Riobard Zhan
2c143dce0f
replay: minor API changes to more idiomatic Go
...
Signed-off-by: Riobard Zhan <me@riobard.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-10-14 10:46:00 +02:00
Jason A. Donenfeld
c8fe925020
device: remove global for roaming escape hatch
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-10-14 10:45:31 +02:00
Sina Siadat
bc3f505efa
device: get free port when testing
...
Signed-off-by: Sina Siadat <siadat@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-07-31 16:18:53 +02:00
David Crawshaw
507f148e1c
device: remove bindsocketshim.go
...
Both wireguard-windows and wireguard-android access Bind
directly for these methods now.
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-07-14 23:18:53 -06:00
Brad Fitzpatrick
31b574ef99
device: remove some unnecessary unsafe
...
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-07-15 06:59:44 +10:00
Tobias Klauser
3c41141fb4
device: use RTMGRP_IPV4_ROUTE to specify multicast groups mask
...
Use the RTMGRP_IPV4_ROUTE const from x/sys/unix instead of using the
corresponding RTNLGRP_IPV4_ROUTE const to create the multicast groups
mask.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-07-13 17:58:10 -06:00
Dmytro Shynkevych
4369db522b
device: wait for routines to stop before removing peers
...
Peers are currently removed after Device's goroutines are signaled to stop,
but without waiting for them to actually do so, which is racy.
For example, RoutineHandshake may be in Peer.SendKeepalive
when the corresponding peer is removed, which closes its nonce channel.
This causes a send on a closed channel, as observed in tailscale/tailscale#487 .
This patch seems to be the correct synchronizing action:
Peer's goroutines are receivers and handle channel closure gracefully,
so Device's goroutines are the ones that should be fully stopped first.
Signed-Off-By: Dmytro Shynkevych <dmytro@tailscale.com>
2020-07-04 20:29:31 +10:00
David Crawshaw
b84f1d4db2
device: export Bind and remove socketfd shims for android
...
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-06-22 10:42:28 +10:00
Jason A. Donenfeld
f28a6d244b
device: do not include sticky sockets on android
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-06-07 01:50:20 -06:00
Jason A. Donenfeld
c403da6a39
conn: unbreak boundif on android
...
Another thing never tested ever.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-06-07 01:48:28 -06:00
Jason A. Donenfeld
59e556f24e
conn: fix windows situation with boundif
...
This was evidently never tested before committing.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-06-07 01:26:25 -06:00
Jason A. Donenfeld
31faf4c159
replay: account for fqcodel reordering
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-19 17:46:35 -06:00
Jason A. Donenfeld
99eb7896be
device: rework padding calculation and don't shadow paddedSize
...
Reported-by: Jayakumar S <jayakumar82.s@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-18 15:43:22 -06:00
Jason A. Donenfeld
db0aa39b76
global: update header comments and modules
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-02 02:08:26 -06:00
Jason A. Donenfeld
28c4d04304
device: use atomic access for unlocked keypair.next
...
Go's GC semantics might not always guarantee the safety of this, and the
race detector gets upset too, so instead we wrap this all in atomic
accessors.
Reported-by: David Anderson <danderson@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-02 01:56:48 -06:00
Avery Pennarun
d60857e1a7
device: add debug logs describing handshake rejection
...
Useful in testing when bad network stacks repeat or
batch large numbers of packets.
Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2020-05-02 01:50:47 -06:00
David Anderson
f2c6faad44
device: return generic error from Ipc{Get,Set}Operation.
...
This makes uapi.go's public API conform to Go style in terms
of error types.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-02 01:49:47 -06:00
David Crawshaw
de374bfb44
device: give handshake state a type
...
And unexport handshake constants.
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-05-02 01:46:42 -06:00
David Crawshaw
1a1c3d0968
tuntest: split out testing package
...
This code is useful to other packages writing tests.
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-05-02 01:46:42 -06:00
David Crawshaw
203554620d
conn: introduce new package that splits out the Bind and Endpoint types
...
The sticky socket code stays in the device package for now,
as it reaches deeply into the peer list.
This is the first step in an effort to split some code out of
the very busy device package.
