summaryrefslogtreecommitdiffhomepage
path: root/device/uapi.go
AgeCommit message (Collapse)Author
2023-02-07global: bump copyright yearJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2022-09-20global: bump copyright yearJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2022-09-04all: use Go 1.19 and its atomic typesBrad Fitzpatrick
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2022-03-16all: use any in place of interface{}Josh Bleecher Snyder
Enabled by using Go 1.18. A bit less verbose. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2022-03-16all: update to Go 1.18Josh Bleecher Snyder
Bump go.mod and README. Switch to upstream net/netip. Use strings.Cut. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-12-09global: apply gofumptJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-11-29device: handle peer post config on blank lineJason A. Donenfeld
We missed a function exit point. This was exacerbated by e3134bf ("device: defer state machine transitions until configuration is complete"), but the bug existed prior. Minus provided the following useful reproducer script: #!/usr/bin/env bash set -eux make wireguard-go || exit 125 ip netns del test-ns || true ip netns add test-ns ip link add test-kernel type wireguard wg set test-kernel listen-port 0 private-key <(echo "QMCfZcp1KU27kEkpcMCgASEjDnDZDYsfMLHPed7+538=") peer "eDPZJMdfnb8ZcA/VSUnLZvLB2k8HVH12ufCGa7Z7rHI=" allowed-ips 10.51.234.10/32 ip link set test-kernel netns test-ns up ip -n test-ns addr add 10.51.234.1/24 dev test-kernel port=$(ip netns exec test-ns wg show test-kernel listen-port) ip link del test-go || true ./wireguard-go test-go wg set test-go private-key <(echo "WBM7qimR3vFk1QtWNfH+F4ggy/hmO+5hfIHKxxI4nF4=") peer "+nj9Dkqpl4phsHo2dQliGm5aEiWJJgBtYKbh7XjeNjg=" allowed-ips 0.0.0.0/0 endpoint 127.0.0.1:$port ip addr add 10.51.234.10/24 dev test-go ip link set test-go up ping -c2 -W1 10.51.234.1 Reported-by: minus <minus@mnus.de> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-11-23device: reduce peer lock critical section in UAPIJosh Bleecher Snyder
The deferred RUnlock calls weren't executing until all peers had been processed. Add an anonymous function so that each peer may be unlocked as soon as it is completed. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-11-23global: use netip where possible nowJason A. Donenfeld
There are more places where we'll need to add it later, when Go 1.18 comes out with support for it in the "net" package. Also, allowedips still uses slices internally, which might be suboptimal. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-11-16device: only propagate roaming value before peer is referenced elsewhereJason A. Donenfeld
A peer.endpoint never becomes nil after being not-nil, so creation is the only time we actually need to set this. This prevents a race from when the variable is actually used elsewhere, and allows us to avoid an expensive atomic. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-11-16device: fix nil pointer dereference in uapi readDavid Anderson
Signed-off-by: David Anderson <danderson@tailscale.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-11-15device: make new peers inherit broken mobile semanticsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-11-15device: defer state machine transitions until configuration is completeJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-06-03device: reduce size of trie structJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-02-23conn: make binds replacableJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-02-08device: overhaul device state managementJosh Bleecher Snyder
This commit simplifies device state management. It creates a single unified state variable and documents its semantics. It also makes state changes more atomic. As an example of the sort of bug that occurred due to non-atomic state changes, the following sequence of events used to occur approximately every 2.5 million test runs: * RoutineTUNEventReader received an EventDown event. * It called device.Down, which called device.setUpDown. * That set device.state.changing, but did not yet attempt to lock device.state.Mutex. * Test completion called device.Close. * device.Close locked device.state.Mutex. * device.Close blocked on a call to device.state.stopping.Wait. * device.setUpDown then attempted to lock device.state.Mutex and blocked. Deadlock results. setUpDown cannot progress because device.state.Mutex is locked. Until setUpDown returns, RoutineTUNEventReader cannot call device.state.stopping.Done. Until device.state.stopping.Done gets called, device.state.stopping.Wait is blocked. As long as device.state.stopping.Wait is blocked, device.state.Mutex cannot be unlocked. This commit fixes that deadlock by holding device.state.mu when checking that the device is not closed. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-01-28global: bump copyrightJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-01-28device: do not allow get to run while set runsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-01-28device: avoid hex allocations in IpcGetJason A. Donenfeld
benchmark old ns/op new ns/op delta BenchmarkUAPIGet-16 2872 2157 -24.90% benchmark old allocs new allocs delta BenchmarkUAPIGet-16 30 18 -40.00% benchmark old bytes new bytes delta BenchmarkUAPIGet-16 737 256 -65.26% Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-01-27device: get rid of nonce routineJason A. Donenfeld
This moves to a simple queue with no routine processing it, to reduce scheduler pressure. This splits latency in half! benchmark old ns/op new ns/op delta BenchmarkThroughput-16 2394 2364 -1.25% BenchmarkLatency-16 259652 120810 -53.47% Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-01-27device: use linked list for per-peer allowed-ip traversalJason A. Donenfeld
This makes the IpcGet method much faster. We also refactor the traversal API to use a callback so that we don't need to allocate at all. Avoiding allocations we do self-masking on insertion, which in turn means that split intermediate nodes require a copy of the bits. benchmark old ns/op new ns/op delta BenchmarkUAPIGet-16 3243 2659 -18.01% benchmark old allocs new allocs delta BenchmarkUAPIGet-16 35 30 -14.29% benchmark old bytes new bytes delta BenchmarkUAPIGet-16 1218 737 -39.49% This benchmark is good, though it's only for a pair of peers, each with only one allowedips. As this grows, the delta expands considerably. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-01-26device: combine debug and info log levels into 'verbose'Jason A. Donenfeld
