aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/manager (follow)
Commit message (Collapse)AuthorAgeFilesLines
* manager: tear down the event reader on partial decode failureJason A. Donenfeld2026-05-191-12/+12
| | | | | | | | | | | gob is positional; continue on a half-read value leaves the decoder mid-payload, and the next iteration reads what follows as if it were a new NotificationType. Return on any Decode error and let the pipe close take down the reader. The empty-tunnel-name check has to move below all four field decodes for the same reason, or it desyncs the stream just like the failure path used to. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: tidy up leak and dead lock-thread defer in session loopJason A. Donenfeld2026-05-191-2/+6
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: skip the handle list attribute when no handles are suppliedJason A. Donenfeld2026-05-191-3/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: release driver adapter on tunnel stopJason A. Donenfeld2026-05-192-0/+6
| | | | | | | | | | | | | | | releaseDriverAdapter was only called from the RuntimeConfig error path, so a cleanly-running tunnel never had its cached *Adapter dropped from the map. The finalizer attached in OpenAdapter couldn't reach it, and the kernel handle leaked. A restart of the same tunnel then kept hitting stale-handle errors against the surviving cache entry. Fix this by calling releaseDriverAdapter from tunneltracker on every TunnelStopped transition, and closing the adapter inside releaseDriverAdapter under the per-adapter lock. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: remove wintun legacy cleanupJason A. Donenfeld2026-04-191-2/+0
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager,conf: protect callback arrays with shared locksJason A. Donenfeld2026-04-161-5/+50
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: close previously created pipes on os.Pipe failureJason A. Donenfeld2026-04-161-0/+6
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: keep alive service state object until after unsubscriptionJason A. Donenfeld2026-04-161-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: improve service stop waiting loopsJason A. Donenfeld2026-04-162-4/+11
| | | | | | Don't close nil services. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: return right error if os.Executable() failsJason A. Donenfeld2026-04-161-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: check for disabled service properlyJason A. Donenfeld2026-04-161-1/+1
| | | | | | | The condition of err != nil was the opposite of what we wanted, so disabled services were never matched. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: remove unused old service tracker callbackJason A. Donenfeld2026-04-161-4/+0
| | | | | | This was from the Windows 7 compat code that's now gone. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: raise min windows version to 10Jason A. Donenfeld2026-03-211-85/+12
| | | | | | | | | | | | | | | Since we're also bumping the PE subsystem header to 10.0, this means we need a _load_config with the proper flags. So there's some work to be done here. This also means bumping LLVM and Go builds. In the case of Go, the patch is still pending: https://go-review.googlesource.com/c/go/+/756680 , so it's a custom build. Remove lots of compatibility code and hacks. Also update the installer to display a useful message. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: modernize go conventionsJason A. Donenfeld2026-03-183-6/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: bump dateJason A. Donenfeld2026-03-188-8/+8
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: bump dateJason A. Donenfeld2022-01-068-8/+8
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: interface{} -> anyJason A. Donenfeld2021-12-161-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: apply gofumptJason A. Donenfeld2021-12-095-13/+29
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: check for WeakHostSend/Forwarding in pitfallsJason A. Donenfeld2021-11-082-95/+0
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: cleanup legacy wintunJason A. Donenfeld2021-10-291-0/+2
| | | | | | | | | | It's not good to leave cruft around from the upgrade case when people want to uninstall, so we remove wintun in the uninstaller manually (without the help of wintun.dll, which we no longer ship). But also, so that we can eventually drop that code, we also remove it opportunistically when the manager starts. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: use pre-seeded fastrandn instead of math.randJason A. Donenfeld2021-10-281-2/+5
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: delay boottime updates and simplifyJason A. Donenfeld2021-10-271-11/+18
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: pitfalls: cap virtio check to min 40 for ParallelsJason A. Donenfeld2021-10-261-1/+2
| | | | | | | | It looks like Parallels forked NetKVM from Red Hat and changed the versioning scheme, but kept the same driver name. So we skip the warning for a floor of v40. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* services: use more reliable method of detecting boot-upJason A. Donenfeld2021-10-264-11/+7
