net/wireguard-kmod: Update to 0.0.20210428

net/wireguard-kmod/Makefile

@@ -1,6 +1,5 @@
 PORTNAME=	wireguard-kmod
-PORTVERSION=	0.0.20210424
-PORTREVISION=	1
+PORTVERSION=	0.0.20210428
 CATEGORIES=	net net-vpn
 MASTER_SITES=	https://git.zx2c4.com/wireguard-freebsd/snapshot/
 DISTNAME=	wireguard-freebsd-${PORTVERSION}

net/wireguard-kmod/distinfo

@@ -1,3 +1,3 @@
-TIMESTAMP = 1619285662
-SHA256 (wireguard-freebsd-0.0.20210424.tar.xz) = bfa8d3c4854f802567db51a89fdea32e7bf98a3d54a525359bdb240f2e864735
-SIZE (wireguard-freebsd-0.0.20210424.tar.xz) = 49948
+TIMESTAMP = 1619688377
+SHA256 (wireguard-freebsd-0.0.20210428.tar.xz) = cceebd8f3f21d522342b3629fa0350e4fbc64a00035d330f82301741e56def46
+SIZE (wireguard-freebsd-0.0.20210428.tar.xz) = 50404

net/wireguard-kmod/files/patch-dd04bc5aa4a3607fd2277a5d7953a2a20a411696

@@ -1,99 +0,0 @@
-From dd04bc5aa4a3607fd2277a5d7953a2a20a411696 Mon Sep 17 00:00:00 2001
-From: "Jason A. Donenfeld" <Jason@zx2c4.com>
-Date: Sat, 24 Apr 2021 16:12:23 -0400
-Subject: wg_noise: compile on 32-bit
-
-The lack of 64bit atomic helpers on 32bit is an annoyance.
-
-Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
----
- src/wg_noise.c | 44 +++++++++++++++++++++++++++++++++++++-------
- 1 file changed, 37 insertions(+), 7 deletions(-)
-
-diff --git a/src/wg_noise.c b/src/wg_noise.c
-index 5ef7a58c3146..7acf1b6ab7cb 100644
---- wg_noise.c
-+++ wg_noise.c
-@@ -780,11 +780,14 @@ noise_keypair_remote(struct noise_keypair *kp)
- int
- noise_keypair_nonce_next(struct noise_keypair *kp, uint64_t *send)
- {
-+	if (!ck_pr_load_bool(&kp->kp_can_send))
-+		return (EINVAL);
-+
- #ifdef __LP64__
--	*send = atomic_fetchadd_64(&kp->kp_nonce_send, 1);
-+	*send = ck_pr_faa_64(&kp->kp_nonce_send, 1);
- #else
- 	rw_wlock(&kp->kp_nonce_lock);
--	*send = ctr->c_send++;
-+	*send = kp->kp_nonce_send++;
- 	rw_wunlock(&kp->kp_nonce_lock);
- #endif
- 	if (*send < REJECT_AFTER_MESSAGES)
-@@ -821,7 +824,11 @@ noise_keypair_nonce_check(struct noise_keypair *kp, uint64_t recv)
- 		for (i = 1; i <= top; i++)
- 			kp->kp_backtrack[
- 			    (i + index_ctr) & (COUNTER_NUM - 1)] = 0;
-+#ifdef __LP64__
- 		ck_pr_store_64(&kp->kp_nonce_recv, recv);
-+#else
-+		kp->kp_nonce_recv = recv;
-+#endif
- 	}
- 
- 	index_recv %= COUNTER_NUM;
-@@ -844,14 +851,27 @@ noise_keep_key_fresh_send(struct noise_remote *r)
- 	struct epoch_tracker et;
- 	struct noise_keypair *current;
- 	int keep_key_fresh;
-+	uint64_t nonce;
- 
- 	NET_EPOCH_ENTER(et);
- 	current = ck_pr_load_ptr(&r->r_current);
--	keep_key_fresh = current != NULL && ck_pr_load_bool(&current->kp_can_send) && (
--	    ck_pr_load_64(&current->kp_nonce_send) > REKEY_AFTER_MESSAGES ||
--	    (current->kp_is_initiator && noise_timer_expired(current->kp_birthdate, REKEY_AFTER_TIME, 0)));
--	NET_EPOCH_EXIT(et);
-+	keep_key_fresh = current != NULL && ck_pr_load_bool(&current->kp_can_send);
-+	if (!keep_key_fresh)
-+		goto out;
-+#ifdef __LP64__
-+	nonce = ck_pr_load_64(&current->kp_nonce_send);
-+#else
-+	rw_rlock(&current->kp_nonce_lock);
-+	nonce = current->kp_nonce_send;
-+	rw_runlock(&current->kp_nonce_lock);
-+#endif
-+	keep_key_fresh = nonce > REKEY_AFTER_MESSAGES;
-+	if (keep_key_fresh)
-+		goto out;
-+	keep_key_fresh = current->kp_is_initiator && noise_timer_expired(current->kp_birthdate, REKEY_AFTER_TIME, 0);
- 
-+out:
-+	NET_EPOCH_EXIT(et);
- 	return (keep_key_fresh ? ESTALE : 0);
- }
- 
-@@ -885,7 +905,17 @@ noise_keypair_encrypt(struct noise_keypair *kp, uint32_t *r_idx, uint64_t nonce,
- int
- noise_keypair_decrypt(struct noise_keypair *kp, uint64_t nonce, struct mbuf *m)
- {
--	if (ck_pr_load_64(&kp->kp_nonce_recv) >= REJECT_AFTER_MESSAGES ||
-+	uint64_t cur_nonce;
-+
-+#ifdef __LP64__
-+	cur_nonce = ck_pr_load_64(&kp->kp_nonce_recv);
-+#else
-+	rw_rlock(&kp->kp_nonce_lock);
-+	cur_nonce = kp->kp_nonce_recv;
-+	rw_runlock(&kp->kp_nonce_lock);
-+#endif
-+
-+	if (cur_nonce >= REJECT_AFTER_MESSAGES ||
- 	    noise_timer_expired(kp->kp_birthdate, REJECT_AFTER_TIME, 0))
- 		return (EINVAL);
- 
--- 
-cgit v1.2.3-11-g984f
-

