aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--device/device.go17
-rw-r--r--device/noise-types.go9
-rw-r--r--device/send.go16
-rw-r--r--device/uapi.go2
-rw-r--r--device/version.go2
-rw-r--r--tun/tun_darwin.go19
6 files changed, 45 insertions, 20 deletions
diff --git a/device/device.go b/device/device.go
index 569c5a8..0b909a7 100644
--- a/device/device.go
+++ b/device/device.go
@@ -236,23 +236,14 @@ func (device *Device) SetPrivateKey(sk NoisePrivateKey) error {
// do static-static DH pre-computations
- rmKey := device.staticIdentity.privateKey.IsZero()
-
expiredPeers := make([]*Peer, 0, len(device.peers.keyMap))
- for key, peer := range device.peers.keyMap {
+ for _, peer := range device.peers.keyMap {
handshake := &peer.handshake
-
- if rmKey {
- handshake.precomputedStaticStatic = [NoisePublicKeySize]byte{}
- } else {
- handshake.precomputedStaticStatic = device.staticIdentity.privateKey.sharedSecret(handshake.remoteStatic)
- }
-
+ handshake.precomputedStaticStatic = device.staticIdentity.privateKey.sharedSecret(handshake.remoteStatic)
if isZero(handshake.precomputedStaticStatic[:]) {
- unsafeRemovePeer(device, peer, key)
- } else {
- expiredPeers = append(expiredPeers, peer)
+ panic("an invalid peer public key made it into the configuration")
}
+ expiredPeers = append(expiredPeers, peer)
}
for _, peer := range lockedPeers {
diff --git a/device/noise-types.go b/device/noise-types.go
index 6b1f16f..a1976ff 100644
--- a/device/noise-types.go
+++ b/device/noise-types.go
@@ -52,6 +52,15 @@ func (key *NoisePrivateKey) FromHex(src string) (err error) {
return
}
+func (key *NoisePrivateKey) FromMaybeZeroHex(src string) (err error) {
+ err = loadExactHex(key[:], src)
+ if key.IsZero() {
+ return
+ }
+ key.clamp()
+ return
+}
+
func (key NoisePrivateKey) ToHex() string {
return hex.EncodeToString(key[:])
}
diff --git a/device/send.go b/device/send.go
index 72633be..9e29d77 100644
--- a/device/send.go
+++ b/device/send.go
@@ -515,10 +515,18 @@ func (device *Device) RoutineEncryption() {
// pad content to multiple of 16
mtu := int(atomic.LoadInt32(&device.tun.mtu))
- lastUnit := len(elem.packet) % mtu
- paddedSize := (lastUnit + PaddingMultiple - 1) & ^(PaddingMultiple - 1)
- if paddedSize > mtu {
- paddedSize = mtu
+ var paddedSize int
+ if mtu == 0 {
+ paddedSize = (len(elem.packet) + PaddingMultiple - 1) & ^(PaddingMultiple - 1)
+ } else {
+ lastUnit := len(elem.packet)
+ if lastUnit > mtu {
+ lastUnit %= mtu
+ }
+ paddedSize := (lastUnit + PaddingMultiple - 1) & ^(PaddingMultiple - 1)
+ if paddedSize > mtu {
+ paddedSize = mtu
+ }
}
for i := len(elem.packet); i < paddedSize; i++ {
elem.packet = append(elem.packet, 0)
diff --git a/device/uapi.go b/device/uapi.go
index 999eeb5..72611ab 100644
--- a/device/uapi.go
+++ b/device/uapi.go
@@ -138,7 +138,7 @@ func (device *Device) IpcSetOperation(socket *bufio.Reader) *IPCError {
switch key {
case "private_key":
var sk NoisePrivateKey
- err := sk.FromHex(value)
+ err := sk.FromMaybeZeroHex(value)
if err != nil {
logError.Println("Failed to set private_key:", err)
return &IPCError{ipc.IpcErrorInvalid}
diff --git a/device/version.go b/device/version.go
index 326b9a9..96d3521 100644
--- a/device/version.go
+++ b/device/version.go
@@ -1,3 +1,3 @@
package device
-const WireGuardGoVersion = "0.0.20191012"
+const WireGuardGoVersion = "0.0.20200121"
diff --git a/tun/tun_darwin.go b/tun/tun_darwin.go
index 6d2e6dd..f19a7df 100644
--- a/tun/tun_darwin.go
+++ b/tun/tun_darwin.go
@@ -11,6 +11,7 @@ import (
"net"
"os"
"syscall"
+ "time"
"unsafe"
"golang.org/x/net/ipv6"
@@ -42,6 +43,22 @@ type NativeTun struct {
var sockaddrCtlSize uintptr = 32
+func retryInterfaceByIndex(index int) (iface *net.Interface, err error) {
+ for i := 0; i < 20; i++ {
+ iface, err = net.InterfaceByIndex(index)
+ if err != nil {
+ if opErr, ok := err.(*net.OpError); ok {
+ if syscallErr, ok := opErr.Err.(*os.SyscallError); ok && syscallErr.Err == syscall.ENOMEM {
+ time.Sleep(time.Duration(i) * time.Second / 3)
+ continue
+ }
+ }
+ }
+ return iface, err
+ }
+ return nil, err
+}
+
func (tun *NativeTun) routineRouteListener(tunIfindex int) {
var (
statusUp bool
@@ -74,7 +91,7 @@ func (tun *NativeTun) routineRouteListener(tunIfindex int) {
continue
}
- iface, err := net.InterfaceByIndex(ifindex)
+ iface, err := retryInterfaceByIndex(ifindex)
if err != nil {
tun.errors <- err
return