aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* global: bump copyright yearHEADmasterJason A. Donenfeld2022-09-2075-75/+75
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun/netstack: ensure `(*netTun).incomingPacket` chan is closedColin Adler2022-09-201-0/+4
| | | | | | | Without this, `device.Close()` will deadlock. Signed-off-by: Colin Adler <colin1adler@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* all: use Go 1.19 and its atomic typesBrad Fitzpatrick2022-09-0420-288/+156
| | | | | Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun/netstack: remove separate moduleJason A. Donenfeld2022-08-294-33/+12
| | | | | | | Now that the gvisor deps aren't insane, we can just do this in the main module. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun/netstack: bump to latest gvisorShengjing Zhu2022-08-293-1031/+37
| | | | | | | | | | | To build with go1.19, gvisor needs 99325baf ("Bump gVisor build tags to go1.19"). However gvisor.dev/gvisor/pkg/tcpip/buffer is no longer available, so refactor to use gvisor.dev/gvisor/pkg/tcpip/link/channel directly. Signed-off-by: Shengjing Zhu <i@zhsj.me> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conn, device, tun: set CLOEXEC on fdsBrad Fitzpatrick2022-07-046-24/+36
| | | | | Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: use ByteSliceToString from golang.org/x/sys/unixTobias Klauser2022-06-011-6/+1
| | | | | | | | Use unix.ByteSliceToString in (*NativeTun).nameSlice to convert the TUNGETIFF ioctl result []byte to a string. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conn: remove the final alloc per packet receiveJosh Bleecher Snyder2022-04-071-16/+37
| | | | | | | | | | | | | | | | | | | | | | | | | This does bind_std only; other platforms remain. The remaining alloc per iteration in the Throughput benchmark comes from the tuntest package, and should not appear in regular use. name old time/op new time/op delta Latency-10 25.2µs ± 1% 25.0µs ± 0% -0.58% (p=0.006 n=10+10) Throughput-10 2.44µs ± 3% 2.41µs ± 2% ~ (p=0.140 n=10+8) name old alloc/op new alloc/op delta Latency-10 854B ± 5% 741B ± 3% -13.22% (p=0.000 n=10+10) Throughput-10 265B ±34% 267B ±39% ~ (p=0.670 n=10+10) name old allocs/op new allocs/op delta Latency-10 16.0 ± 0% 14.0 ± 0% -12.50% (p=0.000 n=10+10) Throughput-10 2.00 ± 0% 1.00 ± 0% -50.00% (p=0.000 n=10+10) name old packet-loss new packet-loss delta Throughput-10 0.01 ±82% 0.01 ±282% ~ (p=0.321 n=9+8) Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conn: use netip for std bindJason A. Donenfeld2022-03-171-26/+13
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* version: bump snapshot0.0.20220316Jason A. Donenfeld2022-03-161-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun/netstack: bump modJason A. Donenfeld2022-03-162-24/+17
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* mod: bump packages and remove compat netipJason A. Donenfeld2022-03-162-21/+9
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* all: use any in place of interface{}Josh Bleecher Snyder2022-03-164-15/+15
| | | | | | Enabled by using Go 1.18. A bit less verbose. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
* all: update to Go 1.18Josh Bleecher Snyder2022-03-1620-33/+23
| | | | | | | | | | Bump go.mod and README. Switch to upstream net/netip. Use strings.Cut. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
* tun/netstack: check error returned by SetDeadline()Alexander Neumann2022-03-091-1/+4
| | | | | | Signed-off-by: Alexander Neumann <alexander.neumann@redteam-pentesting.de> [Jason: don't wrap deadline error.] Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun/netstack: update to latest wireguard-goAlexander Neumann2022-03-093-24/+36
| | | | | | | | | This commit fixes all callsites of netip.AddrFromSlice(), which has changed its signature and now returns two values. Signed-off-by: Alexander Neumann <alexander.neumann@redteam-pentesting.de> [Jason: remove error handling from AddrFromSlice.] Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun/netstack: simplify read timeout on ping socketJason A. Donenfeld2022-02-021-43/+14
| | | | | | I'm not 100% sure this is correct, but it certainly is a lot simpler. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun/netstack: implement ICMP pingThomas H. Ptacek2022-02-022-24/+343
| | | | | | | | | | Provide a PacketConn interface for netstack's ICMP endpoint; netstack currently only provides EchoRequest/EchoResponse ICMP support, so this code exposes only an interface for doing ping. Signed-off-by: Thomas Ptacek <thomas@sockpuppet.org> [Jason: rework structure, match std go interfaces, add example code] Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* version: bump snapshot0.0.20220117Jason A. Donenfeld2022-01-171-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* ipc: bsd: try again if kqueue returns EINTRJason A. Donenfeld2022-01-141-1/+1
| | | | | Reported-by: J. Michael McAtee <mmcatee@jumptrading.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: apply gofumptJason A. Donenfeld2021-12-0928-71/+56
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* device: handle peer post config on blank lineJason A. Donenfeld2021-11-291-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We missed a function exit point. This was exacerbated by e3134bf ("device: defer state machine transitions until configuration is complete"), but the bug existed prior. Minus provided the following useful reproducer script: #!/usr/bin/env bash set -eux make wireguard-go || exit 125 ip netns del test-ns || true ip netns add test-ns ip link add test-kernel type wireguard wg set test-kernel listen-port 0 private-key <(echo "QMCfZcp1KU27kEkpcMCgASEjDnDZDYsfMLHPed7+538=") peer "eDPZJMdfnb8ZcA/VSUnLZvLB2k8HVH12ufCGa7Z7rHI=" allowed-ips 10.51.234.10/32 ip link set test-kernel netns test-ns up ip -n test-ns addr add 10.51.234.1/24 dev test-kernel port=$(ip netns exec test-ns wg show test-kernel listen-port) ip link del test-go || true ./wireguard-go test-go wg set test-go private-key <(echo "WBM7qimR3vFk1QtWNfH+F4ggy/hmO+5hfIHKxxI4nF4=") peer "+nj9Dkqpl4phsHo2dQliGm5aEiWJJgBtYKbh7XjeNjg=" allowed-ips 0.0.0.0/0 endpoint 127.0.0.1:$port ip addr add 10.51.234.10/24 dev test-go ip link set test-go up ping -c2 -W1 10.51.234.1 Reported-by: minus <minus@mnus.de> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* device: reduce peer lock critical section in UAPIJosh Bleecher Snyder2021-11-231-26/+28
