99eb7896be
device: rework padding calculation and don't shadow paddedSize
...
Reported-by: Jayakumar S <jayakumar82.s@gmail.com >
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com >
2020-05-18 15:43:22 -06:00
db0aa39b76
global: update header comments and modules
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com >
2020-05-02 02:08:26 -06:00
28c4d04304
device: use atomic access for unlocked keypair.next
...
Go's GC semantics might not always guarantee the safety of this, and the
race detector gets upset too, so instead we wrap this all in atomic
accessors.
Reported-by: David Anderson <danderson@tailscale.com >
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com >
2020-05-02 01:56:48 -06:00
d60857e1a7
device: add debug logs describing handshake rejection
...
Useful in testing when bad network stacks repeat or
batch large numbers of packets.
Signed-off-by: Avery Pennarun <apenwarr@tailscale.com >
2020-05-02 01:50:47 -06:00
f2c6faad44
device: return generic error from Ipc{Get,Set}Operation.
...
This makes uapi.go's public API conform to Go style in terms
of error types.
Signed-off-by: David Anderson <danderson@tailscale.com >
2020-05-02 01:49:47 -06:00
de374bfb44
device: give handshake state a type
...
And unexport handshake constants.
Signed-off-by: David Crawshaw <crawshaw@tailscale.com >
2020-05-02 01:46:42 -06:00
1a1c3d0968
tuntest: split out testing package
...
This code is useful to other packages writing tests.
Signed-off-by: David Crawshaw <crawshaw@tailscale.com >
2020-05-02 01:46:42 -06:00
203554620d
conn: introduce new package that splits out the Bind and Endpoint types
...
The sticky socket code stays in the device package for now,
as it reaches deeply into the peer list.
This is the first step in an effort to split some code out of
the very busy device package.
Signed-off-by: David Crawshaw <crawshaw@tailscale.com >
2020-05-02 01:46:42 -06:00
3dce460c88
device: add test to ensure Peer fields are safe for atomic access on 32-bit
...
Adds a test that will fail consistently on 32-bit platforms if the
struct ever changes again to violate the rules. This is likely not
needed because unaligned access crashes reliably, but this will reliably
fail even if tests accidentally pass due to lucky alignment.
Signed-Off-By: David Anderson <danderson@tailscale.com >
2020-05-02 01:44:58 -06:00
ae88e2a2cd
version: bump snapshot
2020-03-20 12:00:53 -06:00
4739708ca4
noise: unify zero checking of ecdh
2020-03-17 23:07:14 -06:00
b33219c2cf
global: use RTMGRP_* consts from x/sys/unix
...
Update the golang.org/x/sys/unix dependency and use the newly introduced
RTMGRP_* consts instead of using the corresponding RTNLGRP_* const to
create a mask.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch >
2020-03-17 23:07:11 -06:00
9cbcff10dd
send: account for zero mtu
...
Don't divide by zero.
2020-02-14 18:53:55 +01:00
6ed56ff2df
device: fix private key removal logic
2020-02-04 22:02:53 +01:00
cb4bb63030
uapi: allow unsetting device private key with /dev/null
2020-02-04 22:02:53 +01:00
05b03c6750
version: bump snapshot
2020-01-21 16:27:19 +01:00
89dd065e53
README: update repo urls
2019-12-30 11:53:39 +01:00
ddfad453cf
device: SendmsgN mutates the input sockaddr
...
So we take a new granular lock to prevent concurrent writes from
racing.
