]> git.ipfire.org Git - thirdparty/wireguard-go.git/log
thirdparty/wireguard-go.git
2 years agoconn: fix StdNetEndpoint data race by dynamically allocating endpoints
Jordan Whited [Thu, 23 Mar 2023 23:57:21 +0000 (16:57 -0700)] 
conn: fix StdNetEndpoint data race by dynamically allocating endpoints

In 9e2f386 ("conn, device, tun: implement vectorized I/O on Linux"), the
Linux-specific Bind implementation was collapsed into StdNetBind. This
introduced a race on StdNetEndpoint from getSrcFromControl() and
setSrcControl().

Remove the sync.Pool involved in the race, and simplify StdNetBind's
receive path to allocate StdNetEndpoint on the heap instead, with the
intent for it to be cleaned up by the GC, later. This essentially
reverts ef5c587 ("conn: remove the final alloc per packet receive"),
adding back that allocation, unfortunately.

This does slightly increase resident memory usage in higher throughput
scenarios. StdNetBind is the only Bind implementation that was using
this Endpoint recycling technique prior to this commit.

This is considered a stop-gap solution, and there are plans to replace
the allocation with a better mechanism.

Reported-by: lsc <lsc@lv6.tw>
Link: https://lore.kernel.org/wireguard/ac87f86f-6837-4e0e-ec34-1df35f52540e@lv6.tw/
Fixes: 9e2f386 ("conn, device, tun: implement vectorized I/O on Linux")
Cc: Josh Bleecher Snyder <josharian@gmail.com>
Reviewed-by: James Tucker <james@tailscale.com>
Signed-off-by: Jordan Whited <jordan@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2 years agoconn: disable sticky sockets on Android
Jason A. Donenfeld [Thu, 23 Mar 2023 17:38:34 +0000 (18:38 +0100)] 
conn: disable sticky sockets on Android

We can't have the netlink listener socket, so it's not possible to
support it. Plus, android networking stack complexity makes it a bit
tricky anyway, so best to leave it disabled.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2 years agoglobal: remove old style build tags
Jason A. Donenfeld [Thu, 23 Mar 2023 17:33:31 +0000 (18:33 +0100)] 
global: remove old style build tags

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2 years agotun: replace ErrorBatch() with errors.Join()
Jordan Whited [Thu, 16 Mar 2023 20:27:51 +0000 (13:27 -0700)] 
tun: replace ErrorBatch() with errors.Join()

Reviewed-by: Maisem Ali <maisem@tailscale.com>
Signed-off-by: Jordan Whited <jordan@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2 years agogo.mod: bump to Go 1.20
Jordan Whited [Thu, 16 Mar 2023 22:40:04 +0000 (15:40 -0700)] 
go.mod: bump to Go 1.20

Reviewed-by: Maisem Ali <maisem@tailscale.com>
Signed-off-by: Jordan Whited <jordan@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2 years agoconn: fix getSrcFromControl() iteration
Jordan Whited [Wed, 15 Mar 2023 03:28:07 +0000 (20:28 -0700)] 
conn: fix getSrcFromControl() iteration

We only expect a single control message in the normal case, but this
would loop infinitely if there were more.

Reviewed-by: Adrian Dewhurst <adrian@tailscale.com>
Signed-off-by: Jordan Whited <jordan@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2 years agoconn: use CmsgSpace() for ancillary data buf sizing
Jordan Whited [Wed, 15 Mar 2023 03:02:24 +0000 (20:02 -0700)] 
conn: use CmsgSpace() for ancillary data buf sizing

CmsgLen() does not account for data alignment.

