summaryrefslogtreecommitdiffhomepage
path: root/device
AgeCommit message (Collapse)Author
2020-11-06device: format a few thingsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-10-14replay: minor API changes to more idiomatic GoRiobard Zhan
Signed-off-by: Riobard Zhan <me@riobard.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-10-14device: remove global for roaming escape hatchJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-07-31device: get free port when testingSina Siadat
Signed-off-by: Sina Siadat <siadat@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-07-14device: remove bindsocketshim.goDavid Crawshaw
Both wireguard-windows and wireguard-android access Bind directly for these methods now. Signed-off-by: David Crawshaw <crawshaw@tailscale.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-07-15device: remove some unnecessary unsafeBrad Fitzpatrick
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-07-13device: use RTMGRP_IPV4_ROUTE to specify multicast groups maskTobias Klauser
Use the RTMGRP_IPV4_ROUTE const from x/sys/unix instead of using the corresponding RTNLGRP_IPV4_ROUTE const to create the multicast groups mask. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-07-04device: wait for routines to stop before removing peersDmytro Shynkevych
Peers are currently removed after Device's goroutines are signaled to stop, but without waiting for them to actually do so, which is racy. For example, RoutineHandshake may be in Peer.SendKeepalive when the corresponding peer is removed, which closes its nonce channel. This causes a send on a closed channel, as observed in tailscale/tailscale#487. This patch seems to be the correct synchronizing action: Peer's goroutines are receivers and handle channel closure gracefully, so Device's goroutines are the ones that should be fully stopped first. Signed-Off-By: Dmytro Shynkevych <dmytro@tailscale.com>
2020-06-22device: export Bind and remove socketfd shims for androidDavid Crawshaw
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-06-07device: do not include sticky sockets on androidJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-06-07conn: unbreak boundif on androidJason A. Donenfeld
Another thing never tested ever. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-06-07conn: fix windows situation with boundifJason A. Donenfeld
This was evidently never tested before committing. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-19replay: account for fqcodel reorderingJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-18device: rework padding calculation and don't shadow paddedSizeJason A. Donenfeld
Reported-by: Jayakumar S <jayakumar82.s@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-02global: update header comments and modulesJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-02device: use atomic access for unlocked keypair.nextJason A. Donenfeld
Go's GC semantics might not always guarantee the safety of this, and the race detector gets upset too, so instead we wrap this all in atomic accessors. Reported-by: David Anderson <danderson@tailscale.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-02device: add debug logs describing handshake rejectionAvery Pennarun
Useful in testing when bad network stacks repeat or batch large numbers of packets. Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2020-05-02device: return generic error from Ipc{Get,Set}Operation.David Anderson
This makes uapi.go's public API conform to Go style in terms of error types. Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-02device: give handshake state a typeDavid Crawshaw
And unexport handshake constants. Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-05-02tuntest: split out testing packageDavid Crawshaw
This code is useful to other packages writing tests. Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-05-02conn: introduce new package that splits out the Bind and Endpoint typesDavid Crawshaw
The sticky socket code stays in the device package for now, as it reaches deeply into the peer list. This is the first step in an effort to split some code out of the very busy device package. Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-05-02device: add test to ensure Peer fields are safe for atomic access on 32-bitDavid Anderson
Adds a test that will fail consistently on 32-bit platforms if the struct ever changes again to violate the rules. This is likely not needed because unaligned access crashes reliably, but this will reliably fail even if tests accidentally pass due to lucky alignment. Signed-Off-By: David Anderson <danderson@tailscale.com>
2020-03-20version: bump snapshotdmwg-0.0.1Jason A. Donenfeld
2020-03-17noise: unify zero checking of ecdhJason A. Donenfeld
2020-03-17global: use RTMGRP_* consts from x/sys/unixTobias Klauser
Update the golang.org/x/sys/unix dependency and use the newly introduced RTMGRP_* consts instead of using the corresponding RTNLGRP_* const to create a mask. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2020-02-14send: account for zero mtuJason A. Donenfeld
Don't divide by zero.
