summaryrefslogtreecommitdiffstats
path: root/tun (follow)
Commit message (Collapse)AuthorAgeFilesLines
* tun: freebsd: avoid OOB writesJason A. Donenfeld2021-04-191-0/+7
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: freebsd: become controlling process when reopening tun FDJason A. Donenfeld2021-04-191-0/+10
| | | | | | | When we pass the TUN FD to the child, we have to call TUNSIFPID; otherwise when we close the device, we get a splat in dmesg. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: freebsd: restructure and cleanupJason A. Donenfeld2021-04-191-166/+66
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: freebsd: remove horrific hack for getting tunnel nameJason A. Donenfeld2021-04-191-84/+13
| | | | | | As of FreeBSD 12.1, there's TUNGIFNAME. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: freebsd: set IFF_MULTICAST for routing daemonsJason A. Donenfeld2021-04-181-4/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: freebsd: use broadcast mode instead of PPP modeJason A. Donenfeld2021-03-231-0/+17
| | | | | | It makes the routing configuration simpler. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: linux: do not spam events every second from hack listenerJason A. Donenfeld2021-03-111-6/+17
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: freebsd: allow empty namesKay Diam2021-03-081-16/+18
| | | | | | | | | This change allows omitting the tun interface name setting. When the name is not set, the kernel automatically picks up the tun name and index. Signed-off-by: Kay Diam <kay.diam@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* memmod: use resource functions from x/sysJason A. Donenfeld2021-03-084-266/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* memmod: do not use IsBadReadPtrJason A. Donenfeld2021-03-084-61/+1
| | | | | | It should be enough to check for the trailing zero name. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun/netstack: bump deps and apiJason A. Donenfeld2021-03-065-40/+257
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: remove TODO name graffitiJason A. Donenfeld2021-02-231-2/+2
| | | | | | | | | | Googlers have a habit of graffiting their name in TODO items that then are never addressed, and other people won't go near those because they're marked territory of another animal. I've been gradually cleaning these up as I see them, but this commit just goes all the way and removes the remaining stragglers. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* device: test up/down using virtual connJason A. Donenfeld2021-02-231-1/+0
| | | | | | This prevents port clashing bugs. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: make NativeTun.Close well behaved, not crash on double closeBrad Fitzpatrick2021-02-225-43/+62
| | | | Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
* global: stop using ioutilJason A. Donenfeld2021-02-172-4/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* device: return error from Up() and Down()Jason A. Donenfeld2021-02-101-1/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* rwcancel: add an explicit close callJason A. Donenfeld2021-02-091-0/+1
| | | | | | This lets us collect FDs even if the GC doesn't do it for us. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: use errors.Is for unwrappingJason A. Donenfeld2021-02-092-18/+6
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: bump copyrightJason A. Donenfeld2021-01-2824-24/+24
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: use %w for errors on linuxJason A. Donenfeld2021-01-271-9/+8
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* netstack: further sequester with own go.mod and go.sumJason A. Donenfeld2021-01-212-0/+400
| | | | | | | | In order to avoid even the flirtation with passing on these dependencies to ordinary consumers of wireguard-go, this commit makes a new go.mod that's entirely separate from the root one. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* netstack: introduce new module for gvisor tcp tun adapterJason A. Donenfeld2021-01-213-6/+106
| | | | | | | | | | | | | | The Go linker isn't smart enough to prevent gvisor from being pulled into modules that use other parts of tun/, due to the types exposed. So, we put this into its own standalone module. We use this as an opportunity to introduce some example code as well. I'm still not happy that this not only clutters this repo's go.sum, but all the other projects that consume it, but it seems like making a new module inside of this repo will lead to even greater confusion. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: fix fmt.Errorf format stringsJosh Bleecher Snyder2021-01-201-3/+3
