Re: [WireGuard] Suggestion: Hide private key by default with wg tool

2016-07-28 Thread Jason A. Donenfeld
https://git.zx2c4.com/WireGuard/commit/?id=ded0e645cfa45130e42c4d5bfba8f7d54e1855a9 Set WG_HIDE_KEYS=never to see the keys. Otherwise they're hidden. ___ WireGuard mailing list WireGuard@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] LEDE / OpenWrt test - on TP-Link841Nv11 - 15MBs and crash

2016-08-04 Thread Jason A. Donenfeld
Hello Jens, Your prior communications have not been clear to me, and recently somebody took the mailing list off the CC. In order to steer this conversation back on a useful track, please check all that apply: [ ] I have tried removing "sk_clear_memalloc(sock);" and "sk_set_memalloc(sock->sk);"

[WireGuard] Continuous Integration Server

2016-08-04 Thread Jason A. Donenfeld
Hi guys, Alex Xu and I have been working on polishing the testing infrastructure. You can now type `make test-qemu` to have a minimal kernel built, an initramfs forged, and qemu booted with the ever-growing test suite. On my 4 year-old laptop, it takes roughly two minutes to compile the kernel,

Re: [WireGuard] Continuous Integration Server

2016-08-05 Thread Jason A. Donenfeld
Moved to a prettier place: https://www.wireguard.io/build-status/ ___ WireGuard mailing list WireGuard@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/wireguard

[WireGuard] [ANNOUNCE] Snapshot `experimental-0.0.20160808` Available

2016-08-08 Thread Jason A. Donenfeld
. Thank you, Jason Donenfeld -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQItBAEBCAAXBQJXqKvJEBxqYXNvbkB6eDJjNC5jb20ACgkQSfxwEqXeA676MQ// UUGD5990FO+4XFONmhW+4rTfmbq+4zvgNYU+FBC5QuQVBvC5u9C8eeDf4bF4Rktr HYEG3r/PDnEHvyUK+lCnlpYUAFafooSfW/wRjVM9S13+PBxTQpW7aOvUn97U3pYG kgiY+4aYw8zQEOEE5uk

Re: [WireGuard] News about MIPS and ARM optimized code?

2016-08-08 Thread Jason A. Donenfeld
Would you like to write it? ___ WireGuard mailing list WireGuard@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] Using wireguard link as a proxy?

2016-07-22 Thread Jason A. Donenfeld
I usually do something like: wg set wg0 peer ABCD allowed-ips 0.0.0.0/0 ip route add 0/1 dev wg0 ip route add 128/1 dev wg0 ./tungate.sh proxyserver.wireguard.io The tungate.sh script just ensures that proxyserver.wireguard.io is reachable with the original route, and takes into account ifupdown

Re: [WireGuard] Fedora WireGuard RPMs

2016-08-17 Thread Jason A. Donenfeld
Hey Joe, This is great news! Thanks for doing that. Are you a Fedora developer per chance? A few notes for fixing this: 1) http://copr-dist-git.fedorainfracloud.org/cgit/jdoss/wireguard/wireguard-tools.git/tree/wireguard-tools.spec a) > BuildRequires: libmnl-devel, kernel-devel, systemd >

WireGuard@FOSDEM: Video & Slides Online

2017-02-07 Thread Jason A. Donenfeld
Hey folks, Thanks for everybody who was there for coming. In case you missed it, here are the slides and the video recording of the conf: https://www.wireguard.io/presentations/ Thanks, Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com

Re: [PATCH] Fix wg-tool regex parsing for non en_US locale

2017-02-05 Thread Jason A. Donenfeld
Thanks! Merged. And good seeing you at the conf. ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard

WireGuard @ FOSDEM

2017-02-03 Thread Jason A. Donenfeld
Hey folks, On Sunday, I'll be speaking at FOSDEM: https://fosdem.org/2017/schedule/event/wireguard/ Let me know if any of you from the list will be at the conference. If there are enough of you, perhaps we can have a small roundtable wireguard workshop during the weekend. I arrive in Brussels

Re: Working on a Rust implementation, and request for test vectors

2017-02-21 Thread Jason A. Donenfeld
Hey guys, I've got all the infra for this set up already. I'm on IRC today and generally available now so let's talk. Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [ANNOUNCE] WireGuard in Rust development started

2017-02-21 Thread Jason A. Donenfeld
Congrats Sascha. Looking forward to seeing this implementation come to life. Let me know how I can be of any assistance. Regards, Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Working on a Rust implementation, and request for test vectors

