summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2021-05-06tun/netstack: update go mod and remove GSO argumentJason A. Donenfeld
Reported-by: John Xiong <xiaoyang1258@yeah.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-05-05tun: windows: send MTU update when forced MTU changesJason A. Donenfeld
Otherwise the padding doesn't get updated. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-04-26tun: windows: protect reads from closingJason A. Donenfeld
The code previously used the old errors channel for checking, rather than the simpler boolean, which caused issues on shutdown, since the errors channel was meaningless. However, looking at this exposed a more basic problem: Close() and all the other functions that check the closed boolean can race. So protect with a basic RW lock, to ensure that Close() waits for all pending operations to complete. Reported-by: Joshua Sjoding <joshua.sjoding@scjalliance.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-04-26conn: windows: do not error out when receiving UDP jumbogramJason A. Donenfeld
If we receive a large UDP packet, don't return an error to receive.go, which then terminates the receive loop. Instead, simply retry. Considering Winsock's general finickiness, we might consider other places where an attacker on the wire can generate error conditions like this. Reported-by: Sascha Dierberg <sascha.dierberg@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-04-24version: bump snapshotJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-04-19tun: freebsd: avoid OOB writesJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-04-19tun: freebsd: become controlling process when reopening tun FDJason A. Donenfeld
When we pass the TUN FD to the child, we have to call TUNSIFPID; otherwise when we close the device, we get a splat in dmesg. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-04-19tun: freebsd: restructure and cleanupJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-04-19tun: freebsd: remove horrific hack for getting tunnel nameJason A. Donenfeld
As of FreeBSD 12.1, there's TUNGIFNAME. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-04-18tun: freebsd: set IFF_MULTICAST for routing daemonsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-04-15main: print kernel warning on OpenBSD and FreeBSD tooJason A. Donenfeld
More kernels! Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-04-12device: don't defer unlocking from loopJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-04-12conn: reconstruct v4 vs v6 receive function based on symtabJason A. Donenfeld
This is kind of gross but it's better than the alternatives. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-04-12device: allocate new buffer in receive death spiralKristupas Antanavičius
Note: this bug is "hidden" by avoiding "death spiral" code path by 6228659 ("device: handle broader range of errors in RoutineReceiveIncoming"). If the code reached "death spiral" mechanism, there would be multiple double frees happening. This results in a deadlock on iOS, because the pools are fixed size and goroutine might stop until somebody makes space in the pool. This was almost 100% repro on the new ARM Macbooks: - Build with 'ios' tag for Mac. This will enable bounded pools. - Somehow call device.IpcSet at least couple of times (update config) - device.BindUpdate() would be triggered - RoutineReceiveIncoming would enter "death spiral". - RoutineReceiveIncoming would stall on double free (pool is already full) - The stuck routine would deadlock 'device.closeBindLocked()' function on line 'netc.stopping.Wait()' Signed-off-by: Kristupas Antanavičius <kristupas.antanavicius@nordsec.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-04-09conn: windows: reset ring to starting position after freeJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-04-09conn: windows: compare head and tail properlyJason A. Donenfeld
By not comparing these with the modulo, the ring became nearly never full, resulting in completion queue buffers filling up prematurely. Reported-by: Joshua Sjoding <joshua.sjoding@scjalliance.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-04-09winrio: test that IOCP-based RIO is supportedJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-04-02all: make conn.Bind.Open return a slice of receive functionsJosh Bleecher Snyder
Instead of hard-coding exactly two sources from which to receive packets (an IPv4 source and an IPv6 source), allow the conn.Bind to specify a set of sources. Beneficial consequences: * If there's no IPv6 support on a system, conn.Bind.Open can choose not to return a receive function for it, which is simpler than tracking that state in the bind. This simplification removes existing data races from both conn.StdNetBind and bindtest.ChannelBind. * If there are more than two sources on a system, the conn.Bind no longer needs to add a separate muxing layer. Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>
2021-04-02conn: winrio: pass key parameter into structJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-03-30device: handle broader range of errors in RoutineReceiveIncomingJosh Bleecher Snyder
RoutineReceiveIncoming exits immediately on net.ErrClosed, but not on other errors. However, for errors that are known to be permanent, such as syscall.EAFNOSUPPORT, we may as well exit immediately instead of retrying. This considerably speeds up the package device tests right now, because the Bind sometimes (incorrectly) returns syscall.EAFNOSUPPORT instead of net.ErrClosed. Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>
2021-03-30conn: document retry loop in StdNetBind.OpenJosh Bleecher Snyder
It's not obvious on a first read what the loop is doing. Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>
2021-03-30conn: use local ipvN vars in StdNetBind.OpenJosh Bleecher Snyder
This makes it clearer that they are fresh on each attempt, and avoids the bookkeeping required to clearing them on failure. Also, remove an unnecessary err != nil. Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>
2021-03-30conn: unify code in StdNetBind.SendJosh Bleecher Snyder
The sending code is identical for ipv4 and ipv6; select the conn, then use it. Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>
2021-03-30device: rename unsafeCloseBind to closeBindLockedJosh Bleecher Snyder
And document a bit. This name is more idiomatic. Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>
2021-03-23version: bump snapshotJason A. Donenfeld
2021-03-23tun: freebsd: use broadcast mode instead of PPP modeJason A. Donenfeld
It makes the routing configuration simpler. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-03-11device: signal to close device in separate routineJason A. Donenfeld
Otherwise we wind up deadlocking. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-03-11tun: linux: do not spam events every second from hack listenerJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-03-08tun: freebsd: allow empty namesKay Diam
This change allows omitting the tun interface name setting. When the name is not set, the kernel automatically picks up the tun name and index. Signed-off-by: Kay Diam <kay.diam@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-03-08winpipe: move syscalls into x/sysJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-03-08memmod: use resource functions from x/sysJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-03-08memmod: do not use IsBadReadPtrJason A. Donenfeld
It should be enough to check for the trailing zero name. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-03-08conn: linux: unexport mutexJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-03-08mod: bump x/sysJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-03-06mod: rename COPYING to LICENSEJason A. Donenfeld
Otherwise the netstack module doesn't show up on the package site. https://github.com/golang/go/issues/43817#issuecomment-764987580 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-03-06tun/netstack: bump deps and apiJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-03-06device: get rid of peers.empty boolean in timersActiveJason A. Donenfeld
There's no way for len(peers)==0 when a current peer has isRunning==false. This requires some struct reshuffling so that the uint64 pointer is aligned. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-02-25conn: implement RIO for fast Windows UDP socketsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-02-23global: remove TODO name graffitiJason A. Donenfeld
Googlers have a habit of graffiting their name in TODO items that then are never addressed, and other people won't go near those because they're marked territory of another animal. I've been gradually cleaning these up as I see them, but this commit just goes all the way and removes the remaining stragglers. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-02-23device: test up/down using virtual connJason A. Donenfeld
This prevents port clashing bugs. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-02-23device: cleanup unused test componentsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-02-23conn: make binds replacableJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-02-22device: disable waitpool testsJason A. Donenfeld
This code is stable, and the test is finicky, especially on high core count systems, so just disable it. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-02-22tun: make NativeTun.Close well behaved, not crash on double closeBrad Fitzpatrick
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-02-22README: bump document Go requirement to 1.16Brad Fitzpatrick
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-02-17global: stop using ioutilJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-02-16conn: bump to 1.16 and get rid of NetErrClosed hackJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-02-12version: bump snapshotJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-02-12device: remove old version fileJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-02-11gitignore: remove old hacksJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>