aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/conf (follow)
Commit message (Collapse)AuthorAgeFilesLines
* dpapi: remove stray test exeJason A. Donenfeld2022-01-171-0/+0
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: do not examine connectivity state at bootJason A. Donenfeld2022-01-173-65/+4
| | | | | | | | | | | | | It turns out that checking for internet connectivity is not really a reliable way of knowing whether the WSAHOST_NOT_FOUND is legitimate or not. So just give up on that approach, assume WSAHOST_NOT_FOUND is always illegitimate at boot, and loop for a long time. This might induce annoyances for admins who want to kill legitimate WSAHOST_NOT_FOUND services that keep trying again, but they'll just have to wait for two minutes. Reported-by: Simon Rozman <simon@rozman.si> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: bump dateJason A. Donenfeld2022-01-0617-17/+17
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: use strings.Cut where possibleJason A. Donenfeld2021-12-231-4/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: interface{} -> anyJason A. Donenfeld2021-12-161-3/+3
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: update to go 1.18 beta1Jason A. Donenfeld2021-12-165-9/+5
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: apply gofumptJason A. Donenfeld2021-12-097-17/+30
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* winipcfg: handle zones and make things use itJason A. Donenfeld2021-11-061-13/+9
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: switch to netipJason A. Donenfeld2021-11-065-132/+62
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* services: use more reliable method of detecting boot-upJason A. Donenfeld2021-10-262-3/+11
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: add retry loop to certain interface config failuresJason A. Donenfeld2021-10-211-1/+1
| | | | | | | I wish there was another way here, but we have too little control over Windows' boot sequence. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: remove wireguard-go/Wintun implementationJason A. Donenfeld2021-10-163-203/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: use unsafe.Add where possibleJason A. Donenfeld2021-10-122-3/+3
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: use unsafe.Slice instead of unsafeSliceJason A. Donenfeld2021-10-112-23/+5
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: always pass v4-sized v4 addressesJason A. Donenfeld2021-10-061-3/+6
| | | | | | | Otherwise we'll pass the v6 map prefix if addresses have been created with net.IPv4(). Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: prefer WireGuardNT over wireguard-go/WintunJason A. Donenfeld2021-09-121-45/+1
| | | | | | Also remove Wintun driver on startup. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: format with go 1.17Jason A. Donenfeld2021-09-091-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: use wgnt for those enrolled in insider programJason A. Donenfeld2021-09-091-1/+32
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: generate valid endpoint for ::1Jason A. Donenfeld2021-09-071-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: split registry key open and createSimon Rozman2021-08-131-2/+3
| | | | | | | | | | | | | | | On reading admin registry values, an on-demand auto creation of registry key is not required side effect. This restores openAdminKey() to original form, we will need anyway after the WireGuardNT call-for-testing promotion is no longer required. The GUI ExperimentalKernelDriver flipping also opened a caching registry key handle issue: should user manually delete our registry key while wireguard.exe is already running, any admin knob get fails. So, the sooner we get rid of the GUI admin knob flipping, the better. Signed-off-by: Simon Rozman <simon@rozman.si>
* conf: create registry key if it doesn't existJason A. Donenfeld2021-08-131-1/+1
| | | | | Reported-by: Pablo <contact@donpablo.me> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* ui: add visible knob for kernel testing [revert me please!]Jason A. Donenfeld2021-08-131-1/+13
| | | | | | | | | | I really, really hate visible knobs. But we need some way of getting wider testing of this, and a lot of people who are interested in dare devilish things might not to think to flip some registry knobs. Hopefully this commit will be reverted as soon as possible. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: make multiple tunnels mode automaticJason A. Donenfeld2021-08-131-0/+37
| | | | | | | | | Rather than having to set a registry knob to enable multiple tunnels, it is now automatic. If an additional activated tunnel has the same route subnets or interface IP addresses as a previous tunnel, that previous one is stopped. But if there's no overlap, then they coexist. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: break encapsulation and pass timestamp to ringloggerJason A. Donenfeld2021-08-081-0/+8
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: write tmp path in same directory as finalJason A. Donenfeld2021-08-051-1/+2
| | | | | Reported-by: Aelis Sagot <aelis.sagot@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: remove workaround for erroneous hasendpoint flagJason A. Donenfeld2021-08-041-1/+1