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-05-02 01:46:42 -06:00
David Anderson
3dce460c88
device: add test to ensure Peer fields are safe for atomic access on 32-bit
...
Adds a test that will fail consistently on 32-bit platforms if the
struct ever changes again to violate the rules. This is likely not
needed because unaligned access crashes reliably, but this will reliably
fail even if tests accidentally pass due to lucky alignment.
Signed-Off-By: David Anderson <danderson@tailscale.com>
2020-05-02 01:44:58 -06:00
Jason A. Donenfeld
ae88e2a2cd
version: bump snapshot
2020-03-20 12:00:53 -06:00
Jason A. Donenfeld
4739708ca4
noise: unify zero checking of ecdh
2020-03-17 23:07:14 -06:00
Tobias Klauser
b33219c2cf
global: use RTMGRP_* consts from x/sys/unix
...
Update the golang.org/x/sys/unix dependency and use the newly introduced
RTMGRP_* consts instead of using the corresponding RTNLGRP_* const to
create a mask.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2020-03-17 23:07:11 -06:00
Jason A. Donenfeld
9cbcff10dd
send: account for zero mtu
...
Don't divide by zero.
2020-02-14 18:53:55 +01:00
Jason A. Donenfeld
6ed56ff2df
device: fix private key removal logic
2020-02-04 22:02:53 +01:00
Jason A. Donenfeld
cb4bb63030
uapi: allow unsetting device private key with /dev/null
2020-02-04 22:02:53 +01:00
Jason A. Donenfeld
05b03c6750
version: bump snapshot
2020-01-21 16:27:19 +01:00
Jason A. Donenfeld
89dd065e53
README: update repo urls
2019-12-30 11:53:39 +01:00
Jason A. Donenfeld
ddfad453cf
device: SendmsgN mutates the input sockaddr
...
So we take a new granular lock to prevent concurrent writes from
racing.
WARNING: DATA RACE
Write at 0x00c0011f2740 by goroutine 27:
golang.org/x/sys/unix.(*SockaddrInet4).sockaddr()
/go/pkg/mod/golang.org/x/sys@v0.0.0-20191105231009-c1f44814a5cd/unix/syscall_linux.go:384
+0x114
golang.org/x/sys/unix.SendmsgN()
/go/pkg/mod/golang.org/x/sys@v0.0.0-20191105231009-c1f44814a5cd/unix/syscall_linux.go:1304
+0x288
golang.zx2c4.com/wireguard/device.send4()
/go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/conn_linux.go:485
+0x11f
golang.zx2c4.com/wireguard/device.(*nativeBind).Send()
/go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/conn_linux.go:268
+0x1d6
golang.zx2c4.com/wireguard/device.(*Peer).SendBuffer()
/go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/peer.go:151
+0x285
golang.zx2c4.com/wireguard/device.(*Peer).SendHandshakeInitiation()
/go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/send.go:163
+0x692
golang.zx2c4.com/wireguard/device.(*Device).RoutineReadFromTUN()
/go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/send.go:318
+0x4b8
Previous write at 0x00c0011f2740 by goroutine 386:
golang.org/x/sys/unix.(*SockaddrInet4).sockaddr()
/go/pkg/mod/golang.org/x/sys@v0.0.0-20191105231009-c1f44814a5cd/unix/syscall_linux.go:384
+0x114
golang.org/x/sys/unix.SendmsgN()
/go/pkg/mod/golang.org/x/sys@v0.0.0-20191105231009-c1f44814a5cd/unix/syscall_linux.go:1304
+0x288
golang.zx2c4.com/wireguard/device.send4()
/go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/conn_linux.go:485
+0x11f
golang.zx2c4.com/wireguard/device.(*nativeBind).Send()
/go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/conn_linux.go:268
+0x1d6
golang.zx2c4.com/wireguard/device.(*Peer).SendBuffer()
/go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/peer.go:151
+0x285
golang.zx2c4.com/wireguard/device.(*Peer).SendHandshakeInitiation()
/go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/send.go:163
+0x692
golang.zx2c4.com/wireguard/device.expiredRetransmitHandshake()
/go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/timers.go:110
+0x40c
golang.zx2c4.com/wireguard/device.(*Peer).NewTimer.func1()
/go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/timers.go:42
+0xd8
Goroutine 27 (running) created at:
golang.zx2c4.com/wireguard/device.NewDevice()
/go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/device.go:322
+0x5e8
main.main()
/go/src/x/main.go:102 +0x58e
Goroutine 386 (finished) created at:
time.goFunc()
/usr/local/go/src/time/sleep.go:168 +0x51
Reported-by: Ben Burkert <ben@benburkert.com>
2019-11-28 11:11:13 +01:00
Jason A. Donenfeld
4cdf805b29
constants: recalculate rekey max based on a one minute flood
...