WARNING: DATA RACE
Write at 0x00c0011f2740 by goroutine 27:
golang.org/x/sys/unix.(*SockaddrInet4).sockaddr()
/go/pkg/mod/golang.org/x/sys@v0.0.0-20191105231009-c1f44814a5cd/unix/syscall_linux.go:384
+0x114
golang.org/x/sys/unix.SendmsgN()
/go/pkg/mod/golang.org/x/sys@v0.0.0-20191105231009-c1f44814a5cd/unix/syscall_linux.go:1304
+0x288
golang.zx2c4.com/wireguard/device.send4()
/go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/conn_linux.go:485
+0x11f
golang.zx2c4.com/wireguard/device.(*nativeBind).Send()
/go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/conn_linux.go:268
+0x1d6
golang.zx2c4.com/wireguard/device.(*Peer).SendBuffer()
/go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/peer.go:151
+0x285
golang.zx2c4.com/wireguard/device.(*Peer).SendHandshakeInitiation()
/go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/send.go:163
+0x692
golang.zx2c4.com/wireguard/device.(*Device).RoutineReadFromTUN()
/go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/send.go:318
+0x4b8
Previous write at 0x00c0011f2740 by goroutine 386:
golang.org/x/sys/unix.(*SockaddrInet4).sockaddr()
/go/pkg/mod/golang.org/x/sys@v0.0.0-20191105231009-c1f44814a5cd/unix/syscall_linux.go:384
+0x114
golang.org/x/sys/unix.SendmsgN()
/go/pkg/mod/golang.org/x/sys@v0.0.0-20191105231009-c1f44814a5cd/unix/syscall_linux.go:1304
+0x288
golang.zx2c4.com/wireguard/device.send4()
/go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/conn_linux.go:485
+0x11f
golang.zx2c4.com/wireguard/device.(*nativeBind).Send()
/go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/conn_linux.go:268
+0x1d6
golang.zx2c4.com/wireguard/device.(*Peer).SendBuffer()
/go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/peer.go:151
+0x285
golang.zx2c4.com/wireguard/device.(*Peer).SendHandshakeInitiation()
/go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/send.go:163
+0x692
golang.zx2c4.com/wireguard/device.expiredRetransmitHandshake()
/go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/timers.go:110
+0x40c
golang.zx2c4.com/wireguard/device.(*Peer).NewTimer.func1()
/go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/timers.go:42
+0xd8
Goroutine 27 (running) created at:
golang.zx2c4.com/wireguard/device.NewDevice()
/go/pkg/mod/golang.zx2c4.com/wireguard@v0.0.20191012/device/device.go:322
+0x5e8
main.main()
/go/src/x/main.go:102 +0x58e
Goroutine 386 (finished) created at:
time.goFunc()
/usr/local/go/src/time/sleep.go:168 +0x51
Reported-by: Ben Burkert <ben@benburkert.com >
2019-11-28 11:11:13 +01:00
4cdf805b29
constants: recalculate rekey max based on a one minute flood
...
Discussed-with: Mathias Hall-Andersen <mathias@hall-andersen.dk >
2019-10-30 14:29:32 +01:00
f7d0edd2ec
global: fix a few typos courtesy of codespell
...
Signed-off-by: Jonathan Tooker <jonathan.tooker@netprotect.com >
2019-10-22 11:51:25 +02:00
ffffbbcc8a
device: allow blackholing sockets
2019-10-21 13:29:57 +02:00
47b02c618b
device: remove dead error reporting code
2019-10-21 11:46:54 +02:00
ae492d1b35
device: recheck counters while holding write lock
2019-10-17 15:43:06 +02:00
540d01e54a
device: test packets between two fake devices
...
Signed-off-by: David Crawshaw <crawshaw@tailscale.io >
2019-10-16 11:38:28 +02:00
f2ea85e9f9
version: bump snapshot
2019-10-12 22:34:10 +02:00
f2501aa6c8
uapi: allow preventing creation of new peers when updating
...
This enables race-free updates for wg-dynamic and similar tools.
Suggested-by: Thomas Gschwantner <tharre3@gmail.com >
2019-10-04 11:41:02 +02:00
7c97fdb1e3
version: bump snapshot
2019-09-08 10:56:55 -05:00
f8198c0428
device: getsockname on linux to determine port
...
It turns out Go isn't passing the pointer properly so we wound up with a
zero port every time.
2019-08-25 12:45:13 -06:00
b16dba47a7
version: bump snapshot
2019-08-05 19:29:12 +02:00
4be9630ddc
device: drop lock before expiring keys
2019-08-05 17:46:34 +02:00
4e3018a967
uapi: skip peers with invalid keys
2019-08-05 16:57:41 +02:00
7bc0e11831
device: do not crash on nil'd bind in windows binding
2019-07-18 19:34:45 +02:00
a961aacc9f
device: immediately rekey all peers after changing device private key
...
