aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/tunnel (follow)
Commit message (Collapse)AuthorAgeFilesLines
* tunnel: wait for IP service to attach to wintunJason A. Donenfeld2019-06-186-125/+268
| | | | | | | | This helps fix startup races without needing to poll, as well as reconfiguring interfaces after wintun destroys and re-adds. It also deals gracefully with IPv6 being disabled. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* firewall: adjust loopback rule for better matchingOdd Stranne2019-06-132-17/+14
| | | | | Signed-off-by: Odd Stranne <odd@mullvad.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: clearer GUID encoding schemeJason A. Donenfeld2019-06-131-24/+38
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* winipcfg: prefer own methods over direct API callsSimon Rozman2019-06-111-2/+2
| | | | Signed-off-by: Simon Rozman <simon@rozman.si>
* tunnel: generate GUIDs deterministicallyJason A. Donenfeld2019-06-102-1/+74
| | | | | | | | This allows NLA profiles to securely bind public keys to firewall profiles, a considerable improvement on the usual insecure Windows situation. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: SCM lock status is upstream nowJason A. Donenfeld2019-06-091-32/+11
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: release SCM locks by faking an early start before wintun initJason A. Donenfeld2019-06-071-0/+35
| | | | | | | Otherwise creating the wintun service deadlocks the entire SCM on Windows 8.1. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* firewall: GUID generation is now upstreamJason A. Donenfeld2019-06-072-16/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: cleanup TODO comment spacingJason A. Donenfeld2019-06-075-6/+6
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: perform full stop on shutdownSimon Rozman2019-06-071-2/+2
| | | | | | | | | | | The services which do not advertise they accept shutdown signal from SCM are killed on shutdown. This commit establishes a full tunnel cleanup (i.e. delete the adapter) on shutdown. Otherwise, the Wintun adapter is deleted on next boot as a part of the regular sanitation procedure. Signed-off-by: Simon Rozman <simon@rozman.si>
* tunnel: retain SeLoadDriverPrivilegeJason A. Donenfeld2019-06-071-2/+2
| | | | | | This is a big loss. We'll need to revisit this. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: don't fail on v6 family lookup unless using v6Jason A. Donenfeld2019-06-071-14/+16
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* services: iterate through groups using helperJason A. Donenfeld2019-06-071-2/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: fix formattingJason A. Donenfeld2019-06-072-3/+3
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: make tcp/ip waiting explicitJason A. Donenfeld2019-05-313-18/+27
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* firewall: use random GUIDsJason A. Donenfeld2019-05-312-20/+27
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: logical simplificationJason A. Donenfeld2019-05-291-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: allow for disabled ipv6Jason A. Donenfeld2019-05-291-14/+12
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: several helpers are now upstreamJason A. Donenfeld2019-05-271-11/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* winipcfg: make LUID.DeleteIPAddress accept IPNetSimon Rozman2019-05-273-4/+10
| | | | | | Thou DeleteUnicastIpAddressEntry() cares about the IP only. Signed-off-by: Simon Rozman <simon@rozman.si>
* global: use filepath.Join uniformlyJason A. Donenfeld2019-05-251-1/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* winipcfg: SocketAddressToIP was upstreamedJason A. Donenfeld2019-05-253-30/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* winipcfg: switch to windows.GetAdaptersAddressesSimon Rozman2019-05-242-11/+1
| | | | Signed-off-by: Simon Rozman <simon@rozman.si>
* winipcfg: add note describing how to setup winipcfg testing environmentSimon Rozman2019-05-231-0/+16
| | | | | | | ...to save us head-scratching time when trying to run the tests again few months later. Signed-off-by: Simon Rozman <simon@rozman.si>
* winipcfg: importJason A. Donenfeld2019-05-2219-63/+4479
| | | | | | | | We'll maintain this as part of the same repo here. Later maybe we'll push it into x/sys/windows. Signed-off-by: Simon Rozman <simon@rozman.si> Signed-off-by: Aleksandar Pesic <peske.nis@gmail.com>
* tunnel: disable firewall before destroying wintunJason A. Donenfeld2019-05-221-0/+2
| | | | | | Otherwise there's a tiny race. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: remove routes before destroying interfaceJason A. Donenfeld2019-05-222-1/+17
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* firewall: use service-specific SIDJason A. Donenfeld2019-05-226-46/+146
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* service: split into tunnel and managerJason A. Donenfeld2019-05-2013-0/+3505
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.