summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2023-02-07tun/netstack: bump gvisorColin Adler
Bump gVisor to a recent known-good version. Signed-off-by: Colin Adler <colin1adler@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2022-09-20global: bump copyright yearJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2022-09-20tun/netstack: ensure `(*netTun).incomingPacket` chan is closedColin Adler
Without this, `device.Close()` will deadlock. Signed-off-by: Colin Adler <colin1adler@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2022-09-04all: use Go 1.19 and its atomic typesBrad Fitzpatrick
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2022-08-29tun/netstack: remove separate moduleJason A. Donenfeld
Now that the gvisor deps aren't insane, we can just do this in the main module. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2022-08-29tun/netstack: bump to latest gvisorShengjing Zhu
To build with go1.19, gvisor needs 99325baf ("Bump gVisor build tags to go1.19"). However gvisor.dev/gvisor/pkg/tcpip/buffer is no longer available, so refactor to use gvisor.dev/gvisor/pkg/tcpip/link/channel directly. Signed-off-by: Shengjing Zhu <i@zhsj.me> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2022-07-04conn, device, tun: set CLOEXEC on fdsBrad Fitzpatrick
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2022-06-01tun: use ByteSliceToString from golang.org/x/sys/unixTobias Klauser
Use unix.ByteSliceToString in (*NativeTun).nameSlice to convert the TUNGETIFF ioctl result []byte to a string. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2022-04-07conn: remove the final alloc per packet receiveJosh Bleecher Snyder
This does bind_std only; other platforms remain. The remaining alloc per iteration in the Throughput benchmark comes from the tuntest package, and should not appear in regular use. name old time/op new time/op delta Latency-10 25.2µs ± 1% 25.0µs ± 0% -0.58% (p=0.006 n=10+10) Throughput-10 2.44µs ± 3% 2.41µs ± 2% ~ (p=0.140 n=10+8) name old alloc/op new alloc/op delta Latency-10 854B ± 5% 741B ± 3% -13.22% (p=0.000 n=10+10) Throughput-10 265B ±34% 267B ±39% ~ (p=0.670 n=10+10) name old allocs/op new allocs/op delta Latency-10 16.0 ± 0% 14.0 ± 0% -12.50% (p=0.000 n=10+10) Throughput-10 2.00 ± 0% 1.00 ± 0% -50.00% (p=0.000 n=10+10) name old packet-loss new packet-loss delta Throughput-10 0.01 ±82% 0.01 ±282% ~ (p=0.321 n=9+8) Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2022-03-17conn: use netip for std bindJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2022-03-16version: bump snapshotJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2022-03-16tun/netstack: bump modJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2022-03-16mod: bump packages and remove compat netipJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2022-03-16all: use any in place of interface{}Josh Bleecher Snyder
Enabled by using Go 1.18. A bit less verbose. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2022-03-16all: update to Go 1.18Josh Bleecher Snyder
Bump go.mod and README. Switch to upstream net/netip. Use strings.Cut. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2022-03-09tun/netstack: check error returned by SetDeadline()Alexander Neumann
Signed-off-by: Alexander Neumann <alexander.neumann@redteam-pentesting.de> [Jason: don't wrap deadline error.] Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2022-03-09tun/netstack: update to latest wireguard-goAlexander Neumann
This commit fixes all callsites of netip.AddrFromSlice(), which has changed its signature and now returns two values. Signed-off-by: Alexander Neumann <alexander.neumann@redteam-pentesting.de> [Jason: remove error handling from AddrFromSlice.] Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2022-02-02tun/netstack: simplify read timeout on ping socketJason A. Donenfeld
I'm not 100% sure this is correct, but it certainly is a lot simpler. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2022-02-02tun/netstack: implement ICMP pingThomas H. Ptacek
Provide a PacketConn interface for netstack's ICMP endpoint; netstack currently only provides EchoRequest/EchoResponse ICMP support, so this code exposes only an interface for doing ping. Signed-off-by: Thomas Ptacek <thomas@sockpuppet.org> [Jason: rework structure, match std go interfaces, add example code] Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2022-01-17version: bump snapshotJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2022-01-14ipc: bsd: try again if kqueue returns EINTRJason A. Donenfeld
Reported-by: J. Michael McAtee <mmcatee@jumptrading.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-12-09global: apply gofumptJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-11-29device: handle peer post config on blank lineJason A. Donenfeld