Reported-by: Derrick Pallas <derrick@pallas.us >
2019-07-11 17:37:35 +02:00
f361e59001
device: receive: uniform message for source address check
2019-07-01 15:24:50 +02:00
dd8817f50e
device: receive: simplify flush loop
2019-07-01 15:23:24 +02:00
1f48971a80
tun: remove TUN prefix from types to reduce stutter elsewhere
...
Signed-off-by: Matt Layher <mdlayher@gmail.com >
2019-06-14 18:35:57 +02:00
3371f8dac6
device: update transfer counters correctly
...
The rule is to always update them to the full packet size minus UDP/IP
encapsulation for all authenticated packet types.
2019-06-11 18:13:52 +02:00
43a4589043
device: remove redundant return statements
...
More staticcheck fixes:
$ staticcheck ./... | grep S1023
device/noise-helpers.go:45:2: redundant return statement (S1023)
device/noise-helpers.go:54:2: redundant return statement (S1023)
device/noise-helpers.go:64:2: redundant return statement (S1023)
Signed-off-by: Matt Layher <mdlayher@gmail.com >
2019-06-04 13:01:52 +02:00
8d76ac8cc4
device: use bytes.Equal for equality check, simplify assertEqual
...
Signed-off-by: Matt Layher <mdlayher@gmail.com >
2019-06-04 13:01:52 +02:00
18b6627f33
device, ratelimiter: replace uses of time.Now().Sub() with time.Since()
...
Simplification found by staticcheck:
$ staticcheck ./... | grep S1012
device/cookie.go:90:5: should use time.Since instead of time.Now().Sub (S1012)
device/cookie.go:127:5: should use time.Since instead of time.Now().Sub (S1012)
device/cookie.go:242:5: should use time.Since instead of time.Now().Sub (S1012)
device/noise-protocol.go:304:13: should use time.Since instead of time.Now().Sub (S1012)
device/receive.go:82:46: should use time.Since instead of time.Now().Sub (S1012)
device/send.go:132:5: should use time.Since instead of time.Now().Sub (S1012)
device/send.go:139:5: should use time.Since instead of time.Now().Sub (S1012)
device/send.go:235:59: should use time.Since instead of time.Now().Sub (S1012)
device/send.go:393:9: should use time.Since instead of time.Now().Sub (S1012)
ratelimiter/ratelimiter.go:79:10: should use time.Since instead of time.Now().Sub (S1012)
ratelimiter/ratelimiter.go:87:10: should use time.Since instead of time.Now().Sub (S1012)
Change applied using:
$ find . -type f -name "*.go" -exec sed -i "s/Now().Sub(/Since(/g" {} \;
Signed-off-by: Matt Layher <mdlayher@gmail.com >
2019-06-03 22:15:41 +02:00
d9f995209c
device: add SendKeepalivesToPeersWithCurrentKeypair for handover
2019-05-30 15:16:16 +02:00
32912dc778
device, tun: rearrange code and fix device tests
...
Signed-off-by: Matt Layher <mdlayher@gmail.com >
2019-05-29 18:34:55 +02:00
fbcd995ec1
device: darwin actually doesn't need bound interfaces
2019-05-25 18:10:52 +02:00
e7e286ba6c
device: make initiations per second match kernel implementation
2019-05-25 02:07:18 +02:00
f70546bc2e
device: timers: add jitter on ack failure reinitiation
2019-05-24 13:48:25 +02:00
c718f3940d
device: fail to give bind if it doesn't exist
2019-05-17 15:35:20 +02:00
583ebe99f1
version: bump snapshot
2019-05-17 10:28:04 +02:00
3bf41b06ae
global: regroup all imports
2019-05-14 09:09:52 +02:00
586112b5d7
conn: remove scope when sanity checking IP address format
2019-05-09 15:42:35 +02:00
d3dd991e4e
device: send: check packet length before freeing element
2019-04-18 23:23:03 +09:00
