aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* [WIP] device: run testns.sh from a Go test harnessdc/nstestDavid Crawshaw2020-05-031-0/+292
| | | | | | | | | | | | | | | objectives: - to make it easy to run these tests during go development (TODO: running sudo go test is weird, is there some alternative? does docker provide a namespace hole for normal users if it's installed?) - to make it easy to run some part of the script, e.g. just run the sticky sockets test without waiting on the prior iperf tests not clear yet if the shell-inside-go is worth it Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
* main: now that we're upstreamed, relax Linux warningJason A. Donenfeld2020-05-022-13/+11
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* README: specify go 1.13Jason A. Donenfeld2020-05-021-1/+1
| | | | | | | Due to the use of the new errors module, we now require at least 1.13 instead of 1.12. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: update header comments and modulesJason A. Donenfeld2020-05-0290-97/+98
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* ipc: deduplicate some unix-specific codeDavid Crawshaw2020-05-023-141/+65
| | | | | | | | Cleans up and splits out UAPIOpen to its own file. Signed-off-by: David Crawshaw <crawshaw@tailscale.com> [zx2c4: changed const to var for socketDirectory] Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* ipc: remove unnecessary error checkDavid Crawshaw2020-05-022-4/+2
| | | | | | os.MkdirAll never returns an os.IsExist error. Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
* device: use atomic access for unlocked keypair.nextJason A. Donenfeld2020-05-024-11/+23
| | | | | | | | | Go's GC semantics might not always guarantee the safety of this, and the race detector gets upset too, so instead we wrap this all in atomic accessors. Reported-by: David Anderson <danderson@tailscale.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wintun: make remaining HWID comparisons case insensitiveSimon Rozman2020-05-021-2/+19
| | | | | | | | | | | | | | | | | c85e4a410f27986a2967a49c0155633c716bf3ca introduced preliminary HWID checking to speed up Wintun adapter enumeration. However, all HWID are case insensitive by Windows convention. Furthermore, a device might have multiple HWIDs. When DevInfo's DeviceRegistryProperty(SPDRP_HARDWAREID) method returns []string, all strings returned should be checked against given hardware ID. This issue was discovered when researching Wintun and wireguard-go on Windows 10 ARM64. The Wintun adapter was created using devcon.exe utility with "wintun" hardware ID, causing wireguard-go fail to enumerate the adapter properly. Signed-off-by: Simon Rozman <simon@rozman.si>
* setupapi: extend struct size constant definitions for arm(64)Simon Rozman2020-05-022-0/+4
| | | | Signed-off-by: Simon Rozman <simon@rozman.si>
* device: add debug logs describing handshake rejectionAvery Pennarun2020-05-021-4/+8
| | | | | | | Useful in testing when bad network stacks repeat or batch large numbers of packets. Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
* tun: return a better error message if /dev/net/tun doesn't existBrad Fitzpatrick2020-05-021-0/+3
| | | | | | | It was just returning "no such file or directory" (the String of the syscall.Errno returned by CreateTUN). Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
* device: return generic error from Ipc{Get,Set}Operation.David Anderson2020-05-022-5/+16
| | | | | | | This makes uapi.go's public API conform to Go style in terms of error types. Signed-off-by: David Anderson <danderson@tailscale.com>
* tun: NetlinkListener: don't send EventDown before sending EventUpAvery Pennarun2020-05-021-1/+13
| | | | | | | | | | | | | | | | | | This works around a startup race condition when competing with HackListener, which is trying to do the same job. If HackListener detects that the tundev is running while there is still an event in the netlink queue that says it isn't running, then the device receives a string of events like EventUp (HackListener) EventDown (NetlinkListener) EventUp (NetlinkListener) Unfortunately, after the first EventDown, the device stops itself, thinking incorrectly that the administrator has downed its tundev. The device is ignoring the initial EventDown anyway, so just don't emit it. Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
* device: give handshake state a typeDavid Crawshaw2020-05-021-17/+38
| | | | | | And unexport handshake constants. Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
