use the same error handlers for both cases. Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com> Cc: David Ahern <d...@cumulusnetworks.com> --- Cha

Re: [WireGuard] Source address fib invalidation on IPv6

Hi David, On Fri, Nov 11, 2016 at 11:14 PM, David Ahern wrote: > What do you mean by 'valid dst'? ipv6 returns net->ipv6.ip6_null_entry on > lookup failures so yes dst is non-NULL but that does not mean the lookup > succeeded. What I mean is that it returns an

Re: [WireGuard] What is a good way to ingrate (as of now) wireguard into openrc in Gentoo?

On Mon, Nov 21, 2016 at 2:55 PM, Joakim Sindholt wrote: > There are a couple of problems with this - the number I've experienced being > that > dhcpcd has no respect for network config it didn't create and so it will > happily > nuke the ip rules every time it renews the

Re: [WireGuard] Seeking Ubuntu PPA Maintainer

Hey Egbert, Great to see! How much does this deviate from debian's? As far as I can tell, you should be able to keep things basically the same. > Testing it constantly on 4 of my servers and works it great! Happy to hear that. > Even added a patch for ifupdown to setup WireGuard in >

Re: [WireGuard] Error building against grsec-enabled kernel

On Fri, Oct 21, 2016 at 5:02 PM, PaX Team wrote: > are you sure it was for satisfying PaX only and not a bug itself? :) Blurg. I was overly hasty. Note to self: do not prepare conf presentations and push code at the same time. Indeed this /should/ be ~0, which means "unset".

Re: [WireGuard] Wireguard on OpenWRT/LEDE (here: Luci)

On Tue, Nov 1, 2016 at 9:57 PM, Dan Lüdtke wrote: >> 11. The existing logic for adding a device is to add it if it doesn't >> exist, and otherwise to flush the addresses. Is it a good idea to >> flush the routes too? Or simply delete and re-add? Or is a simple >> flush of the

Re: [Qt-creator] Qt Creator for Linux Kernel Development

Hi Nikolai, On Tue, Nov 29, 2016 at 9:55 AM, Nikolai Kosjar wrote: > Should work with the Clang Code Model, Qt Creator from the current 4.2 > branch. > > The corresponding report was > https://bugreports.qt.io/browse/QTCREATORBUG-15590. Okay, in that case, I'll wait until

[ANNOUNCE] Snapshot `experimental-0.0.20161129` Available

lcomes any and all feedback on this latest snapshot. Thank you, Jason Donenfeld -BEGIN PGP SIGNATURE- iQJEBAEBCAAuFiEEq5lC5tSkz8NBJiCnSfxwEqXeA64FAlg9/nEQHGphc29uQHp4 MmM0LmNvbQAKCRBJ/HASpd4Drm3IEADIgOLo+qJWnwVVQ5E9oRzqBI+qd/2FCeyi +vR7D0SogSKckwcIV1rXocmz3emGgFJQnUcLmJNC6Nm0QirPE2dsdm

Re: [Qt-creator] Qt Creator for Linux Kernel Development

Hi Marco, I'll start compiling a list for you, so that I can give you something more useful than my last message. For starters, here's one bug found within seconds: 1. Open a file in the project. All seems fine. 2. Ctrl click on a function that points to somewhere in the Linux kernel headers. 3.

  1   2   3   4   5   6   7   8   9   10   >