From 68035080e92cd29864aa05b6df6e4bfe174ad6d1 Mon Sep 17 00:00:00 2001 From: Brent Roman Date: Tue, 30 Jun 2020 19:17:08 -0700 Subject: [PATCH 1/7] builds for ARMv5 with GCC 4.4 --- src/Kbuild | 4 +-- .../udp_tunnel/udp_tunnel_partial_compat.h | 4 +-- .../zinc/chacha20/chacha20-unrolled-arm.S | 36 +++++++++---------- src/socket.c | 2 +- 4 files changed, 23 insertions(+), 23 deletions(-) diff --git a/src/Kbuild b/src/Kbuild index a0d433f2..c153548a 100644 --- a/src/Kbuild +++ b/src/Kbuild @@ -2,10 +2,10 @@ # # Copyright (C) 2015-2019 Jason A. Donenfeld . All Rights Reserved. -ccflags-y := -O3 +ccflags-y := -O2 ccflags-$(CONFIG_WIREGUARD_DEBUG) += -DDEBUG -g ccflags-y += -D'pr_fmt(fmt)=KBUILD_MODNAME ": " fmt' -ccflags-y += -Wframe-larger-than=2048 +#ccflags-y += -Wframe-larger-than=2048 ccflags-$(if $(WIREGUARD_VERSION),y,) += -D'WIREGUARD_VERSION="$(WIREGUARD_VERSION)"' wireguard-y := main.o noise.o device.o peer.o timers.o queueing.o send.o receive.o socket.o peerlookup.o allowedips.o ratelimiter.o cookie.o netlink.o diff --git a/src/compat/udp_tunnel/udp_tunnel_partial_compat.h b/src/compat/udp_tunnel/udp_tunnel_partial_compat.h index 0605896e..a2263963 100644 --- a/src/compat/udp_tunnel/udp_tunnel_partial_compat.h +++ b/src/compat/udp_tunnel/udp_tunnel_partial_compat.h @@ -178,11 +178,11 @@ static inline int __maybe_unused __compat_udp_sock_create(struct net *net, struc { struct udp_port_cfg old_cfg = { .family = cfg->family, - .local_ip = cfg->local_ip, + {.local_ip = cfg->local_ip}, #if IS_ENABLED(CONFIG_IPV6) .local_ip6 = cfg->local_ip6, #endif - .peer_ip = cfg->peer_ip, + {.peer_ip = cfg->peer_ip}, #if IS_ENABLED(CONFIG_IPV6) .peer_ip6 = cfg->peer_ip6, #endif diff --git a/src/crypto/zinc/chacha20/chacha20-unrolled-arm.S b/src/crypto/zinc/chacha20/chacha20-unrolled-arm.S index 8fb4bc2e..4dda4efe 100644 --- a/src/crypto/zinc/chacha20/chacha20-unrolled-arm.S +++ b/src/crypto/zinc/chacha20/chacha20-unrolled-arm.S @@ -162,9 +162,9 @@ .endr .endm -.macro _chacha nrounds +.macro _chacha nrounds, instance -.Lnext_block\@: +.Lnext_block\instance: // Stack: unused0-unused1 x10-x11 x0-x15 OUT IN LEN // Registers contain x0-x9,x12-x15. @@ -188,12 +188,12 @@ // Use slow path if fewer than 64 bytes remain. cmp r11, #64 - blt .Lxor_slowpath\@ + blt .Lxor_slowpath\instance // Use slow path if IN and/or OUT isn't 4-byte aligned. Needed even on // ARMv6+, since ldmia and stmia (used below) still require alignment. tst r10, #3 - bne .Lxor_slowpath\@ + bne .Lxor_slowpath\instance // Fast path: XOR 64 bytes of aligned data. @@ -262,9 +262,9 @@ subs r9, #64 // decrement and check LEN stmia r14!, {r2-r5} - beq .Ldone\@ + beq .Ldone\instance -.Lprepare_for_next_block\@: +.Lprepare_for_next_block\instance: // Stack: x0-x15 OUT IN LEN @@ -287,9 +287,9 @@ ldmia r14!, {r0-r11} // load x0-x11 __strd r10, r11, sp, 8 // store x10-x11 before state ldmia r14, {r10-r12,r14} // load x12-x15 - b .Lnext_block\@ + b .Lnext_block\instance -.Lxor_slowpath\@: +.Lxor_slowpath\instance: // Slow