2017-02-21 Thread Jason A. Donenfeld
Hey Sopium, Sascha and I are all set up. Let me know if you'd like to get in on the effort too. As well, if you'd like to have a NoiseIK-specific library or something of that sort, I'd be happy to host that on the same infra/organization all together. Let me know what you'd like to do. Regards,

Re: wg binary in armhf deb from ppa missing; armbian with Allwinner A20 chip modprobe wg not working

2017-02-19 Thread Jason A. Donenfeld
nk-wireguard author: Jason A. Donenfeld <ja...@zx2c4.com> <ja...@zx2c4.com> description:Fast, secure, and modern VPN tunnel license:GPL v2 depends:udp_tunnel,ip6_udp_tunnel,x_tables vermagic: 4.9.7-sunxi SMP mod_unload ARMv7 thumb2 p2v8 In dmesg, it shows: [ 1404

Mullvad public WireGuard server for testing

2017-02-25 Thread Jason A. Donenfeld
Hi Fred, This is nice to hear. Congratulations on getting it up and running. That then makes 3 public servers: 1. Mine - https://www.wireguard.io/quickstart/#demo-server 2. Veil - https://veil.nuke.red/ 3. Yours I'm very happy about this! Those instructions are very thorough, but they're not

[ANNOUNCE] WireGuard Snapshot `0.0.20170223` Available

2017-02-23 Thread Jason A. Donenfeld
ot package maintainer, please bump your package version. If you're a user, the WireGuard team welcomes any and all feedback on this latest snapshot. Thank you, Jason Donenfeld -BEGIN PGP SIGNATURE- iQJEBAEBCAAuFiEEq5lC5tSkz8NBJiCnSfxwEqXeA64FAliu/5gQHGphc29uQHp4 MmM0LmNvbQAKCRBJ/HASpd4Druf

Re: [ wireguard-dev ] dmesg when using ipv6

2017-02-23 Thread Jason A. Donenfeld
Hello, For the second time today, please provide more debugging information than that. Full dmesg output, full configs, exactly what you're doing. Otherwise nobody can help you. Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com

Re: Some questions about wireguard

2017-02-17 Thread Jason A. Donenfeld
On Wed, Feb 15, 2017 at 11:12 AM, Nicolas Prochazka wrote: > - how many tunnels a peer can manage ? > In our environnement, ~ 10 000 clients --> "server"|peer Each interface can have 65536 peers. Each linux system can have multiple interfaces. (If that peer limit

[ANNOUNCE] WireGuard Snapshot `0.0.20170213` Available

2017-02-13 Thread Jason A. Donenfeld
u're a snapshot package maintainer, please bump your package version. If you're a user, the WireGuard team welcomes any and all feedback on this latest snapshot. Thank you, Jason Donenfeld -BEGIN PGP SIGNATURE- iQJEBAEBCAAuFiEEq5lC5tSkz8NBJiCnSfxwEqXeA64FAliiH/QQHGphc29uQHp4 MmM0LmNvbQAK

Re: (Unofficial) wireguard packages for Debian Stretch (testing)

2017-02-12 Thread Jason A. Donenfeld
On Sun, Feb 12, 2017 at 3:40 AM, David Anderson wrote: > > I'm failing at setting up arm builds, raspbian/rpi emulation is not in a > great shape these days. In the meantime, debian stable for amd64 is up. > Updated instructions for both debian versions are at >

[ANNOUNCE] WireGuard Snapshot `0.0.20170214` Available

2017-02-14 Thread Jason A. Donenfeld
BLAKE2b-256: 1d3c934d020a2daa984d1002f7dbcebaa3c0f57d295e9b975b1322a0e6d74a4a If you're a snapshot package maintainer, please bump your package version. If you're a user, the WireGuard team welcomes any and all feedback on this latest snapshot. Thank you, Jason Donenfeld -BEGIN PGP SIGNATURE

WireGuard @ NDSS17 in San Diego, CA

2017-02-14 Thread Jason A. Donenfeld
Hey folks, I'll be presenting the WireGuard paper at NDSS17 [1] in San Diego on Feb 28 in session 4A [2]. Visit the program [3] for more details. If any of you live nearby or intend on coming, shoot me an email. Jason [1]

Re: HKDF for a Java userspace implementation?