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* mod: bump for x/sys changesJason A. Donenfeld2021-10-211-59/+16
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: warn about dnscache and old virtio driverJason A. Donenfeld2021-10-202-0/+138
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: remove wireguard-go/Wintun implementationJason A. Donenfeld2021-10-164-134/+18
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: remove legacy store supportJason A. Donenfeld2021-10-162-80/+0
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: use newer wireguard-go APIsJason A. Donenfeld2021-10-123-66/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: use unsafe.Slice instead of unsafeSliceJason A. Donenfeld2021-10-111-6/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: use new APIJason A. Donenfeld2021-10-054-38/+11
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: reinitialize configuration after PnP flaps driver on <10Jason A. Donenfeld2021-09-141-2/+1
| | | | | | | | | | On older Windows, PnP will unload the driver and reload it. This makes multiple tunnels impossible, as we knew. But this also happens when various adapter settings change, like ICS, which is maybe a bigger issue. Solve this by reloading the configuration after these flaps. Reported-by: Harland Coles <harland.coles@energy-x.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: prefer WireGuardNT over wireguard-go/WintunJason A. Donenfeld2021-09-122-1/+7
| | | | | | Also remove Wintun driver on startup. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: disable multiple tunnels on pre-win10Jason A. Donenfeld2021-09-101-1/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: make multiple tunnels mode automaticJason A. Donenfeld2021-08-131-32/+37
| | | | | | | | | Rather than having to set a registry knob to enable multiple tunnels, it is now automatic. If an additional activated tunnel has the same route subnets or interface IP addresses as a previous tunnel, that previous one is stopped. But if there's no overlap, then they coexist. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: do both wgnt and wintun cleanupsJason A. Donenfeld2021-08-091-31/+28
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: track externally created tunnelsJason A. Donenfeld2021-08-092-29/+94
| | | | | Requested-by: Bruno UT1 <bandry@ut1.org> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: break encapsulation and pass timestamp to ringloggerJason A. Donenfeld2021-08-081-1/+7
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* ui: show update tab but not alert for limited userJason A. Donenfeld2021-08-041-4/+1
| | | | | Suggested-by: Diab Neiroukh <lazerl0rd@thezest.dev> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: introduce new module for talking with kernel driverJason A. Donenfeld2021-08-024-40/+155
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: list unencrypted conf filesJason A. Donenfeld2021-06-251-1/+1
| | | | | | | | By ignoring unencrypted ones, the tunnel tracker would miss running configurations at startup. Reported-by: Станислав Мацак <smatsak@mail.ru> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: do not terminate current process when intended target is childJason A. Donenfeld2021-06-221-1/+5
| | | | | | | If we've already collected this, handle is -1, which is current process. Catch this case. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: manually use CreateProcess for launching UI processJason A. Donenfeld2021-06-182-26/+108
| | | | | | | | | Go's standard library for this is buggy (PID races, handle races) and requires passing NUL, which we don't really care about for Windows. Simplify and speed up process creation by only passing exactly what we need. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: rewrite service arguments when migrating configsJason A. Donenfeld2021-06-183-54/+47
| | | | | | | | | | | If a service is installed already, it's a good idea to migrate its conf argument when migrating the file name, so that these don't get out of sync. We're already doing this when migrating from the legacy config store, so this is also an opportunity to clean up that code a bit and quit using regexes. Reported-by: Станислав Мацак <smatsak@mail.ru> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: use new DialConfig struct for pipeJason A. Donenfeld2021-03-051-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: use non-stuttering function nameJason A. Donenfeld2021-03-051-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: use CloseHandle rather than CloseJason A. Donenfeld2021-02-021-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: use stricter handle inheritabilityJason A. Donenfeld2021-02-022-83/+25
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: move away from ioutilJason A. Donenfeld2021-02-011-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: bump copyright dateJason A. Donenfeld2021-02-019-9/+9
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>