Commit message (Collapse)AuthorAgeFilesLines
* Allow packet over-allocation on sendsr/api-improvementsSimon Rozman2021-04-133-7/+13
| | | | | | | | | | | Should client desire to prepare packets for Wintun inside the ring memory (e.g. to reduce memory copying), the final sending packet size is not always known at the WintunAllocateSendPacket() time. This commit modifies Wintun to calculate the packet size on delivery to NDIS. The packet size is derived from IPv4/IPv6 packet header. Signed-off-by: Simon Rozman <simon@rozman.si>
* Allow optional padding before and after layer 3 packetsSimon Rozman2021-04-136-61/+193
| | | | | | | | | | To avoid additional packet memory allocation and copy when sending or receiving packets, this commit introduces additional available space before and after layer 3 IPv4 or IPv6 packet in the Wintun rings. Wintun will ignore data in those areas. Requested-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Simon Rozman <simon@rozman.si>
* version: bump0.10.3Jason A. Donenfeld2021-04-131-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* vs: put .pdb files in the intermediate foldersSimon Rozman2021-04-131-0/+3
| | | | | | | | | | | | Wondering, why WinDbg is refusing to load symbols for wintun.sys recently... By default, building puts .pdb files to the output folder. Next to the final binaries: wintun.sys, wintun.dll, example.exe... Wait?! But the wintun.pdb from wintun.dll overwrites the wintun.pdb from wintun.sys then. Signed-off-by: Simon Rozman <simon@rozman.si>
* vs: remove api->wintun project dependencySimon Rozman2021-04-131-3/+0
| | | | | | | | | | | | | | | | | | | | The time stamping with Inf2Cat never makes the wintun output really "up- to-date". This keeps triggering wintun project rebuilds over and over again. Including all the projects depending on wintun. Thou, the api project really depends on the driver built by wintun project, those needless driver rebuilds are utterly annoying. To be correct, the amd64 api project also depends on the arm64 api project - a dependency which cannot be described using .sln. So, one way or another, a developer must build projects inside the .sln in a specific order. Another solution would be to split the solution file (pun intended). One .sln for driver, another for the api and example projects. Then open the one the developer is focused on. Signed-off-by: Simon Rozman <simon@rozman.si>
* api: log Windows error message too when creating folder or file failsSimon Rozman2021-04-131-2/+2
| | | | Signed-off-by: Simon Rozman <simon@rozman.si>
* api: fix fallback log line printf templateSimon Rozman2021-04-101-1/+1
| | | | Signed-off-by: Simon Rozman <simon@rozman.si>
* Fix © in resourcesSimon Rozman2021-03-192-0/+4
| | | | | | | | The \xa9 is © on Windows-125x code pages. When Wintun was compiled on a Windows computer using UTF-8 as default code page (for "non-Unicode" programs), the Copyright notice in resources was wrong. Signed-off-by: Simon Rozman <simon@rozman.si>
* project: add support for intermediate versioningSimon Rozman2021-03-194-13/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | While the Wintun driver is typically released only at <major>.<minor> milestones, the wintun.dll did see some intermediate releases. To make MSI logic correctly decide to upgrade local wintun.dll file, the version inscribed in wintun.dll file resources should increment in those intermediate releases. MSI ignores file timestamps. One could use REINSTALLMODE=emus Installer property to force copying wintun.dll when its version doesn't change. But REINSTALLMODE applies to all files in the MSI session and would be an additional requirement when authoring MSI packages with wintun.dll. Bumping only the final ZIP filename version is not sufficient. Therefore, a <major>.<minor> or <major>.<minor>.<build> versioning is introduced. Furthermore, we no longer distinguish between WintunVersion and WintunVersionStr. All our releases used strictly numeric <major>.<minor> notation, making WintunVersion and WintunVersionStr always the same. When the driver didn't change, just bump the version in wintun.proj and run `msbuild wintun.proj /t:Zip` to rebuild the wintun.dll and make the new ZIP file. Signed-off-by: Simon Rozman <simon@rozman.si>
* api: make .h filenames lowercase for building with MinGW on LinuxSimon Rozman2021-03-161-2/+2
| | | | | | | | MinGW supplies all Windows header files using lowercase filenames. This makes some of the #include lines in wintun.h fail to resolve the .h files correctly on a case-sensitive filesystem. Signed-off-by: Simon Rozman <simon@rozman.si>
* api: elevate to SYSTEM in WintunEnumAdapters()Simon Rozman2021-03-082-3/+21
| | | | | | | | | | | | | | The WintunEnumAdapters() requires namespace mutex. However, NamespaceTakePoolMutex() works as SYSTEM user only. WireGuard is using the WintunEnumAdapters() in its manager service to cleanup stale adapters. As the WireGuard manager service is running as SYSTEM, this requirement was not apparent before. This commit also extends the example project to list its existing adapters at start. Signed-off-by: Simon Rozman <simon@rozman.si>
* api: upgrade logging0.10.2Simon Rozman2021-02-1610-177/+431
| | | | | | | Log runtime information to quickly check whether the values are sane when analyzing error logs sent in by users. Signed-off-by: Simon Rozman <simon@rozman.si>
* api: tighten function parameter code analysis annotationsSimon Rozman2021-02-041-6/+5
| | | | Signed-off-by: Simon Rozman <simon@rozman.si>