2017-02-11 Thread Jason A. Donenfeld
Hey Christian, If you're already using noise-java, then that library should take care of all the HMAC/HKDF stuff for you. WireGuard builds upon the NoseIK handshake, and the aspects that WireGuard adds on top of Noise not require HKDF or HMAC. You should not be implementing the internal

Re: (Unofficial) wireguard packages for Debian Stretch (testing)

2017-02-11 Thread Jason A. Donenfeld
Mellow yellow, That's a great idea. Do you intend to track dkg's sid package more or less faithfully? If so, I'd be happy to advertise this on the wireguard.io/install/ page, since I'm sure a lot of people (including myself!) would benefit immensely from that. Could you send some bulletproof

Re: mint (ubuntu) kernel Signing

2017-02-11 Thread Jason A. Donenfeld
Hey John, Indeed if you have a secure-boot enabled kernel, you need to sign your kernel modules before they can be inserted. One option is just to disable secureboot and then restart: sudo apt install mokutil sudo mokutil --disable-validation But if you'd like to retain the security of

Re: (Unofficial) wireguard packages for Debian Stretch (testing)

2017-02-11 Thread Jason A. Donenfeld
Hi Dave, Good idea. I don't like the scary pipe to bash one liners. I'll go with what you suggested. However, is `linux-headers-amd64` really required? Thanks, Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com

Re: (Unofficial) wireguard packages for Debian Stretch (testing)

2017-02-11 Thread Jason A. Donenfeld
Hi Dave, Ahh right, that old debate. Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: FreeBSD

2017-02-11 Thread Jason A. Donenfeld
Hi David, I know the pfSense people were interested in this for the FreeBSD kernel and taking a look. I'm not sure of their current project, but I'll reach out. Are you interested in implementing it too? Jason ___ WireGuard mailing list

Re: WIreGuard on embedded devices and traffic shaping question.

2017-02-11 Thread Jason A. Donenfeld
Hey Joe, Sorry for the late reply. There was a conference and then a small trip after, and now I'm catching up on the backlog. On Fri, Jan 27, 2017 at 12:05 PM, wrote: > If anyone is interested in this set-up I can write a short guide how you can > achieve that and other

Wanted: Novice Guides

2017-02-15 Thread Jason A. Donenfeld
Hey guys, As WireGuard gets more and more popular, I have more people contacting me about novice guides and blog entries and step by step things. If anybody would be up for writing these or assisting with it, it would be much appreciated. Probably better to tackle this before horribly written

Re: (Unofficial) wireguard packages for Debian Stretch (testing)

2017-02-12 Thread Jason A. Donenfeld
Hey Daniel, That makes sense to me. I don't know much about Debian best practices, so I'll defer to your judgement and revert the /install/ page instruction. If David manages to convince you otherwise, I'll re-add it then. Jason ___ WireGuard mailing

Re: VXLAN

2017-02-13 Thread Jason A. Donenfeld
Hey Florian, Indeed that's strange, and MTU would be my first guess too, though fragmentation should be working anyway so perhaps it's not that. You can try this out by using the -s param to ping to test out the maximum packet size. If I understand correctly, you're putting VXLAN _on top of_

Re: [WireGuard] Pull-based peer configuration

2017-02-11 Thread Jason A. Donenfeld
Hey Jens, This work is in progress. Standby. Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: (Unofficial) wireguard packages for Debian Stretch (testing)

2017-02-11 Thread Jason A. Donenfeld
Hey Dave, On Sat, Feb 11, 2017 at 10:49 AM, David Anderson wrote: > Note that right now, only amd64 packages are available. If you think there's > demand for Debian on 32-bit x86, I can set up i386 builders as well. I doubt anybody cares about i386, but likely armv{6,7} and

Re: version mismatch

2017-02-17 Thread Jason A. Donenfeld
Hi David, Since WireGuard is still in active development, it's probably best to run the latest versions if you can, since every version is better than the previous. Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com

Re: Wanted: Novice Guides

2017-02-17 Thread Jason A. Donenfeld
Hi Daniel, On Wed, Feb 15, 2017 at 3:53 PM, Daniel Kahn Gillmor wrote: > A good "novice guide" usually has the following pattern: This is a nice list of suggestions on how to structure guides. Thanks for that. > Those of us who are not novices understand that tools like

Seeking competent PPA/Ubuntu maintainers

2017-01-16 Thread Jason A. Donenfeld
Hi folks, The current Ubuntu team could use some help. Does anyone here have the skills and motivation to maintain the Ubuntu PPA? Thanks, Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: FAQ and quickstart

2017-01-16 Thread Jason A. Donenfeld
Makes sense! ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: FAQ and quickstart

2017-01-16 Thread Jason A. Donenfeld
t;> Thanks a lot! >>> ___ >>> WireGuard mailing list >>> WireGuard@lists.zx2c4.com >>> https://lists.zx2c4.com/mailman/listinfo/wireguard >> >> ___ >> Wir

Re: [RFC] Handling multiple endpoints for a single peer

2017-01-15 Thread Jason A. Donenfeld
On Mon, Jan 9, 2017 at 9:46 AM, Ameretat Reith wrote: > Another use case would be circumventing some crazy state backed firewalls > that drop or throttle -mostly UDP- connections having high bandwidths. If > peer is being used as gateway and nameserver resolver, it can

Re: Built-in Roaming is limited due to a design fault adding STUN and TURN support would be good and make wire-guard connections more durable.