* tuntest: split out testing packageDavid Crawshaw2020-05-022-141/+155
| | | | | | This code is useful to other packages writing tests. Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
* tun: fix data race on name fieldBrad Fitzpatrick2020-05-021-13/+31
| | | | Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
* tun: remove unused isUp methodBrad Fitzpatrick2020-05-021-6/+0
| | | | Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
* conn: introduce new package that splits out the Bind and Endpoint typesDavid Crawshaw2020-05-0215-452/+562
| | | | | | | | | | The sticky socket code stays in the device package for now, as it reaches deeply into the peer list. This is the first step in an effort to split some code out of the very busy device package. Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
* wintun: split error message for create vs open namespace.Avery Pennarun2020-05-021-1/+4
| | | | Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
* device: add test to ensure Peer fields are safe for atomic access on 32-bitDavid Anderson2020-05-022-1/+48
| | | | | | | | | Adds a test that will fail consistently on 32-bit platforms if the struct ever changes again to violate the rules. This is likely not needed because unaligned access crashes reliably, but this will reliably fail even if tests accidentally pass due to lucky alignment. Signed-Off-By: David Anderson <danderson@tailscale.com>
* rwcancel: no-op builds for windows and darwinDavid Crawshaw2020-03-304-2/+17
| | | | | | | | This lets us include the package on those platforms in a followup commit where we split out a conn package from device. It also lets us run `go test ./...` when developing on macOS. Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
* ratelimiter: use a fake clock in tests and style cleanupsDavid Crawshaw2020-03-302-65/+88
| | | | | | | | | | | | | | | | | | | | | | The existing test would occasionally flake out with: --- FAIL: TestRatelimiter (0.12s) ratelimiter_test.go:99: Test failed for 127.0.0.1 , on: 7 ( not having refilled enough ) expected: false got: true FAIL FAIL golang.zx2c4.com/wireguard/ratelimiter 0.171s The fake clock also means the tests run much faster, so testing this package with -count=1000 now takes < 100ms. While here, several style cleanups. The most significant one is unembeding the sync.Mutex fields in the rate limiter objects. Embedded as they were, the lock methods were accessible outside the ratelimiter package. As they aren't needed externally, keep them internal to make them easier to reason about. Passes `go test -race -count=10000 ./ratelimiter` Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
* version: bump snapshot0.0.20200320Jason A. Donenfeld2020-03-201-1/+1
|
* noise: unify zero checking of ecdhJason A. Donenfeld2020-03-173-63/+49
|
* global: use RTMGRP_* consts from x/sys/unixTobias Klauser2020-03-174-5/+5
| | | | | | | | Update the golang.org/x/sys/unix dependency and use the newly introduced RTMGRP_* consts instead of using the corresponding RTNLGRP_* const to create a mask. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
* send: account for zero mtuJason A. Donenfeld2020-02-141-4/+12
| | | | Don't divide by zero.
* device: fix private key removal logicJason A. Donenfeld2020-02-041-13/+4
|
* uapi: allow unsetting device private key with /dev/nullJason A. Donenfeld2020-02-042-1/+10
|
* version: bump snapshot0.0.20200121Jason A. Donenfeld2020-01-211-1/+1
|
* tun: darwin: ignore ENOMEM errorsJason A. Donenfeld2020-01-151-1/+18
| | | | Coauthored-by: Andrej Mihajlov <and@mullvad.net>
* tun: windows: serialize write callsJason A. Donenfeld2020-01-071-0/+5
|
* README: update repo urlsJason A. Donenfeld2019-12-302-2/+2
|
* device: SendmsgN mutates the input sockaddrJason A. Donenfeld2019-11-281-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | So we take a new granular lock to prevent concurrent writes from racing. WARNING: DATA RACE Write at 0x00c0011f2740 by goroutine 27: golang.org/x/sys/unix.(*SockaddrInet4).sockaddr() /go/pkg/mod/golang.org/x/sys@v0.0.0-20191105231009-c1f44814a5cd/unix/syscall_linux.go:384 +0x114 golang.org/x/sys/unix.SendmsgN() /go/pkg/mod/golang.org/x/sys@v0.0.0-20191105231009-c1f44814a5cd/unix/syscall_linux.go:1304 +0x288 golang.zx2c4.com/wireguard/device.send4() /go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/conn_linux.go:485 +0x11f golang.zx2c4.com/wireguard/device.