aboutsummaryrefslogtreecommitdiffstatshomepage
Commit message (Collapse)AuthorAgeFilesLines
* fetcher: add /noprompt switchHEADmasterSimon Rozman7 days1-2/+18
| | | | | | | | | | | | | | Deploying WireGuard MSI using Microsoft Endpoint Manager (aka MS Intune) falls short with poor Microsoft Endpoint Manager support: no ARM64 support, requires multiple per-architecture deployments... Fetcher proves super-useful for automating WireGuard install. It contains platform selection logic, MSI download, integrity check... However, automated installation is an unattended process and the wireguard-installer.exe must not block the process for any user prompts. Signed-off-by: Simon Rozman <simon@rozman.si>
* embeddable-dll-service: build: .gitignore outputsSimon Rozman2022-03-281-0/+4
| | | | Signed-off-by: Simon Rozman <simon@rozman.si>
* embeddable-dll-service: build: integrate tunnel.dll signingSimon Rozman2022-03-281-0/+7
| | | | Signed-off-by: Simon Rozman <simon@rozman.si>
* embeddable-dll-service: csharp: ensure double \0 terminationSimon Rozman2022-03-281-4/+1
| | | | Signed-off-by: Simon Rozman <simon@rozman.si>
* embeddable-dll-service: correctness in READMESimon Rozman2022-03-281-2/+3
| | | | Signed-off-by: Simon Rozman <simon@rozman.si>
* build: bump to go1.18Jason A. Donenfeld2022-03-164-15/+15
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Makefile: choose newest version of GoJason A. Donenfeld2022-01-181-1/+1
| | | | | | | | | | | | | Now that these are sorted properly, we can rely on the top one being the newest. Before, we assumed the last one was the newest, which was only true during betas and rcs, which required us to swap back and forth between the first one and the last one. But even then, the last one wouldn't always be the latest beta! So sometimes we had to change it to the second to last one. And on and on with madness. In other words, before the list was basically unsorted. But now that it's sorted, we can just use the top one always, which is what we want. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* dpapi: remove stray test exeJason A. Donenfeld2022-01-171-0/+0
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: do not examine connectivity state at bootJason A. Donenfeld2022-01-173-65/+4
| | | | | | | | | | | | | It turns out that checking for internet connectivity is not really a reliable way of knowing whether the WSAHOST_NOT_FOUND is legitimate or not. So just give up on that approach, assume WSAHOST_NOT_FOUND is always illegitimate at boot, and loop for a long time. This might induce annoyances for admins who want to kill legitimate WSAHOST_NOT_FOUND services that keep trying again, but they'll just have to wait for two minutes. Reported-by: Simon Rozman <simon@rozman.si> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: bump dateJason A. Donenfeld2022-01-06143-146/+146
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher: only write 32 bytes to hash outputJason A. Donenfeld2022-01-062-3/+3
| | | | | | | Current binaries overflow into `wchar_t total_bytes_str[22]`, which is not used anywhere after the overflow, so no harm done thankfully. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: use strings.Cut where possibleJason A. Donenfeld2021-12-234-12/+9
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* version: bumpv0.5.3Jason A. Donenfeld2021-12-221-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* docs: new code signing certificateJason A. Donenfeld2021-12-221-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: use syscall.SyscallNJason A. Donenfeld2021-12-164-19/+19
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* ringlogger: have caller cleanup inherited handle on failureJason A. Donenfeld2021-12-161-4/+1
| | | | | Reported-by: shuaidonga <1181157720@qq.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: interface{} -> anyJason A. Donenfeld2021-12-167-13/+13
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* build: omit build info from binaryJason A. Donenfeld2021-12-162-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: update to go 1.18 beta1Jason A. Donenfeld2021-12-1623-551/+27
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* build: remove patcherJason A. Donenfeld2021-12-142-6/+1
| | | | | | This should be easy to revert when we want to add it back. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: apply gofumptJason A. Donenfeld2021-12-0941-125/+140
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* build: update to go 1.17.4 and drop upstreamed patchesJason A. Donenfeld2021-12-028-288/+7
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* ui: only set "(out of date)" window title if admin userJason A. Donenfeld2021-11-261-1/+3