net/wireguard-kmod/files/patch-e03bf597383cef7f16c41fa4952a6b04093e9e64

@@ -1,52 +0,0 @@
-From e03bf597383cef7f16c41fa4952a6b04093e9e64 Mon Sep 17 00:00:00 2001
-From: "Jason A. Donenfeld" <Jason@zx2c4.com>
-Date: Sun, 25 Apr 2021 10:45:39 -0400
-Subject: if_wg: re-add epoch tracking to transmit
-
-This was accidentally removed before. We need it to work around v6 core
-bugs.
-
-Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
----
- src/if_wg.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/src/if_wg.c b/src/if_wg.c
-index 095a4f37f8dc..0c2565ce56c0 100644
---- if_wg.c
-+++ if_wg.c
-@@ -2063,6 +2063,7 @@ error:
- static int
- wg_transmit(struct ifnet *ifp, struct mbuf *m)
- {
-+	struct epoch_tracker	 et;
- 	struct wg_packet	*pkt = m->m_pkthdr.PH_loc.ptr;
- 	struct wg_softc		*sc = ifp->if_softc;
- 	struct wg_peer		*peer;
-@@ -2070,6 +2071,7 @@ wg_transmit(struct ifnet *ifp, struct mbuf *m)
- 	int			 rc = 0;
- 	sa_family_t		 peer_af;
- 
-+	NET_EPOCH_ENTER(et);
- 	/* Work around lifetime issue in the ipv6 mld code. */
- 	if (__predict_false((ifp->if_flags & IFF_DYING) || !sc)) {
- 		rc = ENXIO;
-@@ -2109,11 +2111,15 @@ wg_transmit(struct ifnet *ifp, struct mbuf *m)
- 	wg_queue_push_staged(&peer->p_stage_queue, pkt);
- 	wg_peer_send_staged(peer);
- 	noise_remote_put(peer->p_remote);
-+	NET_EPOCH_EXIT(et);
-+
- 	return (0);
- err_peer:
- 	noise_remote_put(peer->p_remote);
- err:
- 	if_inc_counter(sc->sc_ifp, IFCOUNTER_OERRORS, 1);
-+	NET_EPOCH_EXIT(et);
-+	/* TODO: send ICMP unreachable? */
- 	wg_packet_free(pkt);
- 	return (rc);
- }
--- 
-cgit v1.2.3-11-g984f
-