mahkoh/wireguard

The command is

wg set <device> [...] transit-netns <pid|file-path> [...]

For example:

wg set wg0 transit-netns 1
wg set wg0 transit-netns /proc/1/ns/net

The user can now use

wg --netns <pid|file-path> <subcommand>

to specify the network namespace in which wg should act. This sets the
attribute WGDEVICE_A_DEV_NETNS_PID or WGDEVICE_A_DEV_NETNS_FD.

In the case of

wg --netns <pid|file-path> show all

we have to try to enter the network namespace because the kernel
interface does not allow us to list devices in a network namespace
referenced by pid or fd. Since entering a network namespace requires
CAP_SYS_ADMIN in the current user namespace and the target user
namespace, this is almost useless. TODO: Add the missing functionality
to the kernel.

This commit adds two new attributes of which at most one may be
provided:

* WGDEVICE_A_TRANSIT_NETNS_PID: NLA_U32
* WGDEVICE_A_TRANSIT_NETNS_FD: NLA_U32

The transit namespace is then set to this namespace. The caller must
either be in this namespace or have CAP_NET_ADMIN in it.

This eliminates the need for have_transit_net_ref because
have_transit_net_ref == true if and only if dev_net != transit_net.

To interact with the UDP socket the caller must either be in the
network namespace of the socket or have CAP_NET_ADMIN in that network
namespace.

This commit adds two new attributes of which at most one may be
provided:

 * WGDEVICE_A_DEV_NETNS_PID: NLA_U32
 * WGDEVICE_A_DEV_NETNS_FD: NLA_U32

The Wireguard device is then looked up in this namespace instead of the
namespace of the netlink socket.

`set_port` in netlink.c races with `open` in device.c. This can cause
the following code flow:

* thread 1: set_port: device is not up
* thread 2: device is opened
* thread 2: open: called and calls socket_init with the original port
* thread 1: set_port: sets incoming_port to the new port and returns

incoming_port is then inconsistent. While this is not particularly
critical, it will become more critial when ste_port also sets the
transit namespace.

Pros: clearer if you're not familiar with the shift idiom, uses kernel
macro.

Cons: doesn't work any more if the lvalue ever ceases to be a bool.

Neutral: generates the same machine code.

Suggested-by: Sultan Alsawaf <sultanxda@gmail.com>

Or, put differently, we don't want to go chasing down random versions of
clang used by XDA users, so we just disable this checking on clang all
together.

Android kernels backported it, complicating things.

This is done by 259 other files in the kernel tree:

    linux $ rg '#include.*\.c' -l | wc -l
    259

Suggested-by: Sultan Alsawaf <sultanxda@gmail.com>

Suggested-by: Toke Høiland-Jørgensen <toke@toke.dk>
Suggested-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>

…ance

Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

This uses ELFv2 ABI, which is the only ppc64 ABI musl supports. Big
endian uses ELFv1 ABI, which musl doesn't support.

We can't do SMP this way, and we also fall back to using the default N32
ABI, which is a bummer. But the mips64r6 toolchain is too much of a
hassle to build with Gentoo's crossdev, and at least this works.

Suggested-by: Andrew Lunn <andrew@lunn.ch>