Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | tunnel: add wintun ordered unit test | Jason A. Donenfeld | 2019-11-25 | 1 | -0/+202 |
| | |||||
* | tunnel: stop burst timer if we exceed 2 seconds | Jason A. Donenfeld | 2019-10-31 | 1 | -0/+1 |
| | | | | Reported-by: Odd Stranne <odd@mullvad.net> | ||||
* | tunnel: blackhole sockets when there's going to be a sure routing loop | Jason A. Donenfeld | 2019-10-21 | 2 | -9/+49 |
| | | | | | | | This prevents against common mishaps when changing from a wifi network that supports v6 to one that doesn't. Reported-by: Jonathan Tooker <jonathan.tooker@netprotect.com> | ||||
* | mod: bump | Jason A. Donenfeld | 2019-10-17 | 1 | -1/+1 |
| | |||||
* | Revert "tunnel: check for endpoint interfaces and media connection state" | Jason A. Donenfeld | 2019-10-09 | 1 | -3/+1 |
| | | | | | | This reverts commit cf6f599a4a65e89929ffc12982346c8e9012552c. It broke people's setups. | ||||
* | tunnel: print wintun version in debug log | Jason A. Donenfeld | 2019-10-09 | 1 | -0/+6 |
| | |||||
* | mod: bump versions | Jason A. Donenfeld | 2019-10-04 | 2 | -2/+2 |
| | |||||
* | tunnel: check for endpoint interfaces and media connection state | Jason A. Donenfeld | 2019-10-01 | 1 | -1/+3 |
| | |||||
* | tunnel: smooth bursts from windows network notifiers | Jason A. Donenfeld | 2019-10-01 | 1 | -5/+25 |
| | |||||
* | tunnel: windows does not always add/remove routes with up/down interface | Jason A. Donenfeld | 2019-10-01 | 3 | -25/+45 |
| | | | | | | | | | | | | | | | On Linux, we're used to routes being added after an interface is up, and routes being removed as a consequence of an interface going down. On Windows, this isn't always the case, at least not from the perspective of the route notifiers. In order to work around this and make a multi-interface model coherent, we search for a new default route not only whenever the routing table changes but also whenever any interface link parameters change, such as up/down. The practical consequence is that now WireGuard connects properly when wifi is disconnected and then reconnected. Reported-by: Nenad Kozul <me@nenadkozul.com> | ||||
* | winipcfg: make Unregister wait for callbacks to complete | Jason A. Donenfeld | 2019-09-27 | 4 | -31/+61 |
| | |||||
* | winipcfg: port more granular locking from route change to others | Jason A. Donenfeld | 2019-09-27 | 2 | -22/+36 |
| | |||||
* | winipcfg: ensure we're passing copy to go routines | Jason A. Donenfeld | 2019-09-27 | 3 | -3/+6 |
| | | | | | | The windows-allocated one gets freed. Reported-by: Odd Stranne <odd@mullvad.net> | ||||
* | mod: bump versions | Jason A. Donenfeld | 2019-09-27 | 2 | -2/+2 |
| | |||||
* | global: use SECURITY_DESCRIPTOR apis from x/sys/windows | Jason A. Donenfeld | 2019-09-23 | 7 | -99/+62 |
| | |||||
* | firewall: remove unused wrappers | Jason A. Donenfeld | 2019-09-23 | 2 | -32/+0 |
| | |||||
* | tunnel: device->interface | Jason A. Donenfeld | 2019-09-13 | 1 | -1/+1 |
| | |||||
* | winipcfg: launch callbacks in goroutines to prevent deadlock | Jason A. Donenfeld | 2019-09-01 | 3 | -3/+3 |
| | | | | | | | | | | ret: setupLock interfaceChangeLock trigger: interfaceChangeLock setupLock | ||||
* | winipcfg: use upstream helper function for elevation test | Jason A. Donenfeld | 2019-08-30 | 1 | -16/+9 |
| | |||||
* | manager: fix nits in adapter cleanup logic and also handle ā%sā uniformly | Jason A. Donenfeld | 2019-08-30 | 1 | -1/+1 |
| | |||||
* | tunnel: allow disabling deterministic GUIDs for external consumers | Jason A. Donenfeld | 2019-08-30 | 1 | -21/+31 |
| | |||||
* | tunnel: do not query real interface name | Jason A. Donenfeld | 2019-08-26 | 1 | -7/+0 |
| | | | | | | | | | | | We want to enforce the relation between the socket name and the service name, especially since the wintun adapter name might get a 1 or 2 appended depending on weird Nci duplication detection. So we just stick with the configuration-given name throughout. Also, the user can change the adapter name at runtime, which is all the more reason why maybe we shouldn't care about it so much. Reported-by: Nenad Kozul <me@nenadkozul.com> | ||||