path: < 64 bytes remaining, or unaligned input or output buffer. // We handle it by storing the 64 bytes of keystream to the stack, then // XOR-ing the needed portion with the data. @@ -356,38 +356,38 @@ .if __LINUX_ARM_ARCH__ < 6 orr r2, r12, r14 tst r2, #3 // IN or OUT misaligned? - bne .Lxor_next_byte\@ + bne .Lxor_next_byte\instance .endif // XOR a word at a time .rept 16 subs r1, #4 - blt .Lxor_words_done\@ + blt .Lxor_words_done\instance ldr r2, [r12], #4 ldr r3, [r0], #4 eor r2, r2, r3 str r2, [r14], #4 .endr - b .Lxor_slowpath_done\@ -.Lxor_words_done\@: + b .Lxor_slowpath_done\instance +.Lxor_words_done\instance: ands r1, r1, #3 - beq .Lxor_slowpath_done\@ + beq .Lxor_slowpath_done\instance // XOR a byte at a time -.Lxor_next_byte\@: +.Lxor_next_byte\instance: ldrb r2, [r12], #1 ldrb r3, [r0], #1 eor r2, r2, r3 strb r2, [r14], #1 subs r1, #1 - bne .Lxor_next_byte\@ + bne .Lxor_next_byte\instance -.Lxor_slowpath_done\@: +.Lxor_slowpath_done\instance: subs r9, #64 add sp, #96 - bgt .Lprepare_for_next_block\@ + bgt .Lprepare_for_next_block\instance -.Ldone\@: +.Ldone\instance: .endm // _chacha /* diff --git a/src/socket.c b/src/socket.c index c33e2c81..a69ef86f 100644 --- a/src/socket.c +++ b/src/socket.c @@ -357,7 +357,7 @@ int wg_socket_init(struct wg_device *wg, u16 port) struct socket *new4 = NULL, *new6 = NULL; struct udp_port_cfg port4 = { .family = AF_INET, - .local_ip.s_addr = htonl(INADDR_ANY), + {.local_ip.s_addr = htonl(INADDR_ANY)}, .local_udp_port = htons(port), .use_udp_checksums = true }; From 9245414623037b0adfa24084e8585929513027bc Mon Sep 17 00:00:00 2001 From: Brent Roman Date: Sat, 5 Jun 2021 16:22:09 -0700 Subject: [PATCH 2/7] updated to -mbari2 --- wireguard.geany | 50 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 wireguard.geany diff --git a/wireguard.geany b/wireguard.geany new file mode 100644 index 00000000..351bbbdb --- /dev/null +++ b/wireguard.geany @@ -0,0 +1,50 @@ +[editor] +line_wrapping=false +line_break_column=72 +auto_continue_multiline=true + +[file_prefs] +final_new_line=false +ensure_convert_new_lines=false +strip_trailing_spaces=true +replace_tabs=false + +[indentation] +indent_width=2 +indent_type=2 +indent_hard_tab_width=4 +detect_indent=true +detect_indent_width=true +indent_mode=2 + +[project] +name=wireguard +base_path=src +description=wireguard-linux-compat +file_patterns=*.c;*.h; + +[long line marker] +long_line_behaviour=1 +long_line_column=80 + +[build-menu] +NF_00_LB=_Make +NF_00_CM=ltibMake KERNELRELEASE=3.18.140-lpc31-mbari2 KERNELDIR=~/git/linux +NF_00_WD=%p +NF_01_LB=Make Custom _Target... +NF_01_CM=ltibMake KERNELRELEASE=3.18.140-lpc31-mbari2 KERNELDIR=~/git/linux +NF_01_WD=%p +NF_02_LB=Make _Object +NF_02_CM=ltibMake %e.o +NF_02_WD=%p +NF_03_LB=Install +NF_03_CM=ltibMake KERNELRELEASE=3.18.140-lpc31-mbari2 KERNELDIR=~/git/linux DEPMOD=: INSTALL_MOD_STRIP=1 install +NF_03_WD=%p + +[prjorg] +source_patterns=*.c;*.C;*.cpp;*.cxx;*.c++;*.cc;*.m; +header_patterns=*.h;*.H;*.hpp;*.hxx;*.h++;*.hh; +ignored_dirs_patterns=.