aboutsummaryrefslogtreecommitdiffstats
path: root/tun (follow)
Commit message (Collapse)AuthorAgeFilesLines
* tun/netstack: implement ICMP pingThomas H. Ptacek2022-02-012-24/+264
| | | | | | | | | | | | | | Provide a PacketConn interface for netstack's ICMP endpoint; netstack currently only provides EchoRequest/EchoResponse ICMP support, so this code exposes only an interface for doing ping. Currently is missing: - Write deadlines - Context support Signed-off-by: Thomas Ptacek <thomas@sockpuppet.org> [Jason: rework structure, match std go interfaces, add example code] Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: apply gofumptJason A. Donenfeld2021-12-095-14/+11
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: use netip where possible nowJason A. Donenfeld2021-11-236-72/+99
| | | | | | | | There are more places where we'll need to add it later, when Go 1.18 comes out with support for it in the "net" package. Also, allowedips still uses slices internally, which might be suboptimal. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: move wintun to its own repoJason A. Donenfeld2021-11-041-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* namedpipe: rename from winpipe to keep in sync with CL299009Jason A. Donenfeld2021-11-043-368/+0
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wintun: align 64-bit argument on ARM32Jason A. Donenfeld2021-10-261-1/+5
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun/netstack: update gvisorMikael Magnusson2021-10-223-22/+403
| | | | | | | | | | | | | Update gvisor to v0.0.0-20211020211948-f76a604701b6, which requires some changes to tun.go: WriteRawPacket: Add function with not implemented error. CreateNetTUN: Replace stack.AddAddress with stack.AddProtocolAddress, and fix IPv6 address in error message. Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wintun: allow retrieving DLL versionJason A. Donenfeld2021-10-202-1/+31
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wintun: remove memmod option for dll loadingJason A. Donenfeld2021-10-1613-1481/+39
| | | | | | Only wireguard-windows used this, and it's moving to wgnt exclusively. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: remove old-style build tagsJason A. Donenfeld2021-10-129-9/+0
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: add newer-style build tagsJason A. Donenfeld2021-10-124-0/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wintun: use new swdevice-based API for upcoming Wintun 0.14Jason A. Donenfeld2021-10-122-149/+61
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conn,wintun: use unsafe.Slice instead of unsafeSliceJason A. Donenfeld2021-10-111-20/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* memmod: import from wireguard-windowsJason A. Donenfeld2021-10-115-33/+95
| | | | | | | We'll eventually be getting rid of it here, but keep it sync'd up for now. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: make operateonfd.go build tags more specificTobias Klauser2021-09-231-2/+2
| | | | | | | | (*NativeTun).operateOnFd is only used on darwin and freebsd. Adjust the build tags accordingly. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: avoid leaking sock fd in CreateTUN error casesTobias Klauser2021-09-232-6/+11
| | | | | | | | At these points, the socket file descriptor is not yet wrapped in an *os.File, so it needs to be closed explicitly on error. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: add new go 1.17 build commentsJason A. Donenfeld2021-09-051-0/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* memmod: register exception handler tablesJason A. Donenfeld2021-08-052-0/+19
| | | | | | | | Otherwise recent WDK binaries fail on ARM64, where an exception handler is used for trapping an illegal instruction when ARMv8.1 atomics are being tested for functionality. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* memmod: fix protected delayed load the right wayJason A. Donenfeld2021-07-292-9/+13
| | | | | | | | | | | The reason this was failing before is that dloadsup.h's DloadObtainSection was doing a linear search of sections to find which header corresponds with the IMAGE_DELAYLOAD_DESCRIPTOR section, and we were stupidly overwriting the VirtualSize field, so the linear search wound up matching the .text section, which then it found to not be marked writable and failed with FAST_FAIL_DLOAD_PROTECTION_FAILURE. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* memmod: disable protected delayed load for nowJason A. Donenfeld2021-07-294-2/+155
| | | | | | | Probably a bad idea, but we don't currently support it, and those huge windows.NewCallback trampolines make juicer targets anyway. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: linux: account for interface removal from outsideJason A. Donenfeld2021-05-201-25/+28
| | | | | | | | On Linux we can run `ip link del wg0`, in which case the fd becomes stale, and we should exit. Since this is an intentional action, don't treat it as an error. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: formatJason A. Donenfeld2021-05-072-3/+3
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: windows: set event before waitingJason A. Donenfeld2021-05-071-18/+18
| | | | | | | | | | | In 097af6e ("tun: windows: protect reads from closing") we made sure no functions are running when End() is called, to avoid a UaF. But we still need to kick that event somehow, so that Read() is allowed to exit, in order to release the lock. So this commit calls SetEvent, while moving the closing boolean to be atomic so it can be modified without locks, and then moves to a WaitGroup for the RCU-like pattern. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: windows: rearrange struct to avoid alignment trap on 32bitJason A. Donenfeld2021-05-071-4/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: windows: check alignment in unit testJason A. Donenfeld2021-05-071-0/+67
