summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--tun/wintun/namespace_windows.go99
-rw-r--r--tun/wintun/ring_windows.go (renamed from tun/wintun/ring.go)0
-rw-r--r--tun/wintun/wintun_windows.go26
3 files changed, 99 insertions, 26 deletions
diff --git a/tun/wintun/namespace_windows.go b/tun/wintun/namespace_windows.go
new file mode 100644
index 0000000..21791ef
--- /dev/null
+++ b/tun/wintun/namespace_windows.go
@@ -0,0 +1,99 @@
+/* SPDX-License-Identifier: MIT
+ *
+ * Copyright (C) 2019 WireGuard LLC. All Rights Reserved.
+ */
+
+package wintun
+
+import (
+ "encoding/hex"
+ "errors"
+ "fmt"
+ "sync"
+ "unsafe"
+
+ "golang.org/x/crypto/blake2s"
+ "golang.org/x/sys/windows"
+ "golang.org/x/text/unicode/norm"
+
+ "golang.zx2c4.com/wireguard/ipc/winpipe"
+ "golang.zx2c4.com/wireguard/tun/wintun/namespaceapi"
+)
+
+var (
+ wintunObjectSecurityAttributes *windows.SecurityAttributes
+ hasInitializedNamespace bool
+ initializingNamespace sync.Mutex
+)
+
+func initializeNamespace() error {
+ initializingNamespace.Lock()
+ defer initializingNamespace.Unlock()
+ if hasInitializedNamespace {
+ return nil
+ }
+ sd, err := winpipe.SddlToSecurityDescriptor("O:SYD:P(A;;GA;;;SY)")
+ if err != nil {
+ return fmt.Errorf("SddlToSecurityDescriptor failed: %v", err)
+ }
+ wintunObjectSecurityAttributes = &windows.SecurityAttributes{
+ Length: uint32(len(sd)),
+ SecurityDescriptor: uintptr(unsafe.Pointer(&sd[0])),
+ }
+ sid, err := windows.CreateWellKnownSid(windows.WinLocalSystemSid)
+ if err != nil {
+ return fmt.Errorf("CreateWellKnownSid(LOCAL_SYSTEM) failed: %v", err)
+ }
+
+ boundary, err := namespaceapi.CreateBoundaryDescriptor("Wintun")
+ if err != nil {
+ return fmt.Errorf("CreateBoundaryDescriptor failed: %v", err)
+ }
+ err = boundary.AddSid(sid)
+ if err != nil {
+ return fmt.Errorf("AddSIDToBoundaryDescriptor failed: %v", err)
+ }
+ for {
+ _, err = namespaceapi.CreatePrivateNamespace(wintunObjectSecurityAttributes, boundary, "Wintun")
+ if err == windows.ERROR_ALREADY_EXISTS {
+ _, err = namespaceapi.OpenPrivateNamespace(boundary, "Wintun")
+ if err == windows.ERROR_PATH_NOT_FOUND {
+ continue
+ }
+ }
+ if err != nil {
+ return fmt.Errorf("Create/OpenPrivateNamespace failed: %v", err)
+ }
+ break
+ }
+ hasInitializedNamespace = true
+ return nil
+}
+
+func (pool Pool) takeNameMutex() (windows.Handle, error) {
+ err := initializeNamespace()
+ if err != nil {
+ return 0, err
+ }
+
+ const mutexLabel = "WireGuard Adapter Name Mutex Stable Suffix v1 jason@zx2c4.com"
+ b2, _ := blake2s.New256(nil)
+ b2.Write([]byte(mutexLabel))
+ b2.Write(norm.NFC.Bytes([]byte(string(pool))))
+ mutexName := `Wintun\Wintun-Name-Mutex-` + hex.EncodeToString(b2.Sum(nil))
+ mutex, err := windows.CreateMutex(wintunObjectSecurityAttributes, false, windows.StringToUTF16Ptr(mutexName))
+ if err != nil {
+ err = fmt.Errorf("Error creating name mutex: %v", err)
+ return 0, err
+ }
+ event, err := windows.WaitForSingleObject(mutex, windows.INFINITE)
+ if err != nil {
+ windows.CloseHandle(mutex)
+ return 0, fmt.Errorf("Error waiting on name mutex: %v", err)
+ }
+ if event != windows.WAIT_OBJECT_0 {
+ windows.CloseHandle(mutex)
+ return 0, errors.New("Error with event trigger of name mutex")
+ }
+ return mutex, nil
+}
diff --git a/tun/wintun/ring.go b/tun/wintun/ring_windows.go
index 8f46bc9..8f46bc9 100644
--- a/tun/wintun/ring.go
+++ b/tun/wintun/ring_windows.go
diff --git a/tun/wintun/wintun_windows.go b/tun/wintun/wintun_windows.go
index d6fa35f..c654b02 100644
--- a/tun/wintun/wintun_windows.go
+++ b/tun/wintun/wintun_windows.go
@@ -6,17 +6,14 @@
package wintun
import (
- "encoding/hex"
"errors"
"fmt"
"strings"
"time"
"unsafe"
- "golang.org/x/crypto/blake2s"
"golang.org/x/sys/windows"
"golang.org/x/sys/windows/registry"
- "golang.org/x/text/unicode/norm"
"golang.zx2c4.com/wireguard/tun/wintun/iphlpapi"
"golang.zx2c4.com/wireguard/tun/wintun/nci"
@@ -758,26 +755,3 @@ func (wintun *Interface) GUID() windows.GUID {
func (wintun *Interface) LUID() uint64 {
return ((uint64(wintun.luidIndex) & ((1 << 24) - 1)) << 24) | ((uint64(wintun.ifType) & ((1 << 16) - 1)) << 48)
}
-
-func (pool Pool) takeNameMutex() (windows.Handle, error) {
- const mutexLabel = "WireGuard Adapter Name Mutex Stable Suffix v1 jason@zx2c4.com"
- b2, _ := blake2s.New256(nil)
- b2.Write([]byte(mutexLabel))
- b2.Write(norm.NFC.Bytes([]byte(string(pool))))
- mutexName := `Global\Wintun-Name-Mutex-` + hex.EncodeToString(b2.Sum(nil))
- mutex, err := windows.CreateMutex(nil, false, windows.StringToUTF16Ptr(mutexName))
- if err != nil {
- err = fmt.Errorf("Error creating name mutex: %v", err)
- return 0, err
- }
- event, err := windows.WaitForSingleObject(mutex, windows.INFINITE)
- if err != nil {
- windows.CloseHandle(mutex)
- return 0, fmt.Errorf("Error waiting on name mutex: %v", err)
- }
- if event != windows.WAIT_OBJECT_0 {
- windows.CloseHandle(mutex)
- return 0, errors.New("Error with event trigger of name mutex")
- }
- return mutex, nil
-} \ No newline at end of file