* api: truncate long log lines with …Simon Rozman2021-02-041-3/+5
| | | | Signed-off-by: Simon Rozman <simon@rozman.si>
* api: unify NetCfgInstanceId registry retrievalSimon Rozman2021-02-041-26/+22
| | | | Signed-off-by: Simon Rozman <simon@rozman.si>
* README: document the Windows SDK version requirementSimon Rozman2021-02-041-1/+1
| | | | Signed-off-by: Simon Rozman <simon@rozman.si>
* api: ensure that device object exists before returning from open/create0.10.1Jason A. Donenfeld2021-02-031-13/+62
| | | | | | | | | | | | | | | | | Some users are seeing errors like this after rebooting from Windows Update: 2021-01-28 18:39:45.220197: [TUN] Creating Wintun interface 2021-01-28 18:39:49.420116: [TUN] [Wintun] CreateAdapter: Creating adapter 2021-01-28 18:39:53.704007: [TUN] [Wintun] OpenDeviceObject: Failed to connect to adapter: The system cannot find the path specified. (Code 0x00000003) 2021-01-28 18:39:53.704007: [TUN] [Wintun] WintunStartSession: Failed to open adapter device object 2021-01-28 18:39:54.097037: [TUN] Unable to create Wintun interface: Error starting session: The system cannot find the path specified. It appears that creation of the device object file might happen asynchronously, so this commit polls for it. Reported-by: Artem Kuroptev <artem@kuroptev.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: bump copyrightJason A. Donenfeld2021-01-3030-32/+32
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* api: use custom devpkey for poolJason A. Donenfeld2021-01-301-2/+28
| | | | | | | | | | It seems like the friendly name is still getting reset sometimes. Rather than swimming upstream, it turns out we can just use a custom devpkey that, according to msdn, is respected. https://docs.microsoft.com/en-us/windows-hardware/drivers/install/creating-custom-device-properties Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* api: close private namespace when unloading DLLJason A. Donenfeld2020-12-171-12/+16
| | | | | | | | | | | | | | Prior, people making calls to LoadLibrary/FreeLibrary would experience a failure to create or open adapters, because the private namespace was already loaded into the process and not cleaned up on DLL detachment. While this pattern is probably a misuse of the library, we should still support cleaning that up. This commit makes the right calls to free the boundary descriptor and close the private namespace. It does not, however, destroy the private namespace using the flag on the second parameter, in case of races with other processes. Reported-by: Brad Spencer <bspencer@blackberry.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* version: bump0.10Jason A. Donenfeld2020-12-161-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* project: license prebuilt binaries more permissivelyJason A. Donenfeld2020-12-163-2/+86
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: use IoAllocateMdl without being too cleverJason A. Donenfeld2020-12-151-8/+17
| | | | | | | | | | | | Windows 7 doesn't like our trick of sticking MDLs into the NBL context area. So we do things more traditionally, by allocating an MDL with IoAllocateMdl and freeing it with IoFreeMdl. This means that we have to keep track of the MDL between allocation and free time, and we don't have any more miniport reserved pointers left in the NBL. So instead we walk the MdlChain field of the first NB, and free the one that has an address living inside of the non-partial MDL. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: use partial MDL for slicing ring, rather than NB's DataOffsetJason A. Donenfeld2020-12-131-3/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Providing the DataOffset member of the NBL allocation function or setting that member in the NB header indicates to NDIS not only that the data starts at that offset, but that there's that amount of space *available for it to use as it wants* before that offset. This meant that NDIS was allowed to scribble data before the packet. This was bounded by the size of the ring, so there was never any risk of memory corruption, and since the ring is shared by userspace as well as the rest of the kernel, we've always taken care of reading from it closely, checking all values, and erroring out on corruption of the ring. So, if NDIS wrote before the first packet, this would wind up corrupting the RingTail and Alertable fields of the ring. The receiver thread would then notice this, error out, and set the RingHead to MAXULONG on its way out the door, so that userspace can detect it. And indeed wintun.dll then started returning EOF from its write function. Mostly this was not an issue, because we're not expecting for data to be pushed on the head of a packet on ingress. But WSL2's Hyper-V driver is actually pushing an ethernet header onto the front of the packet before passing it off to Linux. Practically speaking, this manifested itself in the RingTail and Alertable fields having Linux's MAC address! And then the adapter would be EOF'd. This was reported as happening after WSL2 sends the *first* packet, but not others, which makes sense, because it has to be at the beginning in order to corrupt those fields. This fixes the problem by simply using a new MDL for the span we want, instead of using the misunderstood DataOffset field. In order to not need to keep track of memory allocations, we allocate the MDL as part of the NBL's context area. And in order to avoid additional mappings, we use IoBuildPartialMdl, which returns an MDL_PARTIAL, which does not have an additional mapping that needs to be freed or unmapped. After making this change, WSL2 no longer appears to halt the adapter, and all works well. Fixes: be8d2cb ("Avoid allocating second MDL") Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: use localtime in inf2catStefan Rinkes2020-12-021-0/+1