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun/netstack: update go mod and remove GSO argumentJason A. Donenfeld2021-05-063-16/+18
| | | | | Reported-by: John Xiong <xiaoyang1258@yeah.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: windows: send MTU update when forced MTU changesJason A. Donenfeld2021-05-051-0/+4
| | | | | | Otherwise the padding doesn't get updated. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: windows: protect reads from closingJason A. Donenfeld2021-04-261-6/+19
| | | | | | | | | | | | The code previously used the old errors channel for checking, rather than the simpler boolean, which caused issues on shutdown, since the errors channel was meaningless. However, looking at this exposed a more basic problem: Close() and all the other functions that check the closed boolean can race. So protect with a basic RW lock, to ensure that Close() waits for all pending operations to complete. Reported-by: Joshua Sjoding <joshua.sjoding@scjalliance.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: freebsd: avoid OOB writesJason A. Donenfeld2021-04-191-0/+7
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: freebsd: become controlling process when reopening tun FDJason A. Donenfeld2021-04-191-0/+10
| | | | | | | When we pass the TUN FD to the child, we have to call TUNSIFPID; otherwise when we close the device, we get a splat in dmesg. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: freebsd: restructure and cleanupJason A. Donenfeld2021-04-191-166/+66
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: freebsd: remove horrific hack for getting tunnel nameJason A. Donenfeld2021-04-191-84/+13
| | | | | | As of FreeBSD 12.1, there's TUNGIFNAME. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: freebsd: set IFF_MULTICAST for routing daemonsJason A. Donenfeld2021-04-181-4/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: freebsd: use broadcast mode instead of PPP modeJason A. Donenfeld2021-03-231-0/+17
| | | | | | It makes the routing configuration simpler. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: linux: do not spam events every second from hack listenerJason A. Donenfeld2021-03-111-6/+17
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: freebsd: allow empty namesKay Diam2021-03-081-16/+18
| | | | | | | | | This change allows omitting the tun interface name setting. When the name is not set, the kernel automatically picks up the tun name and index. Signed-off-by: Kay Diam <kay.diam@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* memmod: use resource functions from x/sysJason A. Donenfeld2021-03-084-266/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* memmod: do not use IsBadReadPtrJason A. Donenfeld2021-03-084-61/+1
| | | | | | It should be enough to check for the trailing zero name. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun/netstack: bump deps and apiJason A. Donenfeld2021-03-065-40/+257
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: remove TODO name graffitiJason A. Donenfeld2021-02-231-2/+2
| | | | | | | | | | Googlers have a habit of graffiting their name in TODO items that then are never addressed, and other people won't go near those because they're marked territory of another animal. I've been gradually cleaning these up as I see them, but this commit just goes all the way and removes the remaining stragglers. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* device: test up/down using virtual connJason A. Donenfeld2021-02-231-1/+0
| | | | | | This prevents port clashing bugs. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: make NativeTun.Close well behaved, not crash on double closeBrad Fitzpatrick2021-02-225-43/+62
| | | | Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
* global: stop using ioutilJason A. Donenfeld2021-02-172-4/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* device: return error from Up() and Down()Jason A. Donenfeld2021-02-101-1/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* rwcancel: add an explicit close callJason A. Donenfeld2021-02-091-0/+1
| | | | | | This lets us collect FDs even if the GC doesn't do it for us. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: use errors.Is for unwrappingJason A. Donenfeld2021-02-092-18/+6
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: bump copyrightJason A. Donenfeld2021-01-2824-24/+24
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: use %w for errors on linuxJason A. Donenfeld2021-01-271-9/+8
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* netstack: further sequester with own go.mod and go.sumJason A. Donenfeld2021-01-212-0/+400
| | | | | | | | In order to avoid even the flirtation with passing on these dependencies to ordinary consumers of wireguard-go, this commit makes a new go.mod that's entirely separate from the root one. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* netstack: introduce new module for gvisor tcp tun adapterJason A. Donenfeld2021-01-213-6/+106
| | | | | | | | | | | | | | The Go linker isn't smart enough to prevent gvisor from being pulled into modules that use other parts of tun/, due to the types exposed. So, we put this into its own standalone module. We use this as an opportunity to introduce some example code as well. I'm still not happy that this not only clutters this repo's go.sum, but all the other projects that consume it, but it seems like making a new module inside of this repo will lead to even greater confusion. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.