2017-01-15 Thread Jason A. Donenfeld
Hi Peter, On Mon, Jan 9, 2017 at 2:43 PM, Peter Dolding wrote: > You example gets you a connection. You example does not cope with IP > change as that happens in NAT environments. Yes, example only code. > VPN detects connection lost triggers resolve again to check if the

Re: Similar Problem with ArchARM

2017-01-17 Thread Jason A. Donenfeld
Can you send the output of: for i in vmlinuz-linux kernel.img Image zImage uImage; do [[ -f /boot/$i ]] && pacman -Qo /boot/$i; done ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Similar Problem with ArchARM

2017-01-17 Thread Jason A. Donenfeld
Actually, even more reliable, send the output of: pacman -Qo /lib/modules/$(uname -r) ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard

[WireGuard] Fwd: wireguard comparing to fastd - tests

2016-08-16 Thread Jason A. Donenfeld
Please reply on list. -- Forwarded message -- From: jens <j...@viisauksena.de> Date: Tue, Aug 16, 2016 at 3:51 AM Subject: Re: [WireGuard] wireguard comparing to fastd - tests To: "Jason A. Donenfeld" <ja...@zx2c4.com> thx, thats true ... we were mostly i

Re: [WireGuard] wireguard comparing to fastd - tests

2016-08-16 Thread Jason A. Donenfeld
> -- Forwarded message -- > From: jens > > thx, thats true ... we were mostly interested in comparing speed in > similar setups that we would deploy. > But you ' re right - reducing workload from 20 to 12 in cypher make > them not directly comparable

Re: [WireGuard] wireguard comparing to fastd - tests

2016-08-15 Thread Jason A. Donenfeld
On Tue, Aug 16, 2016 at 12:46 AM, jens wrote: > method "salsa2012+umac"; > method "null+salsa2012+umac"; If you want to compare the two, you'll need to use a cipher of equivalent security level. In other words, use salsa20 instead of salsa2012. Otherwise it's not an accurate

Re: Seeking Fedora Maintainer

2017-02-28 Thread Jason A. Donenfeld
Version bump? On Dec 22, 2016 19:57, "Jason A. Donenfeld" <ja...@zx2c4.com> wrote: > Hi all, > > A quick update. Joe is back in action! Fedora users should have a nice > update now. > > Jason > ___ WireGuard mailing

wg-quick rule bypasses [Was: Re: Announcement: Public Wireguard server for testing]

2017-02-26 Thread Jason A. Donenfeld
Hey Jorg, Moving this to a new thread. On Sun, Feb 26, 2017 at 7:25 PM, Jörg Thalheim wrote: > In this context, I found the following rules useful to bypass the vpn for > some routes: > > #!/usr/bin/env bash > # /etc/wireguard/.sh > > if [ "${1:-down}" = "up" ]; then >

Re: Kernel commit d35a00b8e33dab7385f724e713ae71c8be0a49f4 breaks wireguard

2017-02-27 Thread Jason A. Donenfeld
Hey Bruno, This has now been fixed in the repo. Note that since rc1 hasn't been released, you'll need to adjust the kernel's make file to show 4.11 yourself. Alternatively, just wait a few days for rc1. Jason ___ WireGuard mailing list

Re: kernel warning with 0.0.20170223: entered softirq 3 NET_RX net_rx_action+0x0/0x760 with preempt_count 00000101, exited with 00000100?

2017-02-27 Thread Jason A. Donenfeld
Hey Brad, Thanks for fixing this! Regards, Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: kernel warning with 0.0.20170223: entered softirq 3 NET_RX net_rx_action+0x0/0x760 with preempt_count 00000101, exited with 00000100?

2017-02-26 Thread Jason A. Donenfeld
Hey Pipacs, I've been receiving reports of strange bugs from grsec users with WireGuard. The first set of bugs was a heisenbug crash, and I never found the root cause, but it seemed to happen in the rx path. Then today Timothée emailed another different bug from a grsec box, also along the rx

Re: Kernel commit d35a00b8e33dab7385f724e713ae71c8be0a49f4 breaks wireguard

2017-02-27 Thread Jason A. Donenfeld
Fixed! ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Kernel commit d35a00b8e33dab7385f724e713ae71c8be0a49f4 breaks wireguard

2017-02-27 Thread Jason A. Donenfeld
Thanks! I wasn't compiling with the options to hit this, so I didn't see it before. Should be fixed now. Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] fq, ecn, etc with wireguard

2016-08-29 Thread Jason A. Donenfeld
> Nice to see you so quickly being productive. I am still constructing a > reply to your previous message. Awaiting it's arrival :) > In re-reading over your message, I think not dropping the packet when > there is an outer CE marking and no ecn enabling in in the inner > packet is probably the

Re: [WireGuard] News about MIPS and ARM optimized code?