* | firewall: use RtlGetNtVersionNumbers for kernel compat checks | Jason A. Donenfeld | 2019-08-26 | 1 | -3/+2 |
| | |||||
* | version: use upstream RtlGetVersion | Jason A. Donenfeld | 2019-08-24 | 1 | -7/+3 |
| | |||||
* | tunnel: move Run into own module to reduce file size | Jason A. Donenfeld | 2019-08-24 | 1 | -2/+14 |
| | |||||
* | elevate: move service/token into proper module | Jason A. Donenfeld | 2019-08-05 | 1 | -1/+2 |
| | |||||
* | tunnel: style | Jason A. Donenfeld | 2019-08-03 | 1 | -1/+1 |
| | |||||
* | tunnel: extract owner of config file for pipe dacl | Jason A. Donenfeld | 2019-07-19 | 2 | -0/+60 |
| | | | | | | If the config file is unencrypted and its owner is not Local System, then we allow the runtime named pipe to be accessed by that owner, since generally the private key is already stored in the config file. | ||||
* | tunnel: wait for IP service to attach to wintun | Jason A. Donenfeld | 2019-06-18 | 6 | -125/+268 |
| | | | | | | This helps fix startup races without needing to poll, as well as reconfiguring interfaces after wintun destroys and re-adds. It also deals gracefully with IPv6 being disabled. | ||||
* | firewall: adjust loopback rule for better matching | Odd Stranne | 2019-06-13 | 2 | -17/+14 |
| | | | | Signed-off-by: Odd Stranne <odd@mullvad.net> | ||||
* | tunnel: clearer GUID encoding scheme | Jason A. Donenfeld | 2019-06-13 | 1 | -24/+38 |
| | |||||
* | winipcfg: prefer own methods over direct API calls | Simon Rozman | 2019-06-11 | 1 | -2/+2 |
| | | | | Signed-off-by: Simon Rozman <simon@rozman.si> | ||||
* | tunnel: generate GUIDs deterministically | Jason A. Donenfeld | 2019-06-10 | 2 | -1/+74 |
| | | | | | | This allows NLA profiles to securely bind public keys to firewall profiles, a considerable improvement on the usual insecure Windows situation. | ||||
* | tunnel: SCM lock status is upstream now | Jason A. Donenfeld | 2019-06-09 | 1 | -32/+11 |
| | |||||
* | tunnel: release SCM locks by faking an early start before wintun init | Jason A. Donenfeld | 2019-06-07 | 1 | -0/+35 |
| | | | | | Otherwise creating the wintun service deadlocks the entire SCM on Windows 8.1. | ||||
* | firewall: GUID generation is now upstream | Jason A. Donenfeld | 2019-06-07 | 2 | -16/+2 |
| | |||||
* | global: cleanup TODO comment spacing | Jason A. Donenfeld | 2019-06-07 | 5 | -6/+6 |
| | |||||
* | tunnel: perform full stop on shutdown | Simon Rozman | 2019-06-07 | 1 | -2/+2 |
| | | | | | | | | | | | The services which do not advertise they accept shutdown signal from SCM are killed on shutdown. This commit establishes a full tunnel cleanup (i.e. delete the adapter) on shutdown. Otherwise, the Wintun adapter is deleted on next boot as a part of the regular sanitation procedure. Signed-off-by: Simon Rozman <simon@rozman.si> | ||||
* | tunnel: retain SeLoadDriverPrivilege | Jason A. Donenfeld | 2019-06-07 | 1 | -2/+2 |
| | | | | This is a big loss. We'll need to revisit this. | ||||
* | tunnel: don't fail on v6 family lookup unless using v6 | Jason A. Donenfeld | 2019-06-07 | 1 | -14/+16 |
| | |||||
* | services: iterate through groups using helper | Jason A. Donenfeld | 2019-06-07 | 1 | -2/+1 |
| | |||||
* | tunnel: fix formatting | Jason A. Donenfeld | 2019-06-07 | 2 | -3/+3 |
| | |||||
* | tunnel: make tcp/ip waiting explicit | Jason A. Donenfeld | 2019-05-31 | 3 | -18/+27 |
| | |||||
* | firewall: use random GUIDs | Jason A. Donenfeld | 2019-05-31 | 2 | -20/+27 |
| | |||||
* | tunnel: logical simplification | Jason A. Donenfeld | 2019-05-29 | 1 | -1/+1 |
| | |||||
* | tunnel: allow for disabled ipv6 | Jason A. Donenfeld | 2019-05-29 | 1 | -14/+12 |
| | |||||
* | global: several helpers are now upstream | Jason A. Donenfeld | 2019-05-27 | 1 | -11/+1 |
| | |||||
* | winipcfg: make LUID.DeleteIPAddress accept IPNet | Simon Rozman | 2019-05-27 | 3 | -4/+10 |
| | | | | | | Thou DeleteUnicastIpAddressEntry() cares about the IP only. Signed-off-by: Simon Rozman <simon@rozman.si> | ||||
* | global: use filepath.Join uniformly | Jason A. Donenfeld | 2019-05-25 | 1 | -1/+2 |
| | |||||
* | winipcfg: SocketAddressToIP was upstreamed | Jason A. Donenfeld | 2019-05-25 | 3 | -30/+4 |
| |