*; +ignored_file_patterns=*.o;*.obj;*.a;*.lib;*.so;*.png;*.eps;*.py;*.pdf;*.svg;*.zip;*.7z*;*.tar*;.*;*.dll;*.lo;*.la;*.class;*.jar;*.pyc;*.mo;*.gmo; +generate_tag_prefs=1 +external_dirs= From 963b92e67381016e33e148a46e06219237d6f995 Mon Sep 17 00:00:00 2001 From: Brent Roman Date: Sat, 5 Jun 2021 21:55:06 -0700 Subject: [PATCH 3/7] removed strip from install --- wireguard.geany | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wireguard.geany b/wireguard.geany index 351bbbdb..ee2ce630 100644 --- a/wireguard.geany +++ b/wireguard.geany @@ -38,7 +38,7 @@ NF_02_LB=Make _Object NF_02_CM=ltibMake %e.o NF_02_WD=%p NF_03_LB=Install -NF_03_CM=ltibMake KERNELRELEASE=3.18.140-lpc31-mbari2 KERNELDIR=~/git/linux DEPMOD=: INSTALL_MOD_STRIP=1 install +NF_03_CM=ltibMake KERNELRELEASE=3.18.140-lpc31-mbari2 KERNELDIR=~/git/linux DEPMOD=: install NF_03_WD=%p [prjorg] From bc4f5ff4b0c0461da046e03e79d7e7ff7eb1b46d Mon Sep 17 00:00:00 2001 From: Brent Roman Date: Sat, 12 Jun 2021 19:12:36 -0700 Subject: [PATCH 4/7] bumped to mbari3 kernel --- wireguard.geany | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/wireguard.geany b/wireguard.geany index ee2ce630..707c3e43 100644 --- a/wireguard.geany +++ b/wireguard.geany @@ -29,16 +29,16 @@ long_line_column=80 [build-menu] NF_00_LB=_Make -NF_00_CM=ltibMake KERNELRELEASE=3.18.140-lpc31-mbari2 KERNELDIR=~/git/linux +NF_00_CM=ltibMake KERNELRELEASE=3.18.140-lpc31-mbari3 KERNELDIR=~/git/linux NF_00_WD=%p NF_01_LB=Make Custom _Target... -NF_01_CM=ltibMake KERNELRELEASE=3.18.140-lpc31-mbari2 KERNELDIR=~/git/linux +NF_01_CM=ltibMake KERNELRELEASE=3.18.140-lpc31-mbari3 KERNELDIR=~/git/linux NF_01_WD=%p NF_02_LB=Make _Object NF_02_CM=ltibMake %e.o NF_02_WD=%p NF_03_LB=Install -NF_03_CM=ltibMake KERNELRELEASE=3.18.140-lpc31-mbari2 KERNELDIR=~/git/linux DEPMOD=: install +NF_03_CM=ltibMake KERNELRELEASE=3.18.140-lpc31-mbari3 KERNELDIR=~/git/linux DEPMOD=: install NF_03_WD=%p [prjorg] From 6126f7744db3016253326594ddd56f2a2eca87a8 Mon Sep 17 00:00:00 2001 From: Brent Roman Date: Sat, 30 Oct 2021 14:44:25 -0700 Subject: [PATCH 5/7] Do not select VFP because many older ARM CPUs lack FPU hardware --- src/Kconfig | 2 +- wireguard.geany | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/Kconfig b/src/Kconfig index 156e9dbf..93997733 100644 --- a/src/Kconfig +++ b/src/Kconfig @@ -6,7 +6,7 @@ config WIREGUARD select DST_CACHE select CRYPTO select CRYPTO_ALGAPI - select VFP +# select VFP #NXP LPC31x1 lacks floating point hardware select VFPv3 if CPU_V7 select NEON if CPU_V7 select KERNEL_MODE_NEON if CPU_V7 diff --git a/wireguard.geany b/wireguard.geany index 707c3e43..ccbb5cb9 100644 --- a/wireguard.geany +++ b/wireguard.geany @@ -48,3 +48,4 @@ ignored_dirs_patterns=.*; ignored_file_patterns=*.o;*.obj;*.a;*.lib;*.so;*.png;*.eps;*.py;*.pdf;*.svg;*.zip;*.7z*;*.tar*;.