| | | | | | | | | | | | Type tcpip.Error is not an error. I've filed https://github.com/google/gvisor/issues/5314 to fix this upstream. Until that is fixed, use %v instead of %w, to keep vet happy. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
* tun/wintun/memmod: gofmtJosh Bleecher Snyder2021-01-201-1/+1
| | | | Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
* tun/wintun/memmod: fix format verbJosh Bleecher Snyder2021-01-201-1/+1
| | | | | | Caught by 'go vet'. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
* tun: add tcpip stack tunnel abstractionJason A. Donenfeld2021-01-131-0/+816
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows people to initiate connections over WireGuard without any underlying operating system support. I'm not crazy about the trash it adds to go.sum, but the code this actually adds to the binaries seems contained to the gvisor repo. For the TCP/IP implementation, it uses gvisor. And it borrows some internals from the Go standard library's resolver in order to bring Dial and DialContext to tun_net, along with the LookupHost helper function. This allows for things like HTTP2-over-TLS to work quite well: package main import ( "io" "log" "net" "net/http" "golang.zx2c4.com/wireguard/device" "golang.zx2c4.com/wireguard/tun" ) func main() { tun, tnet, err := tun.CreateNetTUN([]net.IP{net.ParseIP("192.168.4.29")}, []net.IP{net.ParseIP("8.8.8.8"), net.ParseIP("8.8.4.4")}, 1420) if err != nil { log.Panic(err) } dev := device.NewDevice(tun, &device.Logger{log.Default(), log.Default(), log.Default()}) dev.IpcSet(`private_key=a8dac1d8a70a751f0f699fb14ba1cff7b79cf4fbd8f09f44c6e6a90d0369604f public_key=25123c5dcd3328ff645e4f2a3fce0d754400d3887a0cb7c56f0267e20fbf3c5b endpoint=163.172.161.0:12912 allowed_ip=0.0.0.0/0 `) dev.Up() client := http.Client{ Transport: &http.Transport{ DialContext: tnet.DialContext, }, } resp, err := client.Get("https://www.zx2c4.com/ip") if err != nil { log.Panic(err) } body, err := io.ReadAll(resp.Body) if err != nil { log.Panic(err) } log.Println(string(body)) } Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* memmod: apply explicit build tags to _32 and _64 filesJason A. Donenfeld2021-01-074-4/+4
| | | | | | | | | | Since _32 and _64 aren't valid goarchs, they don't match _GOOS_GOARCH, and so the existing tags wind up not being restricted to windows-only. This fixes the problem by adding windows to the tags explicitly. We could also fix it by calling the files _32_windows or _64_windows, but that changes the convention with the other single-arch files. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: make customization of WintunPool and requested GUID more obviousJason A. Donenfeld2021-01-071-10/+3
| | | | | | | | | | | Persnickety consumers can now do: func init() { tun.WintunPool, _ = wintun.MakePool("Flurp") tun.WintunStaticRequestedGUID, _ = windows.GUIDFromString("{5ae2716f-0b3e-4dc4-a8b5-48eba11a6e16}") } Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* all: use ++ to incrementJosh Bleecher Snyder2021-01-071-1/+1
| | | | | | Make the code slightly more idiomatic. No functional changes. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
* wintun: do not load dll in init()Jason A. Donenfeld2021-01-075-14/+21
| | | | | | | This prevents linking to wintun.dll until it's actually needed, which should improve startup time. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun/tuntest: make genICMPv4 allocate lessJosh Bleecher Snyder2021-01-071-8/+7
| | | | | | | It doesn't really matter, because it is only used in tests, but it does remove some noise from pprof profiles. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
* memmod: fix import loading function usageJason A. Donenfeld2020-11-273-26/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wintun: log when reboot is suggested by WindowsSimon Rozman2020-11-251-1/+5
| | | | | | | Which really shouldn't happen. But it is a useful information for troubleshooting. Signed-off-by: Simon Rozman <simon@rozman.si>
* wintun: keep original error when Wintun session start failsSimon Rozman2020-11-251-1/+1
| | | | Signed-off-by: Simon Rozman <simon@rozman.si>
* wintun: load from filesystem by defaultJason A. Donenfeld2020-11-113-39/+109
| | | | | | | | We let people loading this from resources opt in via: go build -tags load_wintun_from_rsrc Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: switch to using %w instead of %v for ErrorfJason A. Donenfeld2020-11-076-34/+34
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wintun: ring management moved to wintun.dllSimon Rozman2020-11-074-214/+147