2016-09-26 Thread Jason A. Donenfeld
Hey René, I've begun trying to integrate your excellent work into WireGuard in the branch rvh/mips: https://git.zx2c4.com/WireGuard/commit/?h=rvd/mips It seems like there's still a bit of cleaning up and polishing to do, but it's headed in a great direction. There's a lot of weird formatting and

Re: [WireGuard] WireGuard ECN Implementation

2016-09-29 Thread Jason A. Donenfeld
On Thu, Sep 29, 2016 at 9:03 PM, Dave Taht wrote: > that + 1 was clever. I think you are done... and I should go change the blog. > :) Yea I like tricks like that. Anytime you have a range of values in the middle, you can just add, modulo, and check the end.

Re: [WireGuard] auth-only wireguard

2016-10-05 Thread Jason A. Donenfeld
Dear NSA, No. Love, Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] [Cake] WireGuard Queuing, Bufferbloat, Performance, Latency, and related issues

2016-10-05 Thread Jason A. Donenfeld
On Sun, Oct 2, 2016 at 1:31 PM, Toke Høiland-Jørgensen wrote: > You don't need a timer. You already have a signal for when more queue > space is available in the encryption step: When a packet finishes > encryption. All you need to do is try to enqueue another one at this > point.

Re: [WireGuard] auth-only wireguard

2016-10-06 Thread Jason A. Donenfeld
Hi Bruno, On Oct 6, 2016 9:29 PM, "Bruno Wolff III" wrote: > Someone able to watch and modify traffic can wait for authentication to occur and then take over the connection. So you don't know you are still communicating with the party that did the authentication. You need

Re: [WireGuard] auth-only wireguard

2016-10-06 Thread Jason A. Donenfeld
On Thu, Oct 6, 2016 at 6:34 PM, Jehan Tremback wrote: > Let me be more specific about my application. I'm trying to create a > system where routers in a "mesh" network (mixed ad-hoc wifi and > ethernet) pay their neighbors, or are paid by their neighbors for > bandwidth. To

Re: [WireGuard] News about MIPS and ARM optimized code?

2016-09-20 Thread Jason A. Donenfeld
Hey René, That's excellent. Thanks for writing that. I'll review this implementation. Is your speed up compared to your unaligned optimization from the other patch? Or is that against vanilla? With only a 1% increase, I'm first interested to see where precisely that improvement is coming from,

Re: [WireGuard] [PATCHv2] Add support for platforms which has no efficient unaligned memory access

2016-09-20 Thread Jason A. Donenfeld
at 9:58 PM, Jason A. Donenfeld <ja...@zx2c4.com> wrote: > Hey René, > > This is an excellent find. Thanks. Pretty significant speed improvements. > I wonder where else this is happening too. > > Have you tested this on both endians? > > The main thing I'm wondering he

Re: [WireGuard] [PATCHv2] Add support for platforms which has no efficient unaligned memory access

2016-09-20 Thread Jason A. Donenfeld
h4 += (le32_to_cpuvp(src + 12) >> 8) | hibit; > +#else > + t0 = le32_to_cpuvp(src + 0); > + t1 = le32_to_cpuvp(src + 4); > + t2 = le32_to_cpuvp(src + 8); > + t3 = le32_to_cpuvp(src + 12); > + h0 += t0 & 0x3

Re: [WireGuard] WireGuard ECN Implementation

2016-09-30 Thread Jason A. Donenfeld
On Thu, Sep 29, 2016 at 10:03 PM, Dave Taht wrote: > Now... as for the other stuff in that blog entry (I never got around > to writing parts II and III), I am curious as to your raw PPS with > small packets presently, and if you've figured out how to apply > fq_codel

[WireGuard] WireGuard Queuing, Bufferbloat, Performance, Latency, and related issues

2016-09-30 Thread Jason A. Donenfeld
Hey Dave, I've been comparing graphs and bandwidth and so forth with flent's rrul and iperf3, trying to figure out what's going on. Here's my present understanding of the queuing buffering issues. I sort of suspect these are issues that might not translate entirely well to the work you've been

