freebsd-skq/include
Kyle Evans 74ae3f3e33 if_wg: import latest fixup work from the wireguard-freebsd project
This is the culmination of about a week of work from three developers to
fix a number of functional and security issues.  This patch consists of
work done by the following folks:

- Jason A. Donenfeld <Jason@zx2c4.com>
- Matt Dunwoodie <ncon@noconroy.net>
- Kyle Evans <kevans@FreeBSD.org>

Notable changes include:
- Packets are now correctly staged for processing once the handshake has
  completed, resulting in less packet loss in the interim.
- Various race conditions have been resolved, particularly w.r.t. socket
  and packet lifetime (panics)
- Various tests have been added to assure correct functionality and
  tooling conformance
- Many security issues have been addressed
- if_wg now maintains jail-friendly semantics: sockets are created in
  the interface's home vnet so that it can act as the sole network
  connection for a jail
- if_wg no longer fails to remove peer allowed-ips of 0.0.0.0/0
- if_wg now exports via ioctl a format that is future proof and
  complete.  It is additionally supported by the upstream
  wireguard-tools (which we plan to merge in to base soon)
- if_wg now conforms to the WireGuard protocol and is more closely
  aligned with security auditing guidelines

Note that the driver has been rebased away from using iflib.  iflib
poses a number of challenges for a cloned device trying to operate in a
vnet that are non-trivial to solve and adds complexity to the
implementation for little gain.

The crypto implementation that was previously added to the tree was a
super complex integration of what previously appeared in an old out of
tree Linux module, which has been reduced to crypto.c containing simple
boring reference implementations.  This is part of a near-to-mid term
goal to work with FreeBSD kernel crypto folks and take advantage of or
improve accelerated crypto already offered elsewhere.

There's additional test suite effort underway out-of-tree taking
advantage of the aforementioned jail-friendly semantics to test a number
of real-world topologies, based on netns.sh.

Also note that this is still a work in progress; work going further will
be much smaller in nature.

