diff --git a/src/Kbuild b/src/Kbuild index a0d433f2..c153548a 100644 --- a/src/Kbuild +++ b/src/Kbuild @@ -2,10 +2,10 @@ # # Copyright (C) 2015-2019 Jason A. Donenfeld . All Rights Reserved. -ccflags-y := -O3 +ccflags-y := -O2 ccflags-$(CONFIG_WIREGUARD_DEBUG) += -DDEBUG -g ccflags-y += -D'pr_fmt(fmt)=KBUILD_MODNAME ": " fmt' -ccflags-y += -Wframe-larger-than=2048 +#ccflags-y += -Wframe-larger-than=2048 ccflags-$(if $(WIREGUARD_VERSION),y,) += -D'WIREGUARD_VERSION="$(WIREGUARD_VERSION)"' wireguard-y := main.o noise.o device.o peer.o timers.o queueing.o send.o receive.o socket.o peerlookup.o allowedips.o ratelimiter.o cookie.o netlink.o diff --git a/src/Kconfig b/src/Kconfig index 156e9dbf..93997733 100644 --- a/src/Kconfig +++ b/src/Kconfig @@ -6,7 +6,7 @@ config WIREGUARD select DST_CACHE select CRYPTO select CRYPTO_ALGAPI - select VFP +# select VFP #NXP LPC31x1 lacks floating point hardware select VFPv3 if CPU_V7 select NEON if CPU_V7 select KERNEL_MODE_NEON if CPU_V7 diff --git a/src/compat/udp_tunnel/udp_tunnel_partial_compat.h b/src/compat/udp_tunnel/udp_tunnel_partial_compat.h index 0605896e..a2263963 100644 --- a/src/compat/udp_tunnel/udp_tunnel_partial_compat.h +++ b/src/compat/udp_tunnel/udp_tunnel_partial_compat.h @@ -178,11 +178,11 @@ static inline int __maybe_unused __compat_udp_sock_create(struct net *net, struc { struct udp_port_cfg old_cfg = { .family = cfg->family, - .local_ip = cfg->local_ip, + {.local_ip = cfg->local_ip}, #if IS_ENABLED(CONFIG_IPV6) .local_ip6 = cfg->local_ip6, #endif - .peer_ip = cfg->peer_ip, + {.peer_ip = cfg->peer_ip}, #if IS_ENABLED(CONFIG_IPV6) .peer_ip6 = cfg->peer_ip6, #endif diff --git a/src/crypto/zinc/chacha20/chacha20-unrolled-arm.S b/src/crypto/zinc/chacha20/chacha20-unrolled-arm.S index 8fb4bc2e..4dda4efe 100644 --- a/src/crypto/zinc/chacha20/chacha20-unrolled-arm.S +++ b/src/crypto/zinc/chacha20/chacha20-unrolled-arm.S @@ -162,9 +162,9 @@ .endr .endm -.macro _chacha nrounds +.macro _chacha nrounds, instance -.Lnext_block\@: +.Lnext_block\instance: // Stack: unused0-unused1 x10-x11 x0-x15 OUT IN LEN // Registers contain x0-x9,x12-x15. @@ -188,12 +188,12 @@ // Use slow path if fewer than 64 bytes remain. cmp r11, #64 - blt .Lxor_slowpath\@ + blt .Lxor_slowpath\instance // Use slow path if IN and/or OUT isn't 4-byte aligned. Needed even on // ARMv6+, since ldmia and stmia (used below) still require alignment. tst r10, #3 - bne .Lxor_slowpath\@ + bne .Lxor_slowpath\instance // Fast path: XOR 64 bytes of aligned data. @@ -262,9 +262,9 @@ subs r9, #64 // decrement and check LEN stmia r14!, {r2-r5} - beq .Ldone\@ + beq .Ldone\instance -.Lprepare_for_next_block\@: +.Lprepare_for_next_block\instance: // Stack: x0-x15 OUT IN LEN @@ -287,9 +287,9 @@ ldmia r14!, {r0-r11} // load x0-x11 __strd r10, r11, sp, 8 // store x10-x11 before state ldmia r14, {r10-r12,r14} // load x12-x15 - b .Lnext_block\@ + b .Lnext_block\instance -.Lxor_slowpath\@: +.Lxor_slowpath\instance: // Slow path: < 64 bytes remaining, or unaligned input or output buffer. // We handle it by storing the 64 bytes of keystream to the stack, then // XOR-ing the needed portion with the data. @@ -356,38 +356,38 @@ .if __LINUX_ARM_ARCH__ < 6 orr r2, r12, r14 tst r2, #3 // IN or OUT misaligned? - bne .Lxor_next_byte\@ + bne .Lxor_next_byte\instance .endif // XOR a word at a time .rept 16 subs r1, #4 - blt .Lxor_words_done\@ + blt .Lxor_words_done\instance ldr r2, [r12], #4 ldr r3, [r0], #4 eor r2, r2, r3 str r2, [r14], #4 .endr - b .Lxor_slowpath_done\@ -.Lxor_words_done\@: + b .Lxor_slowpath_done\instance +.Lxor_words_done\instance: ands r1, r1, #3 - beq .Lxor_slowpath_done\@ + beq .Lxor_slowpath_done\instance // XOR a byte at a time -.Lxor_next_byte\@: +.Lxor_next_byte\instance: ldrb r2, [r12], #1 ldrb r3, [r0], #1 eor r2, r2, r3 strb r2, [r14], #1 subs r1, #1 - bne .Lxor_next_byte\@ + bne .Lxor_next_byte\instance -.Lxor_slowpath_done\@: +.Lxor_slowpath_done\instance: subs r9, #64 add sp, #96 - bgt .Lprepare_for_next_block\@ + bgt .Lprepare_for_next_block\instance -.Ldone\@: +.Ldone\instance: .endm // _chacha /* diff --git a/src/main.c b/src/main.c index 54350115..a80d0601 100644 --- a/src/main.c +++ b/src/main.c @@ -41,7 +41,7 @@ static int __init mod_init(void) if (ret < 0) goto err_netlink; - pr_info("WireGuard " WIREGUARD_VERSION " loaded. See www.wireguard.com for information.