Reviewed-by: Adrian Dewhurst <adrian@tailscale.com>
Signed-off-by: Jordan Whited <jordan@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2 years agoglobal: buff -> buf
Jason A. Donenfeld [Mon, 13 Mar 2023 16:55:05 +0000 (17:55 +0100)] 
global: buff -> buf

This always struck me as kind of weird and non-standard.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2 years agoconn: use right cmsghdr len types on 32-bit in sticky test
Jason A. Donenfeld [Fri, 10 Mar 2023 15:18:01 +0000 (16:18 +0100)] 
conn: use right cmsghdr len types on 32-bit in sticky test

Cmsghdr uses uint32 and uint64 on 32-bit and 64-bit respectively for the
Len member, which makes assignments and comparisons slightly more
irksome than usual.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2 years agoconn: make StdNetBind.BatchSize() return 1 for non-Linux
Jordan Whited [Thu, 9 Mar 2023 21:02:17 +0000 (13:02 -0800)] 
conn: make StdNetBind.BatchSize() return 1 for non-Linux

This commit updates StdNetBind.BatchSize() to return 1 instead of
IdealBatchSize for non-Linux platforms. Non-Linux platforms do not
yet benefit from values > 1, which only serves to increase memory
consumption.

Reviewed-by: James Tucker <james@tailscale.com>
Signed-off-by: Jordan Whited <jordan@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2 years agotun/netstack: enable TCP Selective Acknowledgements
Jordan Whited [Thu, 9 Mar 2023 19:06:01 +0000 (11:06 -0800)] 
tun/netstack: enable TCP Selective Acknowledgements

Enable TCP SACK for the gVisor Stack used in tun/netstack. This can
improve throughput by an order of magnitude in the presence of packet
loss.

Reviewed-by: James Tucker <james@tailscale.com>
Signed-off-by: Jordan Whited <jordan@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2 years agoconn: ensure control message size is respected in StdNetBind
Jordan Whited [Thu, 9 Mar 2023 18:46:12 +0000 (10:46 -0800)] 
conn: ensure control message size is respected in StdNetBind

This commit re-slices received control messages in StdNetBind to the
value the OS reports on a successful read. Previously, the len of this
slice would always be srcControlSize, which could result in control
message values leaking through a sync.Pool round trip. This is
unlikely with the IP_PKTINFO socket option set successfully, but
should be guarded against.

Reviewed-by: James Tucker <james@tailscale.com>
Signed-off-by: Jordan Whited <jordan@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2 years agoconn: fix StdNetBind fallback on Windows
Jordan Whited [Mon, 6 Mar 2023 23:58:32 +0000 (15:58 -0800)] 
conn: fix StdNetBind fallback on Windows

If RIO is unavailable, NewWinRingBind() falls back to StdNetBind.
StdNetBind uses x/net/ipv{4,6}.PacketConn for sending and receiving
datagrams, specifically via the {Read,Write}Batch methods.
These methods are unimplemented on Windows and will return runtime
errors as a result. Additionally, only Linux benefits from these
x/net types for reading and writing, so we update StdNetBind to fall
back to the standard library net package for all platforms other than
Linux.

Reviewed-by: James Tucker <james@tailscale.com>
Signed-off-by: Jordan Whited <jordan@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2 years agoconn: inch BatchSize toward being non-dynamic
Jason A. Donenfeld [Sat, 4 Mar 2023 14:25:46 +0000 (15:25 +0100)] 
conn: inch BatchSize toward being non-dynamic

There's not really a use at the moment for making this configurable, and
once bind_windows.go behaves like bind_std.go, we'll be able to use
constants everywhere. So begin that simplification now.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2 years agoconn: set SO_{SND,RCV}BUF to 7MB on the Bind UDP socket
Jordan Whited [Thu, 2 Mar 2023 23:25:19 +0000 (15:25 -0800)] 
conn: set SO_{SND,RCV}BUF to 7MB on the Bind UDP socket

The conn.Bind UDP sockets' send and receive buffers are now being sized
to 7MB, whereas they were previously inheriting the system defaults.
The system defaults are considerably small and can result in dropped
packets on high speed links. By increasing the size of these buffers we
are able to achieve higher throughput in the aforementioned case.