| | | | | | | | This reverts commit 22be5b26d95f8d8c32e5bf7dbca214f799cbc103. Fixed for wgnt 0.3. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: work around erroneous hasendpoint flagJason A. Donenfeld2021-08-031-1/+1
| | | | | | Revert me for wgnt 0.3. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: do not resolve empty endpointJason A. Donenfeld2021-08-031-0/+3
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: introduce new module for talking with kernel driverJason A. Donenfeld2021-08-023-9/+141
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: update storage test to follow changes in codeSimon Rozman2021-08-021-2/+6
| | | | Signed-off-by: Simon Rozman <simon@rozman.si>
* conf: forbid reserved names with extensionJason A. Donenfeld2021-08-021-5/+9
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: list unencrypted conf filesJason A. Donenfeld2021-06-251-6/+2
| | | | | | | | By ignoring unencrypted ones, the tunnel tracker would miss running configurations at startup. Reported-by: Станислав Мацак <smatsak@mail.ru> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: support turning off automatic routing tableJason A. Donenfeld2021-06-183-0/+21
| | | | | | | This supports the familiar "Table = off" syntax as on Linux, and then interprets other valid values as simply "on". Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: rewrite service arguments when migrating configsJason A. Donenfeld2021-06-181-4/+15
| | | | | | | | | | | If a service is installed already, it's a good idea to migrate its conf argument when migrating the file name, so that these don't get out of sync. We're already doing this when migrating from the legacy config store, so this is also an opportunity to clean up that code a bit and quit using regexes. Reported-by: Станислав Мацак <smatsak@mail.ru> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: merge {Pre,Post}{Up,Down} from uapiJason A. Donenfeld2021-03-051-0/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* build: port to arm64Jason A. Donenfeld2021-02-181-37/+3
| | | | | | | | | | We build Go from modified-source with a bootstrap version, rather than shipping so many patches in this repo. This commit also removes the previous WOW hacks, and goes back to strictly forbidding WOW. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: simplify ip casting in dns resolutionJason A. Donenfeld2021-02-011-8/+5
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: move away from ioutilJason A. Donenfeld2021-02-012-9/+22
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: don't sleep before failure in dns resolutionJason A. Donenfeld2021-02-011-2/+3
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: bump copyright dateJason A. Donenfeld2021-02-0117-17/+17
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: pipeline UAPI requestsJason A. Donenfeld2021-02-011-4/+11
| | | | | | This avoids the somewhat expensive pipe setup. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* updater,version: simplify code locationsJason A. Donenfeld2021-01-251-6/+6
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: move certain win32 APIs to x/sys/windowsJason A. Donenfeld2021-01-246-153/+27
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: rename migration to migration_windowsJason A. Donenfeld2021-01-041-0/+0
| | | | | | It's almost useful to have this module not require windows. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: separate out migration and print errorsJason A. Donenfeld2020-11-272-76/+89
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: move legacy store from confJason A. Donenfeld2020-11-273-137/+0
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: rework migration flows around a single Save()Jason A. Donenfeld2020-11-274-21/+14
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: when migrating, write out reserialized configJason A. Donenfeld2020-11-271-3/+4
| | | | | | This catches encoding gotchas earlier. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: open temporary file with read sharingJason A. Donenfeld2020-11-271-1/+1
| | | | | | | | | The reason we do the rename-in-place temporary file situation is to allow reads to be complete once renamed. But the rename takes place before the filehandle is closed, so make sure that the handle is opened with read sharing, in case this races. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: do exponential back off for sharing violation in hotfolderJason A. Donenfeld2020-11-273-12/+40
| | | | | | | | | | | | | | | | | Windows gives us notifications about writes to files in a directory, but it does not give us notifications on when file handles are closed and when we can expect to be able to grab a handle to it; this would be racey at best. So, there always exists a race between the writer's last call to WriteFile() and its eventual CloseHandle(). Work around this by implementing a basic exponential back off of retrying the open call. While we're at it, clean up the "file already exists" logic to remove a basic toctou situation, and switch to using random temp file names in order to handle better the case of saving a new file from two different administrators at once. Reported-by: Jim Salter <jim@jrs-s.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>