aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/conf (follow)
Commit message (Collapse)AuthorAgeFilesLines
* conf: flush file buffers before atomically renaming into placeJason A. Donenfeld2026-05-191-0/+1
| | | | | | | | | | NTFS journals the rename's metadata change but does not journal user data. Without an explicit flush a power loss between the cache manager publishing the rename and writing back the file's pages can leave the destination at its final name with zero or partial contents, while the prior file is gone. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: keep retrying when the config-directory watcher fails to startJason A. Donenfeld2026-05-191-2/+6
| | | | | | | | | | | | The watcher's setup is guarded by sync.Once, which is consumed the moment the goroutine is spawned. If tunnelConfigurationsDirectory or FindFirstChangeNotification fails on the first attempt the goroutine exits, but every subsequent RegisterStoreChangeCallback sees the Once already done and skips the spawn, so changes are silently never reported again. Retry these initial failures on the existing startover loop instead of bailing out. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: don't strip '#' from PreUp/PreDown/PostUp/PostDown valuesJason A. Donenfeld2026-05-191-12/+16
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: reject reserved names with any extensionJason A. Donenfeld2026-05-191-11/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: prevent directory traversal on bare tunnel namesJason A. Donenfeld2026-05-031-0/+3
| | | | | | | Not really reachable, but still this seems wrong not to check. DeleteName checks it. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: format codeJason A. Donenfeld2026-04-161-3/+3
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: properly deduplicate peersJason A. Donenfeld2026-04-161-1/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: reject tunnel names with leading or trailing dotsJason A. Donenfeld2026-04-161-1/+1
| | | | | | Windows is weird about these. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: redact scripts for limited operatorsJason A. Donenfeld2026-04-161-0/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: give redacted peers distinct public keysJason A. Donenfeld2026-04-161-0/+2
| | | | | | | | | ConfView keys its peer map by pubkey. Redact() zeros every peer's pubkey for non-admin callers, so a multi-peer config got collapsed into a single map entry, hiding all but one peer. Fix this by just encoding an index into each redacted pubkey. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: fix typo in failing testJason A. Donenfeld2026-04-161-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: use sync.Once for admin registry key initializationJason A. Donenfeld2026-04-161-11/+14
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: dpapi: handle nil outName after CryptUnprotectDataJason A. Donenfeld2026-04-161-0/+3
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager,conf: protect callback arrays with shared locksJason A. Donenfeld2026-04-162-9/+14
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: fix length calculation on rename operationJason A. Donenfeld2026-03-231-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This actually wasn't a problem before, because Windows ignores the length field when not renaming to an alternative data stream: FileName = lpFileInformation->FileName; if ( lpFileInformation->FileNameLength >= 2 && *FileName == ':' ) { FileNameLength = lpFileInformation->FileNameLength; Src.MaximumLength = FileNameLength; Src.Length = FileNameLength; Src.Buffer = lpFileInformation->FileName; } else { status = RtlDosPathNameToNtPathName_U_WithStatus(FileName, &Src, 0, 0); if ( status < 0 ) { v15 = status; LABEL_19: BaseSetLastNTError(v15); return 0; } FileNameLength = Src.Length; } Nonetheless, it's clear from this code (>=2) and the documentation that the length field is intended to be in bytes, not chars. So fix that. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: modernize go conventionsJason A. Donenfeld2026-03-182-15/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: bump dateJason A. Donenfeld2026-03-1816-16/+16
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* dpapi: remove stray test exeJason A. Donenfeld2022-01-171-0/+0
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: do not examine connectivity state at bootJason A. Donenfeld2022-01-173-65/+4
| | | | | | | | | | | | | It turns out that checking for internet connectivity is not really a reliable way of knowing whether the WSAHOST_NOT_FOUND is legitimate or not. So just give up on that approach, assume WSAHOST_NOT_FOUND is always illegitimate at boot, and loop for a long time. This might induce annoyances for admins who want to kill legitimate WSAHOST_NOT_FOUND services that keep trying again, but they'll just have to wait for two minutes. Reported-by: Simon Rozman <simon@rozman.si> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: bump dateJason A. Donenfeld2022-01-0617-17/+17
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: use strings.Cut where possibleJason A. Donenfeld2021-12-231-4/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: interface{} -> anyJason A. Donenfeld2021-12-161-3/+3
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: update to go 1.18 beta1Jason A. Donenfeld2021-12-165-9/+5
