summaryrefslogtreecommitdiffhomepage
path: root/tun
AgeCommit message (Collapse)Author
2021-09-23tun: avoid leaking sock fd in CreateTUN error casesTobias Klauser
At these points, the socket file descriptor is not yet wrapped in an *os.File, so it needs to be closed explicitly on error. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-09-05global: add new go 1.17 build commentsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-08-05memmod: register exception handler tablesJason A. Donenfeld
Otherwise recent WDK binaries fail on ARM64, where an exception handler is used for trapping an illegal instruction when ARMv8.1 atomics are being tested for functionality. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-07-29memmod: fix protected delayed load the right wayJason A. Donenfeld
The reason this was failing before is that dloadsup.h's DloadObtainSection was doing a linear search of sections to find which header corresponds with the IMAGE_DELAYLOAD_DESCRIPTOR section, and we were stupidly overwriting the VirtualSize field, so the linear search wound up matching the .text section, which then it found to not be marked writable and failed with FAST_FAIL_DLOAD_PROTECTION_FAILURE. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-07-29memmod: disable protected delayed load for nowJason A. Donenfeld
Probably a bad idea, but we don't currently support it, and those huge windows.NewCallback trampolines make juicer targets anyway. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-05-20tun: linux: account for interface removal from outsideJason A. Donenfeld
On Linux we can run `ip link del wg0`, in which case the fd becomes stale, and we should exit. Since this is an intentional action, don't treat it as an error. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-05-07tun: formatJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-05-07tun: windows: set event before waitingJason A. Donenfeld
In 097af6e ("tun: windows: protect reads from closing") we made sure no functions are running when End() is called, to avoid a UaF. But we still need to kick that event somehow, so that Read() is allowed to exit, in order to release the lock. So this commit calls SetEvent, while moving the closing boolean to be atomic so it can be modified without locks, and then moves to a WaitGroup for the RCU-like pattern. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-05-07tun: windows: rearrange struct to avoid alignment trap on 32bitJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-05-07tun: windows: check alignment in unit testJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-05-06tun/netstack: update go mod and remove GSO argumentJason A. Donenfeld
Reported-by: John Xiong <xiaoyang1258@yeah.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-05-05tun: windows: send MTU update when forced MTU changesJason A. Donenfeld
Otherwise the padding doesn't get updated. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-04-26tun: windows: protect reads from closingJason A. Donenfeld
The code previously used the old errors channel for checking, rather than the simpler boolean, which caused issues on shutdown, since the errors channel was meaningless. However, looking at this exposed a more basic problem: Close() and all the other functions that check the closed boolean can race. So protect with a basic RW lock, to ensure that Close() waits for all pending operations to complete. Reported-by: Joshua Sjoding <joshua.sjoding@scjalliance.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-04-19tun: freebsd: avoid OOB writesJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-04-19tun: freebsd: become controlling process when reopening tun FDJason A. Donenfeld
When we pass the TUN FD to the child, we have to call TUNSIFPID; otherwise when we close the device, we get a splat in dmesg. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-04-19tun: freebsd: restructure and cleanupJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-04-19tun: freebsd: remove horrific hack for getting tunnel nameJason A. Donenfeld
As of FreeBSD 12.1, there's TUNGIFNAME. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-04-18tun: freebsd: set IFF_MULTICAST for routing daemonsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-03-23tun: freebsd: use broadcast mode instead of PPP modeJason A. Donenfeld
It makes the routing configuration simpler. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-03-11tun: linux: do not spam events every second from hack listenerJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-03-08tun: freebsd: allow empty namesKay Diam
This change allows omitting the tun interface name setting. When the name is not set, the kernel automatically picks up the tun name and index. Signed-off-by: Kay Diam <kay.diam@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-03-08memmod: use resource functions from x/sysJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-03-08memmod: do not use IsBadReadPtrJason A. Donenfeld
It should be enough to check for the trailing zero name. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-03-06tun/netstack: bump deps and apiJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-02-23global: remove TODO name graffitiJason A. Donenfeld
Googlers have a habit of graffiting their name in TODO items that then are never addressed, and other people won't go near those because they're marked territory of another animal. I've been gradually cleaning these up as I see them, but this commit just goes all the way and removes the remaining stragglers. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-02-23device: test up/down using virtual connJason A. Donenfeld
This prevents port clashing bugs. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-02-22tun: make NativeTun.Close well behaved, not crash on double closeBrad Fitzpatrick