Discussed-with: Mathias Hall-Andersen <mathias@hall-andersen.dk>
2019-10-30 14:29:32 +01:00
Jonathan Tooker
f7d0edd2ec
global: fix a few typos courtesy of codespell
...
Signed-off-by: Jonathan Tooker <jonathan.tooker@netprotect.com>
2019-10-22 11:51:25 +02:00
Jason A. Donenfeld
ffffbbcc8a
device: allow blackholing sockets
2019-10-21 13:29:57 +02:00
Jason A. Donenfeld
47b02c618b
device: remove dead error reporting code
2019-10-21 11:46:54 +02:00
Jason A. Donenfeld
ae492d1b35
device: recheck counters while holding write lock
2019-10-17 15:43:06 +02:00
David Crawshaw
540d01e54a
device: test packets between two fake devices
...
Signed-off-by: David Crawshaw <crawshaw@tailscale.io>
2019-10-16 11:38:28 +02:00
Jason A. Donenfeld
f2ea85e9f9
version: bump snapshot
2019-10-12 22:34:10 +02:00
Jason A. Donenfeld
f2501aa6c8
uapi: allow preventing creation of new peers when updating
...
This enables race-free updates for wg-dynamic and similar tools.
Suggested-by: Thomas Gschwantner <tharre3@gmail.com>
2019-10-04 11:41:02 +02:00
Jason A. Donenfeld
7c97fdb1e3
version: bump snapshot
2019-09-08 10:56:55 -05:00
Jason A. Donenfeld
f8198c0428
device: getsockname on linux to determine port
...
It turns out Go isn't passing the pointer properly so we wound up with a
zero port every time.
2019-08-25 12:45:13 -06:00
Jason A. Donenfeld
b16dba47a7
version: bump snapshot
2019-08-05 19:29:12 +02:00
Jason A. Donenfeld
4be9630ddc
device: drop lock before expiring keys
2019-08-05 17:46:34 +02:00
Jason A. Donenfeld
4e3018a967
uapi: skip peers with invalid keys
2019-08-05 16:57:41 +02:00
Jason A. Donenfeld
7bc0e11831
device: do not crash on nil'd bind in windows binding
2019-07-18 19:34:45 +02:00
Jason A. Donenfeld
a961aacc9f
device: immediately rekey all peers after changing device private key
...
Reported-by: Derrick Pallas <derrick@pallas.us>
2019-07-11 17:37:35 +02:00
Jason A. Donenfeld
f361e59001
device: receive: uniform message for source address check
2019-07-01 15:24:50 +02:00
Jason A. Donenfeld
dd8817f50e
device: receive: simplify flush loop
2019-07-01 15:23:24 +02:00
Matt Layher
1f48971a80
tun: remove TUN prefix from types to reduce stutter elsewhere
...
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2019-06-14 18:35:57 +02:00
Jason A. Donenfeld
3371f8dac6
device: update transfer counters correctly
...
The rule is to always update them to the full packet size minus UDP/IP
encapsulation for all authenticated packet types.
2019-06-11 18:13:52 +02:00
Matt Layher
43a4589043
device: remove redundant return statements
...
More staticcheck fixes:
$ staticcheck ./... | grep S1023
device/noise-helpers.go:45:2: redundant return statement (S1023)
device/noise-helpers.go:54:2: redundant return statement (S1023)
device/noise-helpers.go:64:2: redundant return statement (S1023)
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2019-06-04 13:01:52 +02:00
Matt Layher
8d76ac8cc4
device: use bytes.Equal for equality check, simplify assertEqual
...