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: apply gofumptJason A. Donenfeld2021-12-097-17/+30
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* winipcfg: handle zones and make things use itJason A. Donenfeld2021-11-061-13/+9
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: switch to netipJason A. Donenfeld2021-11-065-132/+62
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* services: use more reliable method of detecting boot-upJason A. Donenfeld2021-10-262-3/+11
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: add retry loop to certain interface config failuresJason A. Donenfeld2021-10-211-1/+1
| | | | | | | I wish there was another way here, but we have too little control over Windows' boot sequence. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: remove wireguard-go/Wintun implementationJason A. Donenfeld2021-10-163-203/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: use unsafe.Add where possibleJason A. Donenfeld2021-10-122-3/+3
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: use unsafe.Slice instead of unsafeSliceJason A. Donenfeld2021-10-112-23/+5
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: always pass v4-sized v4 addressesJason A. Donenfeld2021-10-061-3/+6
| | | | | | | Otherwise we'll pass the v6 map prefix if addresses have been created with net.IPv4(). Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: prefer WireGuardNT over wireguard-go/WintunJason A. Donenfeld2021-09-121-45/+1
| | | | | | Also remove Wintun driver on startup. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: format with go 1.17Jason A. Donenfeld2021-09-091-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: use wgnt for those enrolled in insider programJason A. Donenfeld2021-09-091-1/+32
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: generate valid endpoint for ::1Jason A. Donenfeld2021-09-071-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: split registry key open and createSimon Rozman2021-08-131-2/+3
| | | | | | | | | | | | | | | On reading admin registry values, an on-demand auto creation of registry key is not required side effect. This restores openAdminKey() to original form, we will need anyway after the WireGuardNT call-for-testing promotion is no longer required. The GUI ExperimentalKernelDriver flipping also opened a caching registry key handle issue: should user manually delete our registry key while wireguard.exe is already running, any admin knob get fails. So, the sooner we get rid of the GUI admin knob flipping, the better. Signed-off-by: Simon Rozman <simon@rozman.si>
* conf: create registry key if it doesn't existJason A. Donenfeld2021-08-131-1/+1
| | | | | Reported-by: Pablo <contact@donpablo.me> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* ui: add visible knob for kernel testing [revert me please!]Jason A. Donenfeld2021-08-131-1/+13
| | | | | | | | | | I really, really hate visible knobs. But we need some way of getting wider testing of this, and a lot of people who are interested in dare devilish things might not to think to flip some registry knobs. Hopefully this commit will be reverted as soon as possible. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: make multiple tunnels mode automaticJason A. Donenfeld2021-08-131-0/+37
| | | | | | | | | Rather than having to set a registry knob to enable multiple tunnels, it is now automatic. If an additional activated tunnel has the same route subnets or interface IP addresses as a previous tunnel, that previous one is stopped. But if there's no overlap, then they coexist. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: break encapsulation and pass timestamp to ringloggerJason A. Donenfeld2021-08-081-0/+8
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: write tmp path in same directory as finalJason A. Donenfeld2021-08-051-1/+2
| | | | | Reported-by: Aelis Sagot <aelis.sagot@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: remove workaround for erroneous hasendpoint flagJason A. Donenfeld2021-08-041-1/+1
| | | | | | | | This reverts commit 22be5b26d95f8d8c32e5bf7dbca214f799cbc103. Fixed for wgnt 0.3. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: work around erroneous hasendpoint flagJason A. Donenfeld2021-08-031-1/+1
| | | | | | Revert me for wgnt 0.3. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: do not resolve empty endpointJason A. Donenfeld2021-08-031-0/+3
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: introduce new module for talking with kernel driverJason A. Donenfeld2021-08-023-9/+141
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: update storage test to follow changes in codeSimon Rozman2021-08-021-2/+6
| | | | Signed-off-by: Simon Rozman <simon@rozman.si>
* conf: forbid reserved names with extensionJason A. Donenfeld2021-08-021-5/+9
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: list unencrypted conf filesJason A. Donenfeld2021-06-251-6/+2
| | | | | | | | By ignoring unencrypted ones, the tunnel tracker would miss running configurations at startup. Reported-by: Станислав Мацак <smatsak@mail.ru> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: support turning off automatic routing tableJason A. Donenfeld2021-06-183-0/+21
| | | | | | | This supports the familiar "Table = off" syntax as on Linux, and then interprets other valid values as simply "on". Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>