<feed xmlns='http://www.w3.org/2005/Atom'>
<title>wireguard-go/tun, branch master</title>
<subtitle>Go implementation of WireGuard</subtitle>
<id>https://git.zx2c4.com/wireguard-go/atom/tun?h=master</id>
<link rel='self' href='https://git.zx2c4.com/wireguard-go/atom/tun?h=master'/>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-go/'/>
<updated>2026-05-22T21:04:24Z</updated>
<entry>
<title>tun: clear virtioNetHdr when deleting item from tcpGROTable</title>
<updated>2026-05-22T21:04:24Z</updated>
<author>
<name>Jordan Whited</name>
<email>jordan@tailscale.com</email>
</author>
<published>2026-05-20T22:43:17Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-go/commit/?id=ecfc5a8d54462e18e13c72173e2623d16d8e25a0'/>
<id>urn:sha1:ecfc5a8d54462e18e13c72173e2623d16d8e25a0</id>
<content type='text'>
Otherwise the deleted packet gets written to the TUN fd with an invalid
virtioNetHdr.

Fixes: 9e2f386 ("conn, device, tun: implement vectorized I/O on Linux")
Signed-off-by: Jordan Whited &lt;jordan@tailscale.com&gt;
Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>tun: darwin: fetch flags and mtu from if_msghdr directly</title>
<updated>2025-05-05T13:10:08Z</updated>
<author>
<name>ruokeqx</name>
<email>ruokeqx@gmail.com</email>
</author>
<published>2025-01-02T12:28:33Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-go/commit/?id=bc30fee374479c9a327285f77a06136d29884c07'/>
<id>urn:sha1:bc30fee374479c9a327285f77a06136d29884c07</id>
<content type='text'>
Signed-off-by: ruokeqx &lt;ruokeqx@gmail.com&gt;
Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>tun: use add-with-carry in checksumNoFold()</title>
<updated>2025-05-05T13:10:08Z</updated>
<author>
<name>Tu Dinh Ngoc</name>
<email>dinhngoc.tu@irit.fr</email>
</author>
<published>2024-06-20T13:28:38Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-go/commit/?id=b82c016264bf9b2089da1174795a8464f311eebf'/>
<id>urn:sha1:b82c016264bf9b2089da1174795a8464f311eebf</id>
<content type='text'>
Use parallel summation with native byte order per RFC 1071.
add-with-carry operation is used to add 4 words per operation.  Byteswap
is performed before and after checksumming for compatibility with old
`checksumNoFold()`.  With this we get a 30-80% speedup in `checksum()`
depending on packet sizes.

Add unit tests with comparison to a per-word implementation.

**Intel(R) Xeon(R) Silver 4210R CPU @ 2.40GHz**

| Size | OldTime | NewTime | Speedup  |
|------|---------|---------|----------|
| 64   | 12.64   | 9.183   | 1.376456 |
| 128  | 18.52   | 12.72   | 1.455975 |
| 256  | 31.01   | 18.13   | 1.710425 |
| 512  | 54.46   | 29.03   | 1.87599  |
| 1024 | 102     | 52.2    | 1.954023 |
| 1500 | 146.8   | 81.36   | 1.804326 |
| 2048 | 196.9   | 102.5   | 1.920976 |
| 4096 | 389.8   | 200.8   | 1.941235 |
| 8192 | 767.3   | 413.3   | 1.856521 |
| 9000 | 851.7   | 448.8   | 1.897727 |
| 9001 | 854.8   | 451.9   | 1.891569 |

**AMD EPYC 7352 24-Core Processor**

| Size | OldTime | NewTime | Speedup  |
|------|---------|---------|----------|
| 64   | 9.159   | 6.949   | 1.318031 |
| 128  | 13.59   | 10.59   | 1.283286 |
| 256  | 22.37   | 14.91   | 1.500335 |
| 512  | 41.42   | 24.22   | 1.710157 |
| 1024 | 81.59   | 45.05   | 1.811099 |
| 1500 | 120.4   | 68.35   | 1.761522 |
| 2048 | 162.8   | 90.14   | 1.806079 |
| 4096 | 321.4   | 180.3   | 1.782585 |
| 8192 | 650.4   | 360.8   | 1.802661 |
| 9000 | 706.3   | 398.1   | 1.774177 |
| 9001 | 712.4   | 398.2   | 1.789051 |

Signed-off-by: Tu Dinh Ngoc &lt;dinhngoc.tu@irit.fr&gt;
[Jason: simplified and cleaned up unit tests]
Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>tun/netstack: cleanup network stack at closing time</title>
<updated>2025-05-05T13:09:09Z</updated>
<author>
<name>Jason A. Donenfeld</name>
<email>Jason@zx2c4.com</email>
</author>
<published>2025-05-05T13:09:09Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-go/commit/?id=45916071ba13c8f6ec44dfc46bda0449d2d54a9f'/>
<id>urn:sha1:45916071ba13c8f6ec44dfc46bda0449d2d54a9f</id>
<content type='text'>
Colin's commit went a step further and protected tun.incomingPacket with
a lock on shutdown, but let's see if the tun.stack.Close() call actually
solves that on its own.