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2019-06-04 13:01:52 +02:00
Matt Layher
18b6627f33
device, ratelimiter: replace uses of time.Now().Sub() with time.Since()
...
Simplification found by staticcheck:
$ staticcheck ./... | grep S1012
device/cookie.go:90:5: should use time.Since instead of time.Now().Sub (S1012)
device/cookie.go:127:5: should use time.Since instead of time.Now().Sub (S1012)
device/cookie.go:242:5: should use time.Since instead of time.Now().Sub (S1012)
device/noise-protocol.go:304:13: should use time.Since instead of time.Now().Sub (S1012)
device/receive.go:82:46: should use time.Since instead of time.Now().Sub (S1012)
device/send.go:132:5: should use time.Since instead of time.Now().Sub (S1012)
device/send.go:139:5: should use time.Since instead of time.Now().Sub (S1012)
device/send.go:235:59: should use time.Since instead of time.Now().Sub (S1012)
device/send.go:393:9: should use time.Since instead of time.Now().Sub (S1012)
ratelimiter/ratelimiter.go:79:10: should use time.Since instead of time.Now().Sub (S1012)
ratelimiter/ratelimiter.go:87:10: should use time.Since instead of time.Now().Sub (S1012)
Change applied using:
$ find . -type f -name "*.go" -exec sed -i "s/Now().Sub(/Since(/g" {} \;
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2019-06-03 22:15:41 +02:00
Jason A. Donenfeld
d9f995209c
device: add SendKeepalivesToPeersWithCurrentKeypair for handover
2019-05-30 15:16:16 +02:00
Matt Layher
32912dc778
device, tun: rearrange code and fix device tests
...
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2019-05-29 18:34:55 +02:00
Jason A. Donenfeld
fbcd995ec1
device: darwin actually doesn't need bound interfaces
2019-05-25 18:10:52 +02:00
Jason A. Donenfeld
e7e286ba6c
device: make initiations per second match kernel implementation
2019-05-25 02:07:18 +02:00
Jason A. Donenfeld
f70546bc2e
device: timers: add jitter on ack failure reinitiation
2019-05-24 13:48:25 +02:00
Jason A. Donenfeld
c718f3940d
device: fail to give bind if it doesn't exist
2019-05-17 15:35:20 +02:00
Jason A. Donenfeld
583ebe99f1
version: bump snapshot
2019-05-17 10:28:04 +02:00
Jason A. Donenfeld
3bf41b06ae
global: regroup all imports
2019-05-14 09:09:52 +02:00
Jason A. Donenfeld
586112b5d7
conn: remove scope when sanity checking IP address format
2019-05-09 15:42:35 +02:00
Jason A. Donenfeld
d3dd991e4e
device: send: check packet length before freeing element
2019-04-18 23:23:03 +09:00
Jason A. Donenfeld
0b77bf78cd
conn: linux: RTA_MARK has moved to x/sys
2019-04-13 02:01:20 +02:00
Jason A. Donenfeld
18fa270472
version: put version in right place
2019-04-09 10:39:48 +02:00
Jason A. Donenfeld
6440f010ee
receive: implement flush semantics
2019-03-21 14:45:41 -06:00
Jason A. Donenfeld
c050c6e60f
uapi: remove unhelpful log messages
2019-03-20 23:40:20 -06:00
Jason A. Donenfeld
2c51d6af48
uapi: report endpoint error
2019-03-19 00:34:04 -06:00
Jason A. Donenfeld
3dd9a0535f
uapi: make ipcerror conform to interface
2019-03-10 02:49:44 +01:00
Jason A. Donenfeld
26af6c4651
receive: squelch tear down error
2019-03-07 02:03:48 +01:00
Jason A. Donenfeld
68f0721c6a
tun: import mobile particularities
2019-03-04 16:37:11 +01:00
Jason A. Donenfeld
b8e85267cf
boundif: introduce API for socket binding
2019-03-04 16:37:11 +01:00
Jason A. Donenfeld
69f0fe67b6
global: begin modularization
2019-03-03 05:00:40 +01:00