MFC after:	1 month (maybe)
2021-03-14 23:52:04 -05:00
..
arpa SPDX: license IDs for some ISC-related files. 2017-12-08 15:57:29 +00:00
gssapi
protocols Clean up global variable declarations in the dump and restore 2020-04-04 00:56:56 +00:00
rpc include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
rpcsvc Increase YPMAXRECORD to 16M to be compatible with Linux. 2019-08-12 20:27:33 +00:00
xlocale Implement strerror_l(). 2020-12-16 09:02:09 +00:00
_ctype.h include: further adoption of SPDX licensing ID tags. 2017-11-20 19:45:28 +00:00
a.out.h include: further adoption of SPDX licensing ID tags. 2017-11-20 19:45:28 +00:00
ar.h include: further adoption of SPDX licensing ID tags. 2017-11-20 19:45:28 +00:00
assert.h include: further adoption of SPDX licensing ID tags. 2017-11-20 19:45:28 +00:00
bitstring.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
complex.h msun: add ld80/ld128 powl, cpow, cpowf, cpowl from openbsd 2018-07-15 00:23:10 +00:00
cpio.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
ctype.h include: further adoption of SPDX licensing ID tags. 2017-11-20 19:45:28 +00:00
db.h include: further adoption of SPDX licensing ID tags. 2017-11-20 19:45:28 +00:00
dirent.h include: further adoption of SPDX licensing ID tags. 2017-11-20 19:45:28 +00:00
dlfcn.h Implement RTLD_DEEPBIND. 2020-05-15 11:58:01 +00:00
elf-hints.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
elf.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
err.h Avoid implicit gcc nonnull attribute in vwarnx(). 2018-01-28 19:37:30 +00:00
fmtmsg.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
fnmatch.h include: further adoption of SPDX licensing ID tags. 2017-11-20 19:45:28 +00:00
fstab.h include: further adoption of SPDX licensing ID tags. 2017-11-20 19:45:28 +00:00
fts.h include: further adoption of SPDX licensing ID tags. 2017-11-20 19:45:28 +00:00
ftw.h SPDX: license IDs for some ISC-related files. 2017-12-08 15:57:29 +00:00
getopt.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
glob.h include: further adoption of SPDX licensing ID tags. 2017-11-20 19:45:28 +00:00
grp.h include: further adoption of SPDX licensing ID tags. 2017-11-20 19:45:28 +00:00
gssapi.h
hesiod.h SPDX: license IDs for some ISC-related files. 2017-12-08 15:57:29 +00:00
iconv.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
ieeefp.h
ifaddrs.h SPDX: mostly fixes to previous changes. 2017-12-13 16:13:17 +00:00
inttypes.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
iso646.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
kenv.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
langinfo.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
libgen.h Remove basename_r(3). 2017-12-08 22:06:18 +00:00
limits.h Reduce NL_ARGMAX to 4096 to match Linux. 2018-10-04 21:55:58 +00:00
link.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
locale.h include: further adoption of SPDX licensing ID tags. 2017-11-20 19:45:28 +00:00
Makefile if_wg: import latest fixup work from the wireguard-freebsd project 2021-03-14 23:52:04 -05:00
Makefile.depend
malloc_np.h Add memalign(3), mostly for glibc compatibility. 2020-05-14 21:12:08 +00:00
malloc.h Make include/malloc.h usable again. 2020-05-12 18:17:57 +00:00
memory.h include: further adoption of SPDX licensing ID tags. 2017-11-20 19:45:28 +00:00
mk-osreldate.sh Move to using newvers -c instead of VARS_ONLY=1 2019-05-23 17:19:05 +00:00
monetary.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
mpool.h include: further adoption of SPDX licensing ID tags. 2017-11-20 19:45:28 +00:00
mqueue.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
ndbm.h include: further adoption of SPDX licensing ID tags. 2017-11-20 19:45:28 +00:00
netconfig.h netconfig.h: sync with upstream. 2017-11-27 17:18:31 +00:00
netdb.h Fix mismatch from r342379. 2018-12-23 20:51:13 +00:00
nl_types.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
nlist.h include: further adoption of SPDX licensing ID tags. 2017-11-20 19:45:28 +00:00
nss.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
nsswitch.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
paths.h Add search of LOCALBASE/share/calendar for calendars supplied by a port. 2020-10-23 09:22:23 +00:00
printf.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
proc_service.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
pthread_np.h Revert r361770 "Add pthread_getname_np() and pthread_setname_np() aliases" for now. 2020-06-04 09:06:03 +00:00
pthread.h Add pthread_getname_np() and pthread_setname_np() aliases for 2020-06-10 22:13:24 +00:00
pwd.h include: further adoption of SPDX licensing ID tags. 2017-11-20 19:45:28 +00:00
ranlib.h include: further adoption of SPDX licensing ID tags. 2017-11-20 19:45:28 +00:00
readpassphrase.h SPDX: license IDs for some ISC-related files. 2017-12-08 15:57:29 +00:00
regex.h <regex.h>: reserve a regcomp field for REG_POSIX 2020-07-31 12:40:31 +00:00
res_update.h SPDX: license IDs for some ISC-related files. 2017-12-08 15:57:29 +00:00
resolv.h SPDX: license IDs for some ISC-related files. 2017-12-08 15:57:29 +00:00
runetype.h Remove __NO_TLS. 2021-02-23 20:08:10 +02:00
search.h Improve typing of POSIX search tree functions. 2016-10-13 18:25:40 +00:00
semaphore.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
setjmp.h include: further adoption of SPDX licensing ID tags. 2017-11-20 19:45:28 +00:00
signal.h Add sigsetop extensions commonly found in musl libc and glibc 2019-12-12 01:41:55 +00:00
spawn.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
stab.h include: further adoption of SPDX licensing ID tags. 2017-11-20 19:45:28 +00:00
stdalign.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
stdbool.h Remove obsolete check for GCC < 3 and support for Intel Compiler 2020-10-24 23:21:06 +00:00
stddef.h include: further adoption of SPDX licensing ID tags. 2017-11-20 19:45:28 +00:00
stdio.h libc: provide fputc_unlocked 2020-02-02 19:45:12 +00:00
stdlib.h Remove obsolete check for GCC < 3 and support for Intel Compiler 2020-10-24 23:21:06 +00:00
stdnoreturn.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
string.h Change POSIX compliance level for visibility of strerror_l(3). 2020-12-17 17:08:25 +00:00
stringlist.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
strings.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
sysexits.h include: further adoption of SPDX licensing ID tags. 2017-11-20 19:45:28 +00:00
tar.h include: further adoption of SPDX licensing ID tags. 2017-11-20 19:45:28 +00:00
termios.h Add tcgetwinsize(3) and tcsetwinsize(3) to termios 2020-12-25 20:43:09 +02:00
tgmath.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
time.h Make CLOCK_REALTIME and TIMER_ABSTIME available for XOPEN_SOURCE >= 500. 2020-07-14 20:23:27 +00:00
timeconv.h include: further adoption of SPDX licensing ID tags. 2017-11-20 19:45:28 +00:00
timers.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
ttyent.h Improve missing tty handling in init(8). This removes a check that did 2018-02-27 10:54:15 +00:00
uchar.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
ulimit.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
unistd.h getlogin_r: fix the type of len 2020-09-09 18:07:13 +00:00
unwind.h SPDX: license IDs for some ISC-related files. 2017-12-08 15:57:29 +00:00
utime.h include: further adoption of SPDX licensing ID tags. 2017-11-20 19:45:28 +00:00
utmpx.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
uuid.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
varargs.h We don't support gcc < 4.2.1, so varargs.h now is just #error 2018-02-12 14:48:14 +00:00
wchar.h SPDX: license IDs for some ISC-related files. 2017-12-08 15:57:29 +00:00
wctype.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
wordexp.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00
xlocale.h include: General further adoption of SPDX licensing ID tags. 2017-11-25 17:09:43 +00:00