| | | | | | | Otherwise the build fails at odd hours of the day. Signed-off-by: Stefan Rinkes <stefan.rinkes@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* api: delay load remaining dlls to work around forwarder gotchas0.9.2Jason A. Donenfeld2020-11-271-2/+2
| | | | | | | | | RtlGenRandom forwards to cryptbase.dll, which is not in KnownDlls. Therefore it's not a good idea to link to advapi32.dll at link time. How many other gotchas of unusual forwarded functions are there? I don't really want to find out. Therefore, delay load everything else. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* api: skip notifying driver when there are no receive packets yetSimon Rozman2020-11-271-3/+5
| | | | Signed-off-by: Simon Rozman <simon@rozman.si>
* api: allow header to be mitJason A. Donenfeld2020-11-271-1/+1
| | | | | | | This doesn't change much, but it does make it mildly more convenient plop this into mixed-use codebases. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* api: do not make dead gateway detection failures fatal0.9.1Jason A. Donenfeld2020-11-171-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* api: retry on ERROR_TRANSACTION_NOT_ACTIVE when disabling dead GW detectSimon Rozman2020-11-171-18/+27
| | | | | | | | There seems to be a race in the TCP/IP adapter registry key. Sometimes, the adapter TCP/IP key is created, but setting the value EnableDeadGWDetect fails with ERROR_TRANSACTION_NOT_ACTIVE. Signed-off-by: Simon Rozman <simon@rozman.si>
* api: remove useless lineJason A. Donenfeld2020-11-171-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* api: remove return value from logger functionJason A. Donenfeld2020-11-104-14/+6
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: do not allow compiler to reload PacketSizeJason A. Donenfeld2020-11-091-1/+1
| | | | | | | | In theory, the compiler could reload PacketSize after the bounds check but before it's passed to NdisAllocateNetBufferAndNetBufferList. In practice, it's not actually doing that, but better safe than sorry. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* version: bump0.9Jason A. Donenfeld2020-11-091-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* api: relax IsPoolMember estimationJason A. Donenfeld2020-11-091-27/+14
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* api: do not call UpdateDriverForPlugAndPlayDevicesWJason A. Donenfeld2020-11-092-13/+5
| | | | | | | This seems to reset a number of device properties, and our update flow seems to update old adapters without needing to call this. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* api: take pool mutex when deletingJason A. Donenfeld2020-11-091-1/+10
| | | | | | | This prevents us from racing with driver deletion. Mutexes are recursive, so we shouldn't deadlock if called from Enum. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* api: account for adapter disappearing during deletionJason A. Donenfeld2020-11-091-4/+6
| | | | | | This makes the race less fatal. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* api: manipulate process token if thread token didn't require impersonationJason A. Donenfeld2020-11-071-8/+11
| | | | | | Otherwise rundll32.exe fails if we're already SYSTEM. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* api: fix Function and Prefix logging orderSimon Rozman2020-11-071-1/+1
| | | | Signed-off-by: Simon Rozman <simon@rozman.si>
* api: fix LastError overrideSimon Rozman2020-11-071-3/+4
| | | | | | | | | The LastError was overridden by the stdout reader thread exit code masking the true reason why ExecuteRunDll32() failed and even worse: as the thread exited gracefully, the true reason was overridden by ERROR_SUCCESS and returning TRUE (success). Signed-off-by: Simon Rozman <simon@rozman.si>
* proj: use less scary caps for zip license fileJason A. Donenfeld2020-11-061-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* api: avoid loading version.dll if not usedJason A. Donenfeld2020-11-061-3/+14
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: move to subfolderSimon Rozman2020-11-0610-27/+24
| | | | Signed-off-by: Simon Rozman <simon@rozman.si>
* api: include arm64 in amd64Jason A. Donenfeld2020-11-053-3/+4
| | | | | | ARM64 will still run AMD64 apps. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* api: remove WintunOpenAdapterDeviceObjectJason A. Donenfeld2020-11-057-37/+14
| | | | | | | Discourage use of kernel interface, which gives us more flexibility if we ever want to change it. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* example: raise to 4MiBJason A. Donenfeld2020-11-052-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* api: rearrange wintun.h to have better grouping and improve docsJason A. Donenfeld2020-11-052-44/+45
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* api: rename WintunGetAdapter to WintunOpenAdapterJason A. Donenfeld2020-11-055-22/+22
| | | | | | "Create" and "Open" natural names for these. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* api: rename ReceiveRelease to ReleaseReceivePacketJason A. Donenfeld2020-11-055-17/+16
| | | | | | | | This makes the API parallel: Wintun*Allocate*SendPacket -> WintunSendPacket WintunReceivePacket -> Wintun*Release*ReceivePacket Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>