[WireGuard] WireGuard Queuing, Bufferbloat, Performance, Latency, and related issues

2016-09-30 Thread Jason A. Donenfeld
Hi all, On Fri, Sep 30, 2016 at 9:18 PM, Dave Taht wrote: > All: I've always dreamed of a vpn that could fq and - when it was > bottlenecking on cpu - throw away packets intelligently. Wireguard, > which is what jason & co are working on, is a really simple, elegant > set of

Re: [WireGuard] [Cake] WireGuard Queuing, Bufferbloat, Performance, Latency, and related issues

2016-10-01 Thread Jason A. Donenfeld
On Sun, Oct 2, 2016 at 4:25 AM, Jason A. Donenfeld <ja...@zx2c4.com> wrote: > What would you suggest? I try again after 100ms? This now lives in a test branch: https://git.zx2c4.com/WireGuard/commit/?id=da9bd3a5ddd4a8edbdbb337743a14e5

Re: [WireGuard] [Cake] WireGuard Queuing, Bufferbloat, Performance, Latency, and related issues

2016-10-01 Thread Jason A. Donenfeld
Hey Toke, On Sun, Oct 2, 2016 at 1:40 AM, Toke Høiland-Jørgensen wrote: > I assumed that there probably was, but was not sure where. Thanks for > clearing this up. I'll take a step back and try to describe this on the > conceptual level: Conceptual overview: exactly what I needed,

Re: [WireGuard] [PATCH] poly1305: generic C can be faster on chips with slow unaligned access

2016-11-07 Thread Jason A. Donenfeld
Hi Eric, On Fri, Nov 4, 2016 at 6:37 PM, Eric Biggers wrote: > I agree, and the current code is wrong; but do note that this proposal is > correct for poly1305_setrkey() but not for poly1305_setskey() and > poly1305_blocks(). In the latter two cases, 4-byte alignment of the

Re: [WireGuard] [PATCH] poly1305: generic C can be faster on chips with slow unaligned access

2016-11-07 Thread Jason A. Donenfeld
On Mon, Nov 7, 2016 at 7:08 PM, Jason A. Donenfeld <ja...@zx2c4.com> wrote: > Hmm... The general data flow that strikes me as most pertinent is > something like: > > struct sk_buff *skb = get_it_from_somewhere(); > skb = skb_share_check(skb, GFP_ATOMIC); > num_

Re: [WireGuard] emerge failed once :-|

2016-11-07 Thread Jason A. Donenfeld
Hey Kalin, That's some messed up eclass. Check this out: >From your log: > make --jobs=8 --load-average=12 HOSTCC=x86_64-pc-linux-gnu-gcc > CROSS_COMPILE=x86_64-pc-linux-gnu- 'LDFLAGS=-m elf_x86_64' > KERNELDIR=/usr/src/linux V=1 clean module > make -C /usr/src/linux >

Re: [WireGuard] mips32 crash

2016-11-06 Thread Jason A. Donenfeld
> <7>[13905.531148] wireguard: Sending handshake initiation to peer 1 > (x.x.x.x:16) > <4>[13905.629622] [ cut here ] So you said the crash 100% occurs 100ms after sending handshake initiation. If related this could be because: a) The scheduler ticks come in 100ms

Re: [WireGuard] mips32 crash

2016-11-06 Thread Jason A. Donenfeld
Strange, spam filters don't like your domain. Got the message. Analyzing now. Think you could "instrument" where you think the crash happens with a bunch of printks? ___ WireGuard mailing list WireGuard@lists.zx2c4.com

Re: [WireGuard] mips32 crash

2016-11-06 Thread Jason A. Donenfeld
On Sun, Nov 6, 2016 at 9:07 AM, wrote: >> <4>[13905.634933] Process (pid: 41189632, threadinfo=82bca000, >> task=81ce, tls=8100cea5) > >> Likely caused by memory corruption. > > Look at pid value. Its defenitly not valid pid. Task structure was > corrupted. Indeed.

Re: [WireGuard] mips32 crash

2016-11-06 Thread Jason A. Donenfeld
Wait I noticed this message was a reply to another. I haven't received the first... ___ WireGuard mailing list WireGuard@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] mips32 crash

2016-11-06 Thread Jason A. Donenfeld
> Wireguard ver 20161103, 20161105 If I understand this right, the one that's crashing is on 1105? In which case, could you tell me if 1103 crashes, or if it's only 1105? ___ WireGuard mailing list WireGuard@lists.zx2c4.com

Re: [WireGuard] mips32 crash

2016-11-06 Thread Jason A. Donenfeld
Not a lot of participation from the LEDE package maintainer, so I just ordered a TL-WR841N for €10, which should arrive on Tuesday, and then I'll try to reproduce on actual hardware, and in general keep things rolling well on this platform. ___ WireGuard

Re: [WireGuard] Proposal: HAVE_SEPARATE_IRQ_STACK?

