aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/linux-libre-wireguard-postup-privkey.patch
diff options
context:
space:
mode:
authorLiliana Marie Prikler <liliana.prikler@gmail.com>2023-08-14 00:32:53 +0200
committerLiliana Marie Prikler <liliana.prikler@gmail.com>2023-08-14 00:32:53 +0200
commit51deacd8604b59aa434e944c73aecefd5183d13e (patch)
tree7429b8652ce656f883e8277ec95e273d88fe0fe3 /gnu/packages/patches/linux-libre-wireguard-postup-privkey.patch
parent3349a50d700a2112a31ac4ce6cc6639d3b4cf1e2 (diff)
parentbe6f5edd445850720dfcec2642db643b84fc0645 (diff)
downloadguix-51deacd8604b59aa434e944c73aecefd5183d13e.tar.gz
guix-51deacd8604b59aa434e944c73aecefd5183d13e.zip
Merge branch 'master' into emacs-team
Diffstat (limited to 'gnu/packages/patches/linux-libre-wireguard-postup-privkey.patch')
-rw-r--r--gnu/packages/patches/linux-libre-wireguard-postup-privkey.patch119
1 files changed, 0 insertions, 119 deletions
diff --git a/gnu/packages/patches/linux-libre-wireguard-postup-privkey.patch b/gnu/packages/patches/linux-libre-wireguard-postup-privkey.patch
deleted file mode 100644
index a6050499e1..0000000000
--- a/gnu/packages/patches/linux-libre-wireguard-postup-privkey.patch
+++ /dev/null
@@ -1,119 +0,0 @@
-From 3ac1bf099766f1e9735883d5127148054cd5b30a Mon Sep 17 00:00:00 2001
-From: "Jason A. Donenfeld" <Jason@zx2c4.com>
-Date: Thu, 18 May 2023 03:08:44 +0200
-Subject: wireguard: netlink: send staged packets when setting initial private
- key
-
-Packets bound for peers can queue up prior to the device private key
-being set. For example, if persistent keepalive is set, a packet is
-queued up to be sent as soon as the device comes up. However, if the
-private key hasn't been set yet, the handshake message never sends, and
-no timer is armed to retry, since that would be pointless.
-
-But, if a user later sets a private key, the expectation is that those
-queued packets, such as a persistent keepalive, are actually sent. So
-adjust the configuration logic to account for this edge case, and add a
-test case to make sure this works.
-
-Maxim noticed this with a wg-quick(8) config to the tune of:
-
- [Interface]
- PostUp = wg set %i private-key somefile
-
- [Peer]
- PublicKey = ...
- Endpoint = ...
- PersistentKeepalive = 25
-
-Here, the private key gets set after the device comes up using a PostUp
-script, triggering the bug.
-
-Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
-Cc: stable@vger.kernel.org
-Reported-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
-Link: https://lore.kernel.org/wireguard/87fs7xtqrv.fsf@gmail.com/
-Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
----
- drivers/net/wireguard/netlink.c | 14 +++++++++-----
- tools/testing/selftests/wireguard/netns.sh | 30 ++++++++++++++++++++++++++----
- 2 files changed, 35 insertions(+), 9 deletions(-)
-
-diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlink.c
-index 43c8c84e7ea8..6d1bd9f52d02 100644
---- a/drivers/net/wireguard/netlink.c
-+++ b/drivers/net/wireguard/netlink.c
-@@ -546,6 +546,7 @@ static int wg_set_device(struct sk_buff *skb, struct genl_info *info)
- u8 *private_key = nla_data(info->attrs[WGDEVICE_A_PRIVATE_KEY]);
- u8 public_key[NOISE_PUBLIC_KEY_LEN];
- struct wg_peer *peer, *temp;
-+ bool send_staged_packets;
-
- if (!crypto_memneq(wg->static_identity.static_private,
- private_key, NOISE_PUBLIC_KEY_LEN))
-@@ -564,14 +565,17 @@ static int wg_set_device(struct sk_buff *skb, struct genl_info *info)
- }
-
- down_write(&wg->static_identity.lock);
-- wg_noise_set_static_identity_private_key(&wg->static_identity,
-- private_key);
-- list_for_each_entry_safe(peer, temp, &wg->peer_list,
-- peer_list) {
-+ send_staged_packets = !wg->static_identity.has_identity && netif_running(wg->dev);
-+ wg_noise_set_static_identity_private_key(&wg->static_identity, private_key);
-+ send_staged_packets = send_staged_packets && wg->static_identity.has_identity;
-+
-+ wg_cookie_checker_precompute_device_keys(&wg->cookie_checker);
-+ list_for_each_entry_safe(peer, temp, &wg->peer_list, peer_list) {
- wg_noise_precompute_static_static(peer);
- wg_noise_expire_current_peer_keypairs(peer);
-+ if (send_staged_packets)
-+ wg_packet_send_staged_packets(peer);
- }
-- wg_cookie_checker_precompute_device_keys(&wg->cookie_checker);
- up_write(&wg->static_identity.lock);
- }
- skip_set_private_key:
-diff --git a/tools/testing/selftests/wireguard/netns.sh b/tools/testing/selftests/wireguard/netns.sh
-index 69c7796c7ca9..405ff262ca93 100755
---- a/tools/testing/selftests/wireguard/netns.sh
-+++ b/tools/testing/selftests/wireguard/netns.sh
-@@ -514,10 +514,32 @@ n2 bash -c 'printf 0 > /proc/sys/net/ipv4/conf/all/rp_filter'
- n1 ping -W 1 -c 1 192.168.241.2
- [[ $(n2 wg show wg0 endpoints) == "$pub1 10.0.0.3:1" ]]
-
--ip1 link del veth1
--ip1 link del veth3
--ip1 link del wg0
--ip2 link del wg0
-+ip1 link del dev veth3
-+ip1 link del dev wg0
-+ip2 link del dev wg0
-+
-+# Make sure persistent keep alives are sent when an adapter comes up
-+ip1 link add dev wg0 type wireguard
-+n1 wg set wg0 private-key <(echo "$key1") peer "$pub2" endpoint 10.0.0.1:1 persistent-keepalive 1
-+read _ _ tx_bytes < <(n1 wg show wg0 transfer)
-+[[ $tx_bytes -eq 0 ]]
-+ip1 link set dev wg0 up
-+read _ _ tx_bytes < <(n1 wg show wg0 transfer)
-+[[ $tx_bytes -gt 0 ]]
-+ip1 link del dev wg0
-+# This should also happen even if the private key is set later
-+ip1 link add dev wg0 type wireguard
-+n1 wg set wg0 peer "$pub2" endpoint 10.0.0.1:1 persistent-keepalive 1
-+read _ _ tx_bytes < <(n1 wg show wg0 transfer)
-+[[ $tx_bytes -eq 0 ]]
-+ip1 link set dev wg0 up
-+read _ _ tx_bytes < <(n1 wg show wg0 transfer)
-+[[ $tx_bytes -eq 0 ]]
-+n1 wg set wg0 private-key <(echo "$key1")
-+read _ _ tx_bytes < <(n1 wg show wg0 transfer)
-+[[ $tx_bytes -gt 0 ]]
-+ip1 link del dev veth1
-+ip1 link del dev wg0
-
- # We test that Netlink/IPC is working properly by doing things that usually cause split responses
- ip0 link add dev wg0 type wireguard
---
-cgit v1.2.3-59-g8ed1b
-