The iperf3 results below demonstrate the effect of this commit between
two Linux computers with 32-core Xeon Platinum CPUs @ 2.9Ghz. There is
roughly ~125us of round trip latency between them.

The first result is from commit 792b49c which uses the system defaults,
e.g. net.core.{r,w}mem_max = 212992. The TCP retransmits are correlated
with buffer full drops on both sides.

Starting Test: protocol: TCP, 1 streams, 131072 byte blocks
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-10.00  sec  4.74 GBytes  4.08 Gbits/sec  2742   285 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
Test Complete. Summary Results:
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec  4.74 GBytes  4.08 Gbits/sec  2742   sender
[  5]   0.00-10.04  sec  4.74 GBytes  4.06 Gbits/sec         receiver

The second result is after increasing SO_{SND,RCV}BUF to 7MB, i.e.
applying this commit.

Starting Test: protocol: TCP, 1 streams, 131072 byte blocks
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-10.00  sec  6.14 GBytes  5.27 Gbits/sec    0   3.15 MBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
Test Complete. Summary Results:
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec  6.14 GBytes  5.27 Gbits/sec    0    sender
[  5]   0.00-10.04  sec  6.14 GBytes  5.25 Gbits/sec         receiver

The specific value of 7MB is chosen as it is the max supported by a
default configuration of macOS. A value greater than 7MB may further
benefit throughput for environments with higher network latency and
lower CPU clocks, but will also increase latency under load
(bufferbloat). Some platforms will silently clamp the value to other
maximums. On Linux, we use SO_{SND,RCV}BUFFORCE in case 7MB is beyond
net.core.{r,w}mem_max.

Co-authored-by: James Tucker <james@tailscale.com>
Signed-off-by: James Tucker <james@tailscale.com>
Signed-off-by: Jordan Whited <jordan@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2 years agogo.mod: bump deps
Jason A. Donenfeld [Fri, 3 Mar 2023 13:58:10 +0000 (14:58 +0100)] 
go.mod: bump deps

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2 years agoconn, device, tun: implement vectorized I/O on Linux
Jordan Whited [Thu, 2 Mar 2023 23:08:28 +0000 (15:08 -0800)] 
conn, device, tun: implement vectorized I/O on Linux

Implement TCP offloading via TSO and GRO for the Linux tun.Device, which
is made possible by virtio extensions in the kernel's TUN driver.

Delete conn.LinuxSocketEndpoint in favor of a collapsed conn.StdNetBind.
conn.StdNetBind makes use of recvmmsg() and sendmmsg() on Linux. All
platforms now fall under conn.StdNetBind, except for Windows, which
remains in conn.WinRingBind, which still needs to be adjusted to handle
multiple packets.

Also refactor sticky sockets support to eventually be applicable on
platforms other than just Linux. However Linux remains the sole platform
that fully implements it for now.

Co-authored-by: James Tucker <james@tailscale.com>
Signed-off-by: James Tucker <james@tailscale.com>
Signed-off-by: Jordan Whited <jordan@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2 years agoconn, device, tun: implement vectorized I/O plumbing
Jordan Whited [Thu, 2 Mar 2023 22:48:02 +0000 (14:48 -0800)] 
conn, device, tun: implement vectorized I/O plumbing

Accept packet vectors for reading and writing in the tun.Device and
conn.Bind interfaces, so that the internal plumbing between these
interfaces now passes a vector of packets. Vectors move untouched
between these interfaces, i.e. if 128 packets are received from
conn.Bind.Read(), 128 packets are passed to tun.Device.Write(). There is
no internal buffering.

Currently, existing implementations are only adjusted to have vectors
of length one. Subsequent patches will improve that.

Also, as a related fixup, use the unix and windows packages rather than
the syscall package when possible.