2020-02-04device: fix private key removal logicJason A. Donenfeld
2020-02-04uapi: allow unsetting device private key with /dev/nullJason A. Donenfeld
2020-01-21version: bump snapshotJason A. Donenfeld
2019-12-30README: update repo urlsJason A. Donenfeld
2019-11-28device: SendmsgN mutates the input sockaddrJason A. Donenfeld
So we take a new granular lock to prevent concurrent writes from racing. WARNING: DATA RACE Write at 0x00c0011f2740 by goroutine 27: golang.org/x/sys/unix.(*SockaddrInet4).sockaddr() /go/pkg/mod/golang.org/x/sys@v0.0.0-20191105231009-c1f44814a5cd/unix/syscall_linux.go:384 +0x114 golang.org/x/sys/unix.SendmsgN() /go/pkg/mod/golang.org/x/sys@v0.0.0-20191105231009-c1f44814a5cd/unix/syscall_linux.go:1304 +0x288 golang.zx2c4.com/wireguard/device.send4() /go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/conn_linux.go:485 +0x11f golang.zx2c4.com/wireguard/device.(*nativeBind).Send() /go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/conn_linux.go:268 +0x1d6 golang.zx2c4.com/wireguard/device.(*Peer).SendBuffer() /go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/peer.go:151 +0x285 golang.zx2c4.com/wireguard/device.(*Peer).SendHandshakeInitiation() /go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/send.go:163 +0x692 golang.zx2c4.com/wireguard/device.(*Device).RoutineReadFromTUN() /go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/send.go:318 +0x4b8 Previous write at 0x00c0011f2740 by goroutine 386: golang.org/x/sys/unix.(*SockaddrInet4).sockaddr() /go/pkg/mod/golang.org/x/sys@v0.0.0-20191105231009-c1f44814a5cd/unix/syscall_linux.go:384 +0x114 golang.org/x/sys/unix.SendmsgN() /go/pkg/mod/golang.org/x/sys@v0.0.0-20191105231009-c1f44814a5cd/unix/syscall_linux.go:1304 +0x288 golang.zx2c4.com/wireguard/device.send4() /go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/conn_linux.go:485 +0x11f golang.zx2c4.com/wireguard/device.(*nativeBind).Send() /go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/conn_linux.go:268 +0x1d6 golang.zx2c4.com/wireguard/device.(*Peer).SendBuffer() /go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/peer.go:151 +0x285 golang.zx2c4.com/wireguard/device.(*Peer).SendHandshakeInitiation() /go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/send.go:163 +0x692 golang.zx2c4.com/wireguard/device.expiredRetransmitHandshake() /go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/timers.go:110 +0x40c golang.zx2c4.com/wireguard/device.(*Peer).NewTimer.func1() /go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/timers.go:42 +0xd8 Goroutine 27 (running) created at: golang.zx2c4.com/wireguard/device.NewDevice() /go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/device.go:322 +0x5e8 main.main() /go/src/x/main.go:102 +0x58e Goroutine 386 (finished) created at: time.goFunc() /usr/local/go/src/time/sleep.go:168 +0x51 Reported-by: Ben Burkert <ben@benburkert.com>
2019-10-30constants: recalculate rekey max based on a one minute floodJason A. Donenfeld
Discussed-with: Mathias Hall-Andersen <mathias@hall-andersen.dk>
2019-10-22global: fix a few typos courtesy of codespellJonathan Tooker
Signed-off-by: Jonathan Tooker <jonathan.tooker@netprotect.com>
2019-10-21device: allow blackholing socketsJason A. Donenfeld
2019-10-21device: remove dead error reporting codeJason A. Donenfeld
2019-10-17device: recheck counters while holding write lockJason A. Donenfeld
2019-10-16device: test packets between two fake devicesDavid Crawshaw
Signed-off-by: David Crawshaw <crawshaw@tailscale.io>
2019-10-12version: bump snapshotJason A. Donenfeld
2019-10-04uapi: allow preventing creation of new peers when updatingJason A. Donenfeld
This enables race-free updates for wg-dynamic and similar tools. Suggested-by: Thomas Gschwantner <tharre3@gmail.com>
2019-09-08version: bump snapshotJason A. Donenfeld
2019-08-25device: getsockname on linux to determine portJason A. Donenfeld
It turns out Go isn't passing the pointer properly so we wound up with a zero port every time.
2019-08-05version: bump snapshotJason A. Donenfeld
2019-08-05device: drop lock before expiring keysJason A. Donenfeld
2019-08-05uapi: skip peers with invalid keysJason A. Donenfeld
2019-07-18device: do not crash on nil'd bind in windows bindingJason A. Donenfeld
2019-07-11device: immediately rekey all peers after changing device private keyJason A. Donenfeld
Reported-by: Derrick Pallas <derrick@pallas.us>
2019-07-01device: receive: uniform message for source address checkJason A. Donenfeld
2019-07-01device: receive: simplify flush loopJason A. Donenfeld
2019-06-14tun: remove TUN prefix from types to reduce stutter elsewhereMatt Layher
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2019-06-11device: update transfer counters correctlyJason A. Donenfeld
The rule is to always update them to the full packet size minus UDP/IP encapsulation for all authenticated packet types.