\n"); + pr_info("WireGuard " WIREGUARD_VERSION "-mbari1 loaded. See www.wireguard.com for information.\n"); pr_info("Copyright (C) 2015-2019 Jason A. Donenfeld . All Rights Reserved.\n"); return 0; diff --git a/src/messages.h b/src/messages.h index 1d1ed18f..3e7e853d 100644 --- a/src/messages.h +++ b/src/messages.h @@ -38,12 +38,15 @@ enum counter_values { }; enum limits { + //adjust for expensive, high latency links -- brent@mbari.org 10-Mar-2024 + //all that can be done while ensuring interoperability with unpatched version REKEY_AFTER_MESSAGES = 1ULL << 60, REJECT_AFTER_MESSAGES = U64_MAX - COUNTER_WINDOW_SIZE - 1, + INITIAL_REKEY_TIMEOUT = 10, REKEY_TIMEOUT = 5, REKEY_TIMEOUT_JITTER_MAX_JIFFIES = HZ / 3, - REKEY_AFTER_TIME = 120, - REJECT_AFTER_TIME = 180, + REKEY_AFTER_TIME = 150, //was 120 + REJECT_AFTER_TIME = 210, //was 180 INITIATIONS_PER_SECOND = 50, MAX_PEERS_PER_DEVICE = 1U << 20, KEEPALIVE_TIMEOUT = 10, diff --git a/src/socket.c b/src/socket.c index e8eceeb0..f0c7a366 100644 --- a/src/socket.c +++ b/src/socket.c @@ -357,7 +357,7 @@ int wg_socket_init(struct wg_device *wg, u16 port) struct socket *new4 = NULL, *new6 = NULL; struct udp_port_cfg port4 = { .family = AF_INET, - .local_ip.s_addr = htonl(INADDR_ANY), + {.local_ip.s_addr = htonl(INADDR_ANY)}, .local_udp_port = htons(port), .use_udp_checksums = true }; diff --git a/src/timers.c b/src/timers.c index d54d32ac..f1bae4c5 100644 --- a/src/timers.c +++ b/src/timers.c @@ -182,7 +182,7 @@ void wg_timers_any_authenticated_packet_received(struct wg_peer *peer) void wg_timers_handshake_initiated(struct wg_peer *peer) { mod_peer_timer(peer, &peer->timer_retransmit_handshake, - jiffies + REKEY_TIMEOUT * HZ + + jiffies + INITIAL_REKEY_TIMEOUT * HZ + prandom_u32_max(REKEY_TIMEOUT_JITTER_MAX_JIFFIES)); } diff --git a/wireguard.geany b/wireguard.geany new file mode 100644 index 00000000..7c85f32d --- /dev/null +++ b/wireguard.geany @@ -0,0 +1,51 @@ +[editor] +line_wrapping=false +line_break_column=72 +auto_continue_multiline=true + +[file_prefs] +final_new_line=false +ensure_convert_new_lines=false +strip_trailing_spaces=true +replace_tabs=false + +[indentation] +indent_width=2 +indent_type=2 +indent_hard_tab_width=4 +detect_indent=true +detect_indent_width=true +indent_mode=2 + +[project] +name=wireguard +base_path=src +description=wireguard-linux-compat +file_patterns=*.c;*.h; + +[long line marker] +long_line_behaviour=1 +long_line_column=80 + +[build-menu] +NF_00_LB=_Make +NF_00_CM=ltibMake KERNELRELEASE=3.18.140-lpc31-mbari3 KERNELDIR=~/git/linux-lpc31 +NF_00_WD=%p +NF_01_LB=Make Custom _Target... +NF_01_CM=ltibMake KERNELRELEASE=3.18.140-lpc31-mbari3 KERNELDIR=~/git/linux-lpc31 +NF_01_WD=%p +NF_02_LB=Make _Object +NF_02_CM=ltibMake %e.o +NF_02_WD=%p +NF_03_LB=Install +NF_03_CM=ltibMake KERNELRELEASE=3.18.140-lpc31-mbari3 KERNELDIR=~/git/linux-lpc31 DEPMOD=: install +NF_03_WD=%p + +[prjorg] +source_patterns=*.c;*.C;*.cpp;*.cxx;*.c++;*.cc;*.m; +header_patterns=*.h;*.H;*.hpp;*.hxx;*.h++;*.hh; +ignored_dirs_patterns=.*; +ignored_file_patterns=*.o;*.obj;*.a;*.lib;*.so;*.png;*.eps;*.py;*.pdf;*.svg;*.zip;*.7z*;*.tar*;.*;*.dll;*.lo;*.la;*.class;*.jar;*.pyc;*.mo;*.gmo; +generate_tag_prefs=1 +external_dirs= +show_empty_dirs=true