Suggested-by: kshangx &lt;hikeshang@hotmail.com&gt;
Suggested-by: Colin Adler &lt;colin1adler@gmail.com&gt;
Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>tun/netstack: remove usage of pkt.IsNil()</title>
<updated>2025-05-05T13:05:35Z</updated>
<author>
<name>Jason A. Donenfeld</name>
<email>Jason@zx2c4.com</email>
</author>
<published>2025-05-04T15:54:57Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-go/commit/?id=e3c1354d27f53462801e1b86b4275699a6f9fdac'/>
<id>urn:sha1:e3c1354d27f53462801e1b86b4275699a6f9fdac</id>
<content type='text'>
Since 3c75945fd ("netstack: remove PacketBuffer.IsNil()") this has been
invalid. Follow the replacement pattern of that commit.

The old definition inlined to the same code anyway:

 func (pk *PacketBuffer) IsNil() bool {
 	return pk == nil
 }

Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>global: bump copyright notice</title>
<updated>2025-05-05T13:05:35Z</updated>
<author>
<name>Jason A. Donenfeld</name>
<email>Jason@zx2c4.com</email>
</author>
<published>2025-05-04T15:48:53Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-go/commit/?id=9eb3221f1de589e5dd6a1721fdd7dc0fde0eb10b'/>
<id>urn:sha1:9eb3221f1de589e5dd6a1721fdd7dc0fde0eb10b</id>
<content type='text'>
Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>tun: implement UDP GSO/GRO for Linux</title>
<updated>2023-12-11T15:27:22Z</updated>
<author>
<name>Jordan Whited</name>
<email>jordan@tailscale.com</email>
</author>
<published>2023-11-01T02:53:35Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-go/commit/?id=d0bc03c707974a84a672716c718f99fab49e7eb8'/>
<id>urn:sha1:d0bc03c707974a84a672716c718f99fab49e7eb8</id>
<content type='text'>
Implement UDP GSO and GRO for the Linux tun.Device, which is made
possible by virtio extensions in the kernel's TUN driver starting in
v6.2.

secnetperf, a QUIC benchmark utility from microsoft/msquic@8e1eb1a, is
used to demonstrate the effect of this commit between two Linux
computers with i5-12400 CPUs. There is roughly ~13us of round trip
latency between them. secnetperf was invoked with the following command
line options:
-stats:1 -exec:maxtput -test:tput -download:10000 -timed:1 -encrypt:0

The first result is from commit 2e0774f without UDP GSO/GRO on the TUN.

[conn][0x55739a144980] STATS: EcnCapable=0 RTT=3973 us
SendTotalPackets=55859 SendSuspectedLostPackets=61
SendSpuriousLostPackets=59 SendCongestionCount=27
SendEcnCongestionCount=0 RecvTotalPackets=2779122
RecvReorderedPackets=0 RecvDroppedPackets=0
RecvDuplicatePackets=0 RecvDecryptionFailures=0
Result: 3654977571 bytes @ 2922821 kbps (10003.972 ms).

The second result is with UDP GSO/GRO on the TUN.

[conn][0x56493dfd09a0] STATS: EcnCapable=0 RTT=1216 us
SendTotalPackets=165033 SendSuspectedLostPackets=64
SendSpuriousLostPackets=61 SendCongestionCount=53
SendEcnCongestionCount=0 RecvTotalPackets=11845268
RecvReorderedPackets=25267 RecvDroppedPackets=0
RecvDuplicatePackets=0 RecvDecryptionFailures=0
Result: 15574671184 bytes @ 12458214 kbps (10001.222 ms).

Signed-off-by: Jordan Whited &lt;jordan@tailscale.com&gt;
Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>tun: fix Device.Read() buf length assumption on Windows</title>
<updated>2023-12-11T15:20:49Z</updated>
<author>
<name>Jordan Whited</name>
<email>jordan@tailscale.com</email>
</author>
<published>2023-11-08T22:06:20Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-go/commit/?id=1cf89f5339b549236f38ce5fbc40f7bf993d9626'/>
<id>urn:sha1:1cf89f5339b549236f38ce5fbc40f7bf993d9626</id>
<content type='text'>
The length of a packet read from the underlying TUN device may exceed
the length of a supplied buffer when MTU exceeds device.MaxMessageSize.

Reviewed-by: Brad Fitzpatrick &lt;bradfitz@tailscale.com&gt;
Signed-off-by: Jordan Whited &lt;jordan@tailscale.com&gt;
Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>go.mod,tun/netstack: bump gvisor</title>
<updated>2023-10-10T13:37:17Z</updated>
<author>
<name>James Tucker</name>
<email>james@tailscale.com</email>
</author>
<published>2023-09-27T23:15:09Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-go/commit/?id=42ec952eadc297efadc70b9911d5a59bcd2db4a6'/>
<id>urn:sha1:42ec952eadc297efadc70b9911d5a59bcd2db4a6</id>
<content type='text'>
Signed-off-by: James Tucker &lt;james@tailscale.com&gt;
Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>tun: fix crash when ForceMTU is called after close</title>
<updated>2023-10-10T13:37:17Z</updated>
<author>
<name>James Tucker</name>
<email>james@tailscale.com</email>
</author>
<published>2023-09-27T21:52:21Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-go/commit/?id=ec8f6f82c20c617a3ea94478f2b5e4d49c6d3c2c'/>
<id>urn:sha1:ec8f6f82c20c617a3ea94478f2b5e4d49c6d3c2c</id>
<content type='text'>
Close closes the events channel, resulting in a panic from send on
closed channel.

Reported-By: Brad Fitzpatrick &lt;brad@tailscale.com&gt;
Signed-off-by: James Tucker &lt;james@tailscale.com&gt;
Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
</feed>
