summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2021-11-09WIP fix Attachtun-net-with-stackMikael Magnusson
2021-11-09netstack: add CreateNetTUNWithStackMikael Magnusson
Allow the caller to specify the stack to make it possible for more complex scenarios with multiple network interfaces. Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>
2021-11-09netstack: implement Net.AddAddressMikael Magnusson
Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>
2021-11-03netstack: add support for IPv6 addresses with zonesMikael Magnusson
Use unspecified NIC (0) by default. Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>
2021-10-30winpipe: update with latest changes from CL299009Jason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-10-28device: timers: use pre-seeded per-thread unlocked fastrandn for jitterJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-10-28device: timers: seed unsafe rng before use for jitterJason A. Donenfeld
Forgetting to seed the unsafe rng, the jitter before followed a fixed pattern, which didn't help when a fleet of computers all boot at once. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-10-26wintun: align 64-bit argument on ARM32Jason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-10-25README: raise minimum Go to 1.17Jason A. Donenfeld
Suggested-by: Adam Bliss <abliss@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-10-22tun/netstack: update gvisorMikael Magnusson
Update gvisor to v0.0.0-20211020211948-f76a604701b6, which requires some changes to tun.go: WriteRawPacket: Add function with not implemented error. CreateNetTUN: Replace stack.AddAddress with stack.AddProtocolAddress, and fix IPv6 address in error message. Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-10-20ipc, rwcancel: compile on js/wasmBrad Fitzpatrick
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-10-20wintun: allow retrieving DLL versionJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-10-16version: bump snapshotJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-10-16wintun: remove memmod option for dll loadingJason A. Donenfeld
Only wireguard-windows used this, and it's moving to wgnt exclusively. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-10-12global: remove old-style build tagsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-10-12global: add newer-style build tagsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-10-12wintun: use new swdevice-based API for upcoming Wintun 0.14Jason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-10-11conn,wintun: use unsafe.Slice instead of unsafeSliceJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-10-11memmod: import from wireguard-windowsJason A. Donenfeld
We'll eventually be getting rid of it here, but keep it sync'd up for now. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-09-27rwcancel: use unix.Poll again but bump x/sys so it uses ppoll under the hoodJason A. Donenfeld
This reverts commit fcc601dbf0f6b626ec1d47a880cbe64f9c8fe385 but then bumps go.mod. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-09-26rwcancel: use ppoll on Linux for AndroidJason A. Donenfeld
This is a temporary measure while we wait for https://go-review.googlesource.com/c/sys/+/352310 to land. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-09-23tun: make operateonfd.go build tags more specificTobias Klauser
(*NativeTun).operateOnFd is only used on darwin and freebsd. Adjust the build tags accordingly. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-09-23tun: avoid leaking sock fd in CreateTUN error casesTobias Klauser
At these points, the socket file descriptor is not yet wrapped in an *os.File, so it needs to be closed explicitly on error. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-09-05global: add new go 1.17 build commentsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-08-05memmod: register exception handler tablesJason A. Donenfeld
Otherwise recent WDK binaries fail on ARM64, where an exception handler is used for trapping an illegal instruction when ARMv8.1 atomics are being tested for functionality. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-07-29memmod: fix protected delayed load the right wayJason A. Donenfeld
The reason this was failing before is that dloadsup.h's DloadObtainSection was doing a linear search of sections to find which header corresponds with the IMAGE_DELAYLOAD_DESCRIPTOR section, and we were stupidly overwriting the VirtualSize field, so the linear search wound up matching the .text section, which then it found to not be marked writable and failed with FAST_FAIL_DLOAD_PROTECTION_FAILURE. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-07-29memmod: disable protected delayed load for nowJason A. Donenfeld
Probably a bad idea, but we don't currently support it, and those huge windows.NewCallback trampolines make juicer targets anyway. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-06-24ipc: allow admins but require high integrity labelJason A. Donenfeld
Might be more reasonable. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-06-04device: zero out allowedip node pointers when removingJason A. Donenfeld
This should make it a bit easier for the garbage collector. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-06-03device: limit allowedip fuzzer a to 4 times throughJason A. Donenfeld
Trying this for every peer winds up being very slow and precludes it from acceptable runtime in the CI, so reduce this to 4. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-06-03device: simplify allowedips lookup signatureJason A. Donenfeld
The inliner should handle this for us. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-06-03device: remove nodes by peer in O(1) instead of O(n)Jason A. Donenfeld
Now that we have parent pointers hooked up, we can simply go right to the node and remove it in place, rather than having to recursively walk the entire trie. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-06-03device: remove recursion from insertion and connect parent pointersJason A. Donenfeld
This makes the insertion algorithm a bit more efficient, while also now taking on the additional task of connecting up parent pointers. This will be handy in the following commit. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-06-03device: reduce size of trie structJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-05-25go.mod: bump golang.org/x/sys againJosh Bleecher Snyder
To pick up https://go-review.googlesource.com/c/sys/+/307129. Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>
2021-05-22device: allow reducing queue constants on iOSJason A. Donenfeld
Heavier network extensions might require the wireguard-go component to use less ram, so let users of this reduce these as needed. At some point we'll put this behind a configuration method of sorts, but for now, just expose the consts as vars. Requested-by: Josh Bleecher Snyder <josh@tailscale.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-05-20tun: linux: account for interface removal from outsideJason A. Donenfeld
On Linux we can run `ip link del wg0`, in which case the fd becomes stale, and we should exit. Since this is an intentional action, don't treat it as an error. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-05-20conn: linux: protect read fdsJason A. Donenfeld
The -1 protection was removed and the wrong error was returned, causing us to read from a bogus fd. As well, remove the useless closures that aren't doing anything, since this is all synchronized anyway. Fixes: 10533c3 ("all: make conn.Bind.Open return a slice of receive functions") Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-05-20rwcancel: use ordinary os.ErrClosed instead of custom errorJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-05-20rwcancel: use poll instead of selectJason A. Donenfeld
Suggested-by: Lennart Poettering <lennart@poettering.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-05-18device: optimize Peer.String even moreJason A. Donenfeld
This reduces the allocation, branches, and amount of base64 encoding. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-05-14device: optimize Peer.StringJosh Bleecher Snyder
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-05-11conn: windows: set count=0 on retryJason A. Donenfeld
When retrying, if count is not 0, we forget to dequeue another request, and so the ring fills up and errors out. Reported-by: Sascha Dierberg <dierberg@dresearch-fe.de> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-05-10main: replace crlf on windows in fmt testJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-05-10main: check that code is formatted in unit testJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-05-07tun: formatJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-05-07device: add ID to repeated routinesJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-05-07device: remove unusual ... in messagesJason A. Donenfeld
We dont use ... in any other present progressive messages except these. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-05-07device: avoid verbose log line during ordinary shutdown sequenceJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-05-07tun: windows: set event before waitingJason A. Donenfeld
In 097af6e ("tun: windows: protect reads from closing") we made sure no functions are running when End() is called, to avoid a UaF. But we still need to kick that event somehow, so that Read() is allowed to exit, in order to release the lock. So this commit calls SetEvent, while moving the closing boolean to be atomic so it can be modified without locks, and then moves to a WaitGroup for the RCU-like pattern. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>