2016-11-09 Thread Jason A. Donenfeld
Hey Thomas, On Wed, Nov 9, 2016 at 10:40 PM, Thomas Gleixner wrote: > That preempt_disable() prevents merily preemption as the name says, but it > wont prevent softirq handlers from running on return from interrupt. So > what's the point? Oh, interesting. Okay, then in that

Re: [WireGuard] Proposal: HAVE_SEPARATE_IRQ_STACK?

2016-11-09 Thread Jason A. Donenfeld
On Thu, Nov 10, 2016 at 1:17 AM, David Daney wrote: > Easiest thing to do would be to select 16K page size in your .config, I > think that will give you a similar sized stack. I didn't realize that was possible... I'm mostly concerned about the best way to deal with

Re: [WireGuard] emerge failed once :-|

2016-11-07 Thread Jason A. Donenfeld
>> I could override this in the ebuild, which I guess I'll do. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=70367ea5bdc56fc0ed9ce5f51d7f37459c874a79 Voila. ___ WireGuard mailing list WireGuard@lists.zx2c4.com

Re: [WireGuard] [PATCH] poly1305: generic C can be faster on chips with slow unaligned access

2016-11-07 Thread Jason A. Donenfeld
On Mon, Nov 7, 2016 at 8:25 PM, Eric Biggers wrote: > No it does *not* buffer all incoming blocks, which is why the source pointer > can > fall out of alignment. Yes, I actually tested this. In fact this situation > is > even hit, in both possible places, in the

Re: [WireGuard] OpenWRT/MIPS Improvements

2016-11-11 Thread Jason A. Donenfeld
regards, > > > n3ph > > On Thu, Nov 10, 2016 at 07:40:39PM +0100, Jason A. Donenfeld wrote: > > Hey Jens & Folks, > > > > I now have the same hardware you do, and have been optimizing for it. > > > > I am now able to get almost 40mbps using Wire

[WireGuard] [ANNOUNCE] Snapshot `experimental-0.0.20161110` Available

2016-11-10 Thread Jason A. Donenfeld
and all feedback on this latest snapshot. Thank you, Jason Donenfeld -BEGIN PGP SIGNATURE- iQItBAEBCAAXBQJYJLyZEBxqYXNvbkB6eDJjNC5jb20ACgkQSfxwEqXeA64J5xAA nkVXT5UPr4oJACZVDSK36t5h3ldQtxlFiwjYaUH7wn0TeA1Ww6vYQC06CgWqE/V0 7Sp3XT5v+CGD8o6otZ46luSoqq3lMkvDwgvmZWowQqdfzg5FDO09Bz4WH2xiqrAv kp

[WireGuard] OpenWRT/MIPS Improvements

2016-11-10 Thread Jason A. Donenfeld
Hey Jens & Folks, I now have the same hardware you do, and have been optimizing for it. I am now able to get almost 40mbps using WireGuard, which is incredible. With the latest builds of WireGuard, I haven't been able to trigger these OOM conditions either. Please test and let me how it goes.

Re: [WireGuard] Proposal: HAVE_SEPARATE_IRQ_STACK?

2016-11-10 Thread Jason A. Donenfeld
Hi Matt, On Thu, Nov 10, 2016 at 5:36 PM, Matt Redfearn wrote: > > I don't see a reason not to do this - I'm taking a look into it. Great thanks! This is good to hear. If you go into the arch/ directory and simply grep for "irq_stack", you can pretty easily base your

Re: [WireGuard] Proposal: HAVE_SEPARATE_IRQ_STACK?

2016-11-10 Thread Jason A. Donenfeld
Hi Thomas, On Thu, Nov 10, 2016 at 2:00 PM, Thomas Gleixner wrote: > Do not even think about going there. That's going to be a major > mess. Lol! Okay. Thank you for reigning in my clearly reckless propensities... Sometimes playing in traffic is awfully tempting. > > As a

Re: [WireGuard] mips32 crash

2016-11-07 Thread Jason A. Donenfeld
Hey k, Excellent work! My MIPS VM is still alive. :) On Mon, Nov 7, 2016 at 7:54 AM, wrote: > After 10 hours of testing it crashed but another way. > I did mistake. It did not shutdown arm<>mips connection. It was almost > idle but still on. Do you mean to indicate that