There are very few cases, if any, in which a user only wants one of these levels, so combine it into a single level. While we're at it, reduce indirection on the loggers by using an empty function rather than a nil function pointer. It's not like we have retpolines anyway, and we were always calling through a function with a branch prior, so this seems like a net gain. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-01-26device: change logging interface to use functionsJosh Bleecher Snyder
This commit overhauls wireguard-go's logging. The primary, motivating change is to use a function instead of a *log.Logger as the basic unit of logging. Using functions provides a lot more flexibility for people to bring their own logging system. It also introduces logging helper methods on Device. These reduce line noise at the call site. They also allow for log functions to be nil; when nil, instead of generating a log line and throwing it away, we don't bother generating it at all. This spares allocation and pointless work. This is a breaking change, although the fix required of clients is fairly straightforward. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-01-26device: fix shadowing of err in IpcHandleJosh Bleecher Snyder
The declaration of err in nextByte, err := buffered.ReadByte shadows the declaration of err in op, err := buffered.ReadString('\n') above. As a result, the assignments to err in err = ipcErrorf(ipc.IpcErrorInvalid, "trailing character in UAPI get: %c", nextByte) and in err = device.IpcGetOperation(buffered.Writer) do not modify the correct err variable. Found by staticcheck. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-01-26device: remove extra error argJosh Bleecher Snyder
Caught by go vet. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-01-26device: reduce allocs in Device.IpcGetOperationBrad Fitzpatrick
Plenty more to go, but a start: name old time/op new time/op delta UAPIGet-4 6.37µs ± 2% 5.56µs ± 1% -12.70% (p=0.000 n=8+8) name old alloc/op new alloc/op delta UAPIGet-4 1.98kB ± 0% 1.22kB ± 0% -38.71% (p=0.000 n=10+10) name old allocs/op new allocs/op delta UAPIGet-4 42.0 ± 0% 35.0 ± 0% -16.67% (p=0.000 n=10+10) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-01-25device: allow pipelining UAPI requestsJason A. Donenfeld
The original spec ends with \n\n especially for this reason. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-01-25device: serialize access to IpcSetOperationJosh Bleecher Snyder
Interleaves IpcSetOperations would spell trouble. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-01-25device: simplify handling of IPC set endpointJosh Bleecher Snyder
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-01-25device: remove close processing fwmarkJosh Bleecher Snyder
Also, a behavior change: Stop treating a blank value as 0. It's not in the spec. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-01-25device: remove unnecessary commentJosh Bleecher Snyder
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-01-25device: introduce new IPC error message for unknown errorJosh Bleecher Snyder
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-01-25device: correct IPC error number for I/O errorsJosh Bleecher Snyder
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-01-25device: simplify IpcHandle error handlingJosh Bleecher Snyder
Unify the handling of unexpected UAPI errors. The comment that says "should never happen" is incorrect; this could happen due to I/O errors. Correct it. Change error message capitalization for consistency. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-01-25device: split IpcSetOperation into partsJosh Bleecher Snyder
The goal of this change is to make the structure of IpcSetOperation easier to follow. IpcSetOperation contains a small state machine: It starts by configuring the device, then shifts to configuring one peer at a time. Having the code all in one giant method obscured that structure. Split out the parts into helper functions and encapsulate the peer state. This makes the overall structure more apparent. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-01-25device: expand IPCErrorJosh Bleecher Snyder
Expand IPCError to contain a wrapped error, and add a helper to make constructing such errors easier. Add a defer-based "log on returned error" to IpcSetOperation. This lets us simplify all of the error return paths. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-01-25device: remove dead codeJosh Bleecher Snyder
If device.NewPeer returns a nil error, then the returned peer is always non-nil. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-01-25device: return errors from ipc scannerJosh Bleecher Snyder
The code as written will drop any read errors on the floor. Fix that. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-01-07device: simplify UAPI helper methodsJosh Bleecher Snyder
bufio is not required. strings.Builder is cheaper than bytes.Buffer for constructing strings. io.Writer is more flexible than io.StringWriter, and just as cheap (when used with io.WriteString). Run gofmt. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-01-07device: add UAPI helper methodsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-01-07device: fix persistent_keepalive_interval data racesJosh Bleecher Snyder
Co-authored-by: David Anderson <danderson@tailscale.com> Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-01-07device: accept any io.Reader in device.IpcSetOperationJosh Bleecher Snyder
Any io.Reader will do, and there are no performance concerns here. This is technically backwards incompatible, but it is very unlikely to break any existing code. It is compatible with the existing uses in wireguard-{windows,android,apple} and also will allow us to slightly simplify it if desired. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2020-05-02global: update header comments and modulesJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-02device: return generic error from Ipc{Get,Set}Operation.David Anderson
This makes uapi.go's public API conform to Go style in terms of error types. Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-02conn: introduce new package that splits out the Bind and Endpoint typesDavid Crawshaw
The sticky socket code stays in the device package for now, as it reaches deeply into the peer list. This is the first step in an effort to split some code out of the very busy device package. Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-02-04uapi: allow unsetting device private key with /dev/nullJason A. Donenfeld
2019-10-04uapi: allow preventing creation of new peers when updatingJason A. Donenfeld
This enables race-free updates for wg-dynamic and similar tools. Suggested-by: Thomas Gschwantner <tharre3@gmail.com>
2019-08-05uapi: skip peers with invalid keysJason A. Donenfeld
2019-05-14global: regroup all importsJason A. Donenfeld
2019-03-20uapi: remove unhelpful log messagesJason A. Donenfeld