*;*.dll;*.lo;*.la;*.class;*.jar;*.pyc;*.mo;*.gmo; generate_tag_prefs=1 external_dirs= +show_empty_dirs=true From ffe026941a9d20fc93b0bcef331f6da804e369d3 Mon Sep 17 00:00:00 2001 From: Brent Roman Date: Sat, 30 Oct 2021 23:04:30 -0700 Subject: [PATCH 6/7] point build commands at new kernel source tree --- wireguard.geany | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/wireguard.geany b/wireguard.geany index ccbb5cb9..7c85f32d 100644 --- a/wireguard.geany +++ b/wireguard.geany @@ -29,16 +29,16 @@ long_line_column=80 [build-menu] NF_00_LB=_Make -NF_00_CM=ltibMake KERNELRELEASE=3.18.140-lpc31-mbari3 KERNELDIR=~/git/linux +NF_00_CM=ltibMake KERNELRELEASE=3.18.140-lpc31-mbari3 KERNELDIR=~/git/linux-lpc31 NF_00_WD=%p NF_01_LB=Make Custom _Target... -NF_01_CM=ltibMake KERNELRELEASE=3.18.140-lpc31-mbari3 KERNELDIR=~/git/linux +NF_01_CM=ltibMake KERNELRELEASE=3.18.140-lpc31-mbari3 KERNELDIR=~/git/linux-lpc31 NF_01_WD=%p NF_02_LB=Make _Object NF_02_CM=ltibMake %e.o NF_02_WD=%p NF_03_LB=Install -NF_03_CM=ltibMake KERNELRELEASE=3.18.140-lpc31-mbari3 KERNELDIR=~/git/linux DEPMOD=: install +NF_03_CM=ltibMake KERNELRELEASE=3.18.140-lpc31-mbari3 KERNELDIR=~/git/linux-lpc31 DEPMOD=: install NF_03_WD=%p [prjorg] From 590534bb180aa1f78ba64868933bf7c6b124b95b Mon Sep 17 00:00:00 2001 From: Brent Roman Date: Wed, 5 Feb 2025 16:53:27 -0800 Subject: [PATCH 7/7] adjust timeouts for expensive, high latency links --- src/main.c | 2 +- src/messages.h | 7 +++++-- src/timers.c | 2 +- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/src/main.c b/src/main.c index 54350115..a80d0601 100644 --- a/src/main.c +++ b/src/main.c @@ -41,7 +41,7 @@ static int __init mod_init(void) if (ret < 0) goto err_netlink; - pr_info("WireGuard " WIREGUARD_VERSION " loaded. See www.wireguard.com for information.\n"); + pr_info("WireGuard " WIREGUARD_VERSION "-mbari1 loaded. See www.wireguard.com for information.\n"); pr_info("Copyright (C) 2015-2019 Jason A. Donenfeld . All Rights Reserved.\n"); return 0; diff --git a/src/messages.h b/src/messages.h index 1d1ed18f..3e7e853d 100644 --- a/src/messages.h +++ b/src/messages.h @@ -38,12 +38,15 @@ enum counter_values { }; enum limits { + //adjust for expensive, high latency links -- brent@mbari.org 10-Mar-2024 + //all that can be done while ensuring interoperability with unpatched version REKEY_AFTER_MESSAGES = 1ULL << 60, REJECT_AFTER_MESSAGES = U64_MAX - COUNTER_WINDOW_SIZE - 1, + INITIAL_REKEY_TIMEOUT = 10, REKEY_TIMEOUT = 5, REKEY_TIMEOUT_JITTER_MAX_JIFFIES = HZ / 3, - REKEY_AFTER_TIME = 120, - REJECT_AFTER_TIME = 180, + REKEY_AFTER_TIME = 150, //was 120 + REJECT_AFTER_TIME = 210, //was 180 INITIATIONS_PER_SECOND = 50, MAX_PEERS_PER_DEVICE = 1U << 20, KEEPALIVE_TIMEOUT = 10, diff --git a/src/timers.c b/src/timers.c index d54d32ac..f1bae4c5 100644 --- a/src/timers.c +++ b/src/timers.c @@ -182,7 +182,7 @@ void wg_timers_any_authenticated_packet_received(struct wg_peer *peer) void wg_timers_handshake_initiated(struct wg_peer *peer) { mod_peer_timer(peer, &peer->timer_retransmit_handshake, - jiffies + REKEY_TIMEOUT * HZ + + jiffies + INITIAL_REKEY_TIMEOUT * HZ + prandom_u32_max(REKEY_TIMEOUT_JITTER_MAX_JIFFIES)); }