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-02-17global: stop using ioutilJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-02-10device: return error from Up() and Down()Jason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-02-09rwcancel: add an explicit close callJason A. Donenfeld
This lets us collect FDs even if the GC doesn't do it for us. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-02-09tun: use errors.Is for unwrappingJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-01-28global: bump copyrightJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-01-27tun: use %w for errors on linuxJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-01-21netstack: further sequester with own go.mod and go.sumJason A. Donenfeld
In order to avoid even the flirtation with passing on these dependencies to ordinary consumers of wireguard-go, this commit makes a new go.mod that's entirely separate from the root one. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-01-21netstack: introduce new module for gvisor tcp tun adapterJason A. Donenfeld
The Go linker isn't smart enough to prevent gvisor from being pulled into modules that use other parts of tun/, due to the types exposed. So, we put this into its own standalone module. We use this as an opportunity to introduce some example code as well. I'm still not happy that this not only clutters this repo's go.sum, but all the other projects that consume it, but it seems like making a new module inside of this repo will lead to even greater confusion. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-01-20tun: fix fmt.Errorf format stringsJosh Bleecher Snyder
Type tcpip.Error is not an error. I've filed https://github.com/google/gvisor/issues/5314 to fix this upstream. Until that is fixed, use %v instead of %w, to keep vet happy. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-01-20tun/wintun/memmod: gofmtJosh Bleecher Snyder
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-01-20tun/wintun/memmod: fix format verbJosh Bleecher Snyder
Caught by 'go vet'. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-01-13tun: add tcpip stack tunnel abstractionJason A. Donenfeld
This allows people to initiate connections over WireGuard without any underlying operating system support. I'm not crazy about the trash it adds to go.sum, but the code this actually adds to the binaries seems contained to the gvisor repo. For the TCP/IP implementation, it uses gvisor. And it borrows some internals from the Go standard library's resolver in order to bring Dial and DialContext to tun_net, along with the LookupHost helper function. This allows for things like HTTP2-over-TLS to work quite well: package main import ( "io" "log" "net" "net/http" "golang.zx2c4.com/wireguard/device" "golang.zx2c4.com/wireguard/tun" ) func main() { tun, tnet, err := tun.CreateNetTUN([]net.IP{net.ParseIP("192.168.4.29")}, []net.IP{net.ParseIP("8.8.8.8"), net.ParseIP("8.8.4.4")}, 1420) if err != nil { log.Panic(err) } dev := device.NewDevice(tun, &device.Logger{log.Default(), log.Default(), log.Default()}) dev.IpcSet(`private_key=a8dac1d8a70a751f0f699fb14ba1cff7b79cf4fbd8f09f44c6e6a90d0369604f public_key=25123c5dcd3328ff645e4f2a3fce0d754400d3887a0cb7c56f0267e20fbf3c5b endpoint=163.172.161.0:12912 allowed_ip=0.0.0.0/0 `) dev.Up() client := http.Client{ Transport: &http.Transport{ DialContext: tnet.DialContext, }, } resp, err := client.Get("https://www.zx2c4.com/ip") if err != nil { log.Panic(err) } body, err := io.ReadAll(resp.Body) if err != nil { log.Panic(err) } log.Println(string(body)) } Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-01-07memmod: apply explicit build tags to _32 and _64 filesJason A. Donenfeld
Since _32 and _64 aren't valid goarchs, they don't match _GOOS_GOARCH, and so the existing tags wind up not being restricted to windows-only. This fixes the problem by adding windows to the tags explicitly. We could also fix it by calling the files _32_windows or _64_windows, but that changes the convention with the other single-arch files. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-01-07tun: make customization of WintunPool and requested GUID more obviousJason A. Donenfeld
Persnickety consumers can now do: func init() { tun.WintunPool, _ = wintun.MakePool("Flurp") tun.WintunStaticRequestedGUID, _ = windows.GUIDFromString("{5ae2716f-0b3e-4dc4-a8b5-48eba11a6e16}") } Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-01-07all: use ++ to incrementJosh Bleecher Snyder
Make the code slightly more idiomatic. No functional changes. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-01-07wintun: do not load dll in init()Jason A. Donenfeld
This prevents linking to wintun.dll until it's actually needed, which should improve startup time. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-01-07tun/tuntest: make genICMPv4 allocate lessJosh Bleecher Snyder
It doesn't really matter, because it is only used in tests, but it does remove some noise from pprof profiles. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2020-11-27memmod: fix import loading function usageJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-25wintun: log when reboot is suggested by WindowsSimon Rozman
Which really shouldn't happen. But it is a useful information for troubleshooting. Signed-off-by: Simon Rozman <simon@rozman.si>
2020-11-25wintun: keep original error when Wintun session start failsSimon Rozman
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-11-11wintun: load from filesystem by defaultJason A. Donenfeld
We let people loading this from resources opt in via: go build -tags load_wintun_from_rsrc Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-07global: switch to using %w instead of %v for ErrorfJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-07wintun: ring management moved to wintun.dllSimon Rozman
Signed-off-by: Simon Rozman <simon@rozman.si> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>