Re: [WireGuard] mips32 crash

2016-11-07 Thread Jason A. Donenfeld
Hey k, > So , guys, I found where shit lies ! > Crash happens only when l2tp is involved. > I reproduced crash in the following scenario : > > Windows ETH -> ETH Dlink ETH L2TP WG -> WG L2TP ETH Ubuntu Brilliant! Are you able to trigger this with ordinary iperf? Or just CIFS? Are you able to

Re: [WireGuard] mips32 crash

2016-11-07 Thread Jason A. Donenfeld
1138.193952] [<800be79c>] profile_tick+0x8/0x48 Sometimes another exception triggered : <4>[ 309.518201] Unhandled kernel unaligned access[#1]: Likely caused by memory corruption. > <4>[13905.634933] Process (pid: 41189632, threadinfo=82bca000, > task=81ce, tls

Re: [WireGuard] Error building against grsec-enabled kernel

2016-10-23 Thread Jason A. Donenfeld
Hi, I've switched to using the same strategy of tun.c, and simply resetting all the fields, even if this is semantically incorrect, as the rest of the kernel seems to do this in fact: https://git.zx2c4.com/WireGuard/commit/?id=95a869e45905766878cc4fee1a27a1c933786361 This should make WireGuard

Re: [WireGuard] [PATCH] uapi.h: public_key field is a getter

2016-10-22 Thread Jason A. Donenfeld
Thanks. Applied. ___ WireGuard mailing list WireGuard@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] Source address fib invalidation on IPv6

2016-11-12 Thread Jason A. Donenfeld
Hi David, On Sat, Nov 12, 2016 at 7:14 PM, David Ahern wrote: > I believe that is coming from __ip_route_output_key_hash(), line 2232 with > __ip_dev_find not finding a device with that address. It's possible we simply are looking at different source trees, but I have

Re: [WireGuard] OpenWRT/MIPS Improvements

2016-11-12 Thread Jason A. Donenfeld
Hey folks, Small update on the OOM issue. With LEDE devices that only have 32megs, if you run iperf3 on the device itself, eventually iperf3 will use tons of memory in trying to use different sized buffers, that the device will OOM and kill init. However, if you use packet forwarding and put

Re: [WireGuard] Source address fib invalidation on IPv6

2016-11-12 Thread Jason A. Donenfeld
Hi again, I've done some pretty in depth debugging now to determine exactly what the behavior of ipv6_stub->ipv6_dst_lookup is. First I'll start with ip_route_output_flow, which I believe to be well behaved, and then I'll show ipv6_stub->ipv6_dst_lookup, which seems ill-behaved: Userspace:

Re: [WireGuard] [PATCH v3] ip6_output: ensure flow saddr actually belongs to device

2016-11-14 Thread Jason A. Donenfeld
Hey Hannes, David, On Mon, Nov 14, 2016 at 7:33 PM, Hannes Frederic Sowa wrote: > I meant to say, we don't require the IPv6 "API" to behave in a similar > way like the IPv4 one. We do this function pointer trick to allow > _in-kernel_ tree modules to use the function

[WireGuard] Source address fib invalidation on IPv6

2016-11-11 Thread Jason A. Donenfeld
Hi folks, If I'm replying to a UDP packet, I generally want to use a source address that's the same as the destination address of the packet to which I'm replying. For example: Peer A sends packet: src = 10.0.0.1, dst = 10.0.0.3 Peer B replies with: src = 10.0.0.3, dst = 10.0.0.1 But let's

Re: [WireGuard] [PATCH v3] ip6_output: ensure flow saddr actually belongs to device

2016-11-14 Thread Jason A. Donenfeld
On Nov 14, 2016 17:19, "David Ahern" wrote: > > LGTM > > Acked-by: David Ahern Great. @DaveM: can we get this in 4.9 and in stable? Thanks, Jason ___ WireGuard mailing list

Qt Creator for Linux Kernel Development

2016-11-22 Thread Jason A. Donenfeld
Hello Eike & Qt Creator mailing list, I'm insane and decided to try using an IDE for Linux kernel development. Much to my delight, it actually works well. (Everybody on the mailing list to which this message is cross-posted just vomited a little bit in their mouth and swallowed, but fear not: I'm

Re: [WireGuard] Is nf_conntrack really needed?

2016-11-22 Thread Jason A. Donenfeld
Hey, In fact, it's not needed if it's not needed. How to explain this apparent tautology? If conntracking is compiled into the kernel, then for ICMP, I need to ask conntracking if it's possibly mangled the src IP of the packet before giving it to the wireguard device. If conntracking isn't

  1   2   3   4   5   6   7   8   9   >