| | | | | | | | | The deferred RUnlock calls weren't executing until all peers had been processed. Add an anonymous function so that each peer may be unlocked as soon as it is completed. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* device: remove code using unsafeJosh Bleecher Snyder2021-11-231-33/+13
| | | | | | | | | | | | | There is no performance impact. name old time/op new time/op delta TrieIPv4Peers100Addresses1000-8 78.6ns ± 1% 79.4ns ± 3% ~ (p=0.604 n=10+9) TrieIPv4Peers10Addresses10-8 29.1ns ± 2% 28.8ns ± 1% -1.12% (p=0.014 n=10+9) TrieIPv6Peers100Addresses1000-8 78.9ns ± 1% 78.6ns ± 1% ~ (p=0.492 n=10+10) TrieIPv6Peers10Addresses10-8 29.3ns ± 2% 28.6ns ± 2% -2.16% (p=0.000 n=10+10) Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: use netip where possible nowJason A. Donenfeld2021-11-2322-285/+247
| | | | | | | | There are more places where we'll need to add it later, when Go 1.18 comes out with support for it in the "net" package. Also, allowedips still uses slices internally, which might be suboptimal. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* device: only propagate roaming value before peer is referenced elsewhereJason A. Donenfeld2021-11-161-1/+3
| | | | | | | | | A peer.endpoint never becomes nil after being not-nil, so creation is the only time we actually need to set this. This prevents a race from when the variable is actually used elsewhere, and allows us to avoid an expensive atomic. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* device: align 64-bit atomic member in DeviceJason A. Donenfeld2021-11-161-5/+6
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* device: start peers before running handshake testJason A. Donenfeld2021-11-161-0/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Makefile: don't use test -v because it hides failures in scrollbackJason A. Donenfeld2021-11-161-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* device: fix nil pointer dereference in uapi readDavid Anderson2021-11-161-2/+2
| | | | | Signed-off-by: David Anderson <danderson@tailscale.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* device: make new peers inherit broken mobile semanticsJason A. Donenfeld2021-11-153-0/+5
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* device: defer state machine transitions until configuration is completeJason A. Donenfeld2021-11-153-15/+18
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* device: do not consume handshake messages if not runningJason A. Donenfeld2021-11-151-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: move wintun to its own repoJason A. Donenfeld2021-11-043-7/+10
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* namedpipe: rename from winpipe to keep in sync with CL299009Jason A. Donenfeld2021-11-047-475/+132
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* device: timers: use pre-seeded per-thread unlocked fastrandn for jitterJason A. Donenfeld2021-10-281-10/+5
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* device: timers: seed unsafe rng before use for jitterJason A. Donenfeld2021-10-281-3/+11
| | | | | | | Forgetting to seed the unsafe rng, the jitter before followed a fixed pattern, which didn't help when a fleet of computers all boot at once. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wintun: align 64-bit argument on ARM32Jason A. Donenfeld2021-10-261-1/+5
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* README: raise minimum Go to 1.17Jason A. Donenfeld2021-10-251-1/+1
| | | | | Suggested-by: Adam Bliss <abliss@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun/netstack: update gvisorMikael Magnusson2021-10-223-22/+403
| | | | | | | | | | | | | Update gvisor to v0.0.0-20211020211948-f76a604701b6, which requires some changes to tun.go: WriteRawPacket: Add function with not implemented error. CreateNetTUN: Replace stack.AddAddress with stack.AddProtocolAddress, and fix IPv6 address in error message. Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* ipc, rwcancel: compile on js/wasmBrad Fitzpatrick2021-10-203-1/+18
| | | | Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
* wintun: allow retrieving DLL versionJason A. Donenfeld2021-10-204-7/+37
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* version: bump snapshot0.0.20211016Jason A. Donenfeld2021-10-161-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wintun: remove memmod option for dll loadingJason A. Donenfeld2021-10-1613-1481/+39
| | | | | | Only wireguard-windows used this, and it's moving to wgnt exclusively. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: remove old-style build tagsJason A. Donenfeld2021-10-1224-24/+0
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: add newer-style build tagsJason A. Donenfeld2021-10-127-0/+7
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wintun: use new swdevice-based API for upcoming Wintun 0.14Jason A. Donenfeld2021-10-122-149/+61
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conn,wintun: use unsafe.Slice instead of unsafeSliceJason A. Donenfeld2021-10-112-41/+3
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* memmod: import from wireguard-windowsJason A. Donenfeld2021-10-116-34/+96
| | | | | | | We'll eventually be getting rid of it here, but keep it sync'd up for now. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* rwcancel: use unix.Poll again but bump x/sys so it uses ppoll under the hoodJason A. Donenfeld2021-09-275-54/+14
| | | | | | | This reverts commit fcc601dbf0f6b626ec1d47a880cbe64f9c8fe385 but then bumps go.mod. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>