(*nativeBind).Send() /go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/conn_linux.go:268 +0x1d6 golang.zx2c4.com/wireguard/device.(*Peer).SendBuffer() /go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/peer.go:151 +0x285 golang.zx2c4.com/wireguard/device.(*Peer).SendHandshakeInitiation() /go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/send.go:163 +0x692 golang.zx2c4.com/wireguard/device.(*Device).RoutineReadFromTUN() /go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/send.go:318 +0x4b8 Previous write at 0x00c0011f2740 by goroutine 386: golang.org/x/sys/unix.(*SockaddrInet4).sockaddr() /go/pkg/mod/golang.org/x/sys@v0.0.0-20191105231009-c1f44814a5cd/unix/syscall_linux.go:384 +0x114 golang.org/x/sys/unix.SendmsgN() /go/pkg/mod/golang.org/x/sys@v0.0.0-20191105231009-c1f44814a5cd/unix/syscall_linux.go:1304 +0x288 golang.zx2c4.com/wireguard/device.send4() /go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/conn_linux.go:485 +0x11f golang.zx2c4.com/wireguard/device.(*nativeBind).Send() /go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/conn_linux.go:268 +0x1d6 golang.zx2c4.com/wireguard/device.(*Peer).SendBuffer() /go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/peer.go:151 +0x285 golang.zx2c4.com/wireguard/device.(*Peer).SendHandshakeInitiation() /go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/send.go:163 +0x692 golang.zx2c4.com/wireguard/device.expiredRetransmitHandshake() /go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/timers.go:110 +0x40c golang.zx2c4.com/wireguard/device.(*Peer).NewTimer.func1() /go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/timers.go:42 +0xd8 Goroutine 27 (running) created at: golang.zx2c4.com/wireguard/device.NewDevice() /go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/device.go:322 +0x5e8 main.main() /go/src/x/main.go:102 +0x58e Goroutine 386 (finished) created at: time.goFunc() /usr/local/go/src/time/sleep.go:168 +0x51 Reported-by: Ben Burkert <ben@benburkert.com>
* wintun: manage ring memory manuallyJason A. Donenfeld2019-11-222-7/+27
| | | | | It's large and Go's garbage collector doesn't deal with it especially well.
* constants: recalculate rekey max based on a one minute floodJason A. Donenfeld2019-10-301-1/+1
| | | | Discussed-with: Mathias Hall-Andersen <mathias@hall-andersen.dk>
* global: fix a few typos courtesy of codespellJonathan Tooker2019-10-225-10/+10
| | | | Signed-off-by: Jonathan Tooker <jonathan.tooker@netprotect.com>
* device: allow blackholing socketsJason A. Donenfeld2019-10-212-4/+14
|
* device: remove dead error reporting codeJason A. Donenfeld2019-10-211-4/+1
|
* namespaceapi: remove tasteless commentJason A. Donenfeld2019-10-211-1/+1
|
* device: recheck counters while holding write lockJason A. Donenfeld2019-10-171-2/+7
|
* wintun: normalize variable names for their typesJason A. Donenfeld2019-10-171-72/+72
|
* wintun: quickly ignore non-Wintun devicesAvery Pennarun2019-10-171-0/+18
| | | | | | | | | Some devices take ~2 seconds to enumerate on Windows if we try to get their instance name. The hardware id property, on the other hand, is available right away. Signed-off-by: Avery Pennarun <apenwarr@gmail.com> [zx2c4: inlined this to where it makes sense, reused setupapi const]
* tun: match windows CreateTUN signature to the Linux variantAvery Pennarun2019-10-172-5/+10
| | | | | Signed-off-by: Avery Pennarun <apenwarr@gmail.com> [zx2c4: fix default value]
* rwcancel: handle EINTR and EAGAIN in unixSelect()Avery Pennarun2019-10-171-2/+14
| | | | | | | | | | | | On my Chromebook (Linux 4.19.44 in a VM) and on an AWS EC2 machine, select() was sometimes returning EINTR. This is harmless and just means you should try again. So let's try again. This eliminates a problem where the tunnel fails to come up correctly and the program needs to be restarted. Signed-off-by: Avery Pennarun <apenwarr@gmail.com>
* device: test packets between two fake devicesDavid Crawshaw2019-10-161-29/+199
| | | | Signed-off-by: David Crawshaw <crawshaw@tailscale.io>
* version: bump snapshot0.0.20191012Jason A. Donenfeld2019-10-121-1/+1
|
* Makefile: remove v prefixJason A. Donenfeld2019-10-081-1/+1
|
* wintun: expose versionJason A. Donenfeld2019-10-082-1/+34
|
* uapi: allow preventing creation of new peers when updatingJason A. Donenfeld2019-10-041-1/+17
| | | | | | This enables race-free updates for wg-dynamic and similar tools. Suggested-by: Thomas Gschwantner <tharre3@gmail.com>
* mod: bump versionsJason A. Donenfeld2019-10-049-16/+16
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.