Co-authored-by: James Tucker <james@tailscale.com>
Signed-off-by: James Tucker <james@tailscale.com>
Signed-off-by: Jordan Whited <jordan@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2 years agoversion: bump snapshot 0.0.20230223
Jason A. Donenfeld [Thu, 23 Feb 2023 18:12:33 +0000 (19:12 +0100)] 
version: bump snapshot

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2 years agodevice: uniformly check ECDH output for zeros
Jason A. Donenfeld [Thu, 16 Feb 2023 14:51:30 +0000 (15:51 +0100)] 
device: uniformly check ECDH output for zeros

For some reason, this was omitted for response messages.

Reported-by: z <dzm@unexpl0.red>
Fixes: 8c34c4c ("First set of code review patches")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2 years agotun: guard Device.Events() against chan writes
Jordan Whited [Wed, 8 Feb 2023 18:42:07 +0000 (10:42 -0800)] 
tun: guard Device.Events() against chan writes

Signed-off-by: Jordan Whited <jordan@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2 years agoglobal: bump copyright year
Jason A. Donenfeld [Tue, 20 Sep 2022 15:21:32 +0000 (17:21 +0200)] 
global: bump copyright year

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2 years agotun/netstack: make http examples communicate with each other
Soren L. Hansen [Wed, 6 Oct 2021 10:40:01 +0000 (10:40 +0000)] 
tun/netstack: make http examples communicate with each other

This seems like a much better demonstration as it removes the need for
external components.

Signed-off-by: Søren L. Hansen <sorenisanerd@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2 years agotun/netstack: bump gvisor
Colin Adler [Mon, 6 Feb 2023 22:35:59 +0000 (16:35 -0600)] 
tun/netstack: bump gvisor

Bump gVisor to a recent known-good version.

Signed-off-by: Colin Adler <colin1adler@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agoglobal: bump copyright year
Jason A. Donenfeld [Tue, 20 Sep 2022 15:21:32 +0000 (17:21 +0200)] 
global: bump copyright year

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agotun/netstack: ensure `(*netTun).incomingPacket` chan is closed
Colin Adler [Tue, 13 Sep 2022 03:03:55 +0000 (22:03 -0500)] 
tun/netstack: ensure `(*netTun).incomingPacket` chan is closed

Without this, `device.Close()` will deadlock.

Signed-off-by: Colin Adler <colin1adler@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agoall: use Go 1.19 and its atomic types
Brad Fitzpatrick [Tue, 30 Aug 2022 14:43:11 +0000 (07:43 -0700)] 
all: use Go 1.19 and its atomic types

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agotun/netstack: remove separate module
Jason A. Donenfeld [Mon, 29 Aug 2022 16:04:27 +0000 (12:04 -0400)] 
tun/netstack: remove separate module

Now that the gvisor deps aren't insane, we can just do this in the main
module.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agotun/netstack: bump to latest gvisor
Shengjing Zhu [Thu, 18 Aug 2022 17:27:28 +0000 (01:27 +0800)] 
tun/netstack: bump to latest gvisor

To build with go1.19, gvisor needs
99325baf ("Bump gVisor build tags to go1.19").

However gvisor.dev/gvisor/pkg/tcpip/buffer is no longer available,
so refactor to use gvisor.dev/gvisor/pkg/tcpip/link/channel directly.

Signed-off-by: Shengjing Zhu <i@zhsj.me>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agoconn, device, tun: set CLOEXEC on fds
Brad Fitzpatrick [Sat, 2 Jul 2022 04:28:52 +0000 (21:28 -0700)] 
conn, device, tun: set CLOEXEC on fds

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agotun: use ByteSliceToString from golang.org/x/sys/unix
Tobias Klauser [Wed, 1 Jun 2022 09:33:54 +0000 (11:33 +0200)] 
tun: use ByteSliceToString from golang.org/x/sys/unix

Use unix.ByteSliceToString in (*NativeTun).nameSlice to convert the
TUNGETIFF ioctl result []byte to a string.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agoconn: remove the final alloc per packet receive
Josh Bleecher Snyder [Tue, 22 Mar 