We missed a function exit point. This was exacerbated by e3134bf ("device: defer state machine transitions until configuration is complete"), but the bug existed prior. Minus provided the following useful reproducer script: #!/usr/bin/env bash set -eux make wireguard-go || exit 125 ip netns del test-ns || true ip netns add test-ns ip link add test-kernel type wireguard wg set test-kernel listen-port 0 private-key <(echo "QMCfZcp1KU27kEkpcMCgASEjDnDZDYsfMLHPed7+538=") peer "eDPZJMdfnb8ZcA/VSUnLZvLB2k8HVH12ufCGa7Z7rHI=" allowed-ips 10.51.234.10/32 ip link set test-kernel netns test-ns up ip -n test-ns addr add 10.51.234.1/24 dev test-kernel port=$(ip netns exec test-ns wg show test-kernel listen-port) ip link del test-go || true ./wireguard-go test-go wg set test-go private-key <(echo "WBM7qimR3vFk1QtWNfH+F4ggy/hmO+5hfIHKxxI4nF4=") peer "+nj9Dkqpl4phsHo2dQliGm5aEiWJJgBtYKbh7XjeNjg=" allowed-ips 0.0.0.0/0 endpoint 127.0.0.1:$port ip addr add 10.51.234.10/24 dev test-go ip link set test-go up ping -c2 -W1 10.51.234.1 Reported-by: minus <minus@mnus.de> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-11-23device: reduce peer lock critical section in UAPIJosh Bleecher Snyder
The deferred RUnlock calls weren't executing until all peers had been processed. Add an anonymous function so that each peer may be unlocked as soon as it is completed. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-11-23device: remove code using unsafeJosh Bleecher Snyder
There is no performance impact. name old time/op new time/op delta TrieIPv4Peers100Addresses1000-8 78.6ns ± 1% 79.4ns ± 3% ~ (p=0.604 n=10+9) TrieIPv4Peers10Addresses10-8 29.1ns ± 2% 28.8ns ± 1% -1.12% (p=0.014 n=10+9) TrieIPv6Peers100Addresses1000-8 78.9ns ± 1% 78.6ns ± 1% ~ (p=0.492 n=10+10) TrieIPv6Peers10Addresses10-8 29.3ns ± 2% 28.6ns ± 2% -2.16% (p=0.000 n=10+10) Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-11-23global: use netip where possible nowJason A. Donenfeld
There are more places where we'll need to add it later, when Go 1.18 comes out with support for it in the "net" package. Also, allowedips still uses slices internally, which might be suboptimal. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-11-16device: only propagate roaming value before peer is referenced elsewhereJason A. Donenfeld
A peer.endpoint never becomes nil after being not-nil, so creation is the only time we actually need to set this. This prevents a race from when the variable is actually used elsewhere, and allows us to avoid an expensive atomic. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-11-16device: align 64-bit atomic member in DeviceJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-11-16device: start peers before running handshake testJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-11-16Makefile: don't use test -v because it hides failures in scrollbackJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-11-16device: fix nil pointer dereference in uapi readDavid Anderson
Signed-off-by: David Anderson <danderson@tailscale.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-11-15device: make new peers inherit broken mobile semanticsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-11-15device: defer state machine transitions until configuration is completeJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-11-15device: do not consume handshake messages if not runningJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-11-04tun: move wintun to its own repoJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-11-04namedpipe: rename from winpipe to keep in sync with CL299009Jason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-10-28device: timers: use pre-seeded per-thread unlocked fastrandn for jitterJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-10-28device: timers: seed unsafe rng before use for jitterJason A. Donenfeld
Forgetting to seed the unsafe rng, the jitter before followed a fixed pattern, which didn't help when a fleet of computers all boot at once. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-10-26wintun: align 64-bit argument on ARM32Jason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-10-25README: raise minimum Go to 1.17Jason A. Donenfeld
Suggested-by: Adam Bliss <abliss@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-10-22tun/netstack: update gvisorMikael Magnusson
Update gvisor to v0.0.0-20211020211948-f76a604701b6, which requires some changes to tun.go: WriteRawPacket: Add function with not implemented error. CreateNetTUN: Replace stack.AddAddress with stack.AddProtocolAddress, and fix IPv6 address in error message. Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-10-20ipc, rwcancel: compile on js/wasmBrad Fitzpatrick
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-10-20wintun: allow retrieving DLL versionJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-10-16version: bump snapshotJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-10-16wintun: remove memmod option for dll loadingJason A. Donenfeld
Only wireguard-windows used this, and it's moving to wgnt exclusively. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-10-12global: remove old-style build tagsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-10-12global: add newer-style build tagsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-10-12wintun: use new swdevice-based API for upcoming Wintun 0.14Jason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-10-11conn,wintun: use unsafe.Slice instead of unsafeSliceJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-10-11memmod: import from wireguard-windowsJason A. Donenfeld
We'll eventually be getting rid of it here, but keep it sync'd up for now. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>