| | | | | Signed-off-by: Simon Rozman <simon@rozman.si> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wintun: load wintun.dll from RCDATA resourceSimon Rozman2020-11-0717-1/+1575
| | | | | Signed-off-by: Simon Rozman <simon@rozman.si> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wintun: migrate to wintun.dll APISimon Rozman2020-11-0725-3711/+169
| | | | | | | | Rather than having every application using Wintun driver reinvent the wheel, the Wintun device/adapter/interface management has been moved from wireguard-go to wintun.dll deployed with Wintun itself. Signed-off-by: Simon Rozman <simon@rozman.si>
* tun: use SockaddrCtl from golang.org/x/sys/unix on macOSTobias Klauser2020-10-271-29/+6
| | | | | | | | | Direct syscalls using unix.Syscall(unix.SYS_*, ...) are discouraged on macOS and might not be supported in future versions. Switch to use unix.Connect with unix.SockaddrCtl instead. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: use Ioctl{Get,Set}IfreqMTU from golang.org/x/sys/unix on macOSTobias Klauser2020-10-271-35/+10
| | | | | | | | | Direct syscalls using unix.Syscall(unix.SYS_*, ...) are discouraged on macOS and might not be supported in future versions. Switch to use unix.Ioctl{Get,Set}IfreqMTU to get and set an interface's MTU. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: use IoctlCtlInfo from golang.org/x/sys/unix on macOSTobias Klauser2020-10-271-20/+6
| | | | | | | | | Direct syscalls using unix.Syscall(unix.SYS_*, ...) are discouraged on macOS and might not be supported in future versions. Switch to use unix.IoctlCtlInfo to get the kernel control info. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: use GetsockoptString in (*NativeTun).Name on macOSTobias Klauser2020-10-271-14/+6
| | | | | | | | | Direct syscalls using unix.Syscall(unix.SYS_*, ...) are discouraged on macOS and might not be supported in future versions. Instead, use the existing unix.GetsockoptString wrapper to get the interface name. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun/wintun/registry: fix Go 1.15 race/checkptr failureBrad Fitzpatrick2020-10-211-1/+1
| | | | | | Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> [Jason: ran go mod tidy.] Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: update header comments and modulesJason A. Donenfeld2020-05-0227-27/+27
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wintun: make remaining HWID comparisons case insensitiveSimon Rozman2020-05-021-2/+19
| | | | | | | | | | | | | | | | | c85e4a410f27986a2967a49c0155633c716bf3ca introduced preliminary HWID checking to speed up Wintun adapter enumeration. However, all HWID are case insensitive by Windows convention. Furthermore, a device might have multiple HWIDs. When DevInfo's DeviceRegistryProperty(SPDRP_HARDWAREID) method returns []string, all strings returned should be checked against given hardware ID. This issue was discovered when researching Wintun and wireguard-go on Windows 10 ARM64. The Wintun adapter was created using devcon.exe utility with "wintun" hardware ID, causing wireguard-go fail to enumerate the adapter properly. Signed-off-by: Simon Rozman <simon@rozman.si>
* setupapi: extend struct size constant definitions for arm(64)Simon Rozman2020-05-022-0/+4
| | | | Signed-off-by: Simon Rozman <simon@rozman.si>
* tun: return a better error message if /dev/net/tun doesn't existBrad Fitzpatrick2020-05-021-0/+3
| | | | | | | It was just returning "no such file or directory" (the String of the syscall.Errno returned by CreateTUN). Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
* tun: NetlinkListener: don't send EventDown before sending EventUpAvery Pennarun2020-05-021-1/+13
| | | | | | | | | | | | | | | | | | This works around a startup race condition when competing with HackListener, which is trying to do the same job. If HackListener detects that the tundev is running while there is still an event in the netlink queue that says it isn't running, then the device receives a string of events like EventUp (HackListener) EventDown (NetlinkListener) EventUp (NetlinkListener) Unfortunately, after the first EventDown, the device stops itself, thinking incorrectly that the administrator has downed its tundev. The device is ignoring the initial EventDown anyway, so just don't emit it. Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
* tuntest: split out testing packageDavid Crawshaw2020-05-021-0/+150
| | | | | | This code is useful to other packages writing tests. Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.