| | | | | | | | | Hopefully this scares users less, while keeping the update tab so that they still annoy their sysadmins to update. Reported-by: Bruno Andry <bandry@ut1.org> Discussed-with: Diab Neiroukh <lazerl0rd@thezest.dev> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* build: switch to go.devJason A. Donenfeld2021-11-252-3/+3
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* go-patches: support non-cooperative preemption on arm and arm64Jason A. Donenfeld2021-11-252-0/+124
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* mod: remove x/sys forkJason A. Donenfeld2021-11-245-20/+20
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: backout AddrFromSlice signature changeJason A. Donenfeld2021-11-114-11/+11
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* version: bumpv0.5.2Jason A. Donenfeld2021-11-081-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: check for WeakHostSend/Forwarding in pitfallsJason A. Donenfeld2021-11-084-3/+88
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* build: bump to go 1.17.3Jason A. Donenfeld2021-11-062-2/+3
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* go-patches: return correct nanosec param on arm64Jason A. Donenfeld2021-11-061-0/+81
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* go-patches: read nanotime in 1 instruction on 64bitJason A. Donenfeld2021-11-063-6/+200
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: add routes even when no corresponding addressJason A. Donenfeld2021-11-061-16/+3
| | | | | | | Apparently this works now, but it didn't used to. Reported-by: Christoph Loesch <wireguard-mail@chil.at> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* winipcfg: handle zones and make things use itJason A. Donenfeld2021-11-062-15/+23
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: switch to netipJason A. Donenfeld2021-11-0617-367/+260
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: cleanup legacy wintunJason A. Donenfeld2021-10-295-9/+63
| | | | | | | | | | It's not good to leave cruft around from the upgrade case when people want to uninstall, so we remove wintun in the uninstaller manually (without the help of wintun.dll, which we no longer ship). But also, so that we can eventually drop that code, we also remove it opportunistically when the manager starts. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher,winhttp: force TLS 1.2 on Win 8.0 and 7Jason A. Donenfeld2021-10-295-1/+38
| | | | | | | | On ancient Windows, we must opt-in to using TLS 1.2. Otherwise it only allows for TLS 1.0. And of course there's no TLS 1.3 support there at all. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* services: mark win7 code the same as elsewhereJason A. Donenfeld2021-10-291-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: use pre-seeded fastrandn instead of math.randJason A. Donenfeld2021-10-282-12/+5
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: delay boottime updates and simplifyJason A. Donenfeld2021-10-272-11/+28
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* embeddable-dll-service: update for new wgnt APIJason A. Donenfeld2021-10-272-8/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* version: official: remove stutterJason A. Donenfeld2021-10-271-3/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: align 64-bit argument on ARM32Jason A. Donenfeld2021-10-261-1/+5
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: pitfalls: cap virtio check to min 40 for ParallelsJason A. Donenfeld2021-10-261-1/+2
| | | | | | | | It looks like Parallels forked NetKVM from Red Hat and changed the versioning scheme, but kept the same driver name. So we skip the warning for a floor of v40. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* version: bumpv0.5.1Jason A. Donenfeld2021-10-261-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* ui: remove GOARCH from about dialogJason A. Donenfeld2021-10-261-1/+1
| | | | | | | | We don't support WOW, so architecture already has this. If we ever do support WOW, we should make architecture in the form of {native}/{runtime}, e.g. amd64/x86. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* mod: bump x/sys to private branchJason A. Donenfeld2021-10-263-6/+5
| | | | | | | Hopefully we can revert this when https://go-review.googlesource.com/c/sys/+/358394 is merged. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* services: use more reliable method of detecting boot-upJason A. Donenfeld2021-10-2610-55/+88
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* services: remove unused pipe path helperJason A. Donenfeld2021-10-261-7/+0
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: cleanup IPs when masks don't matchJason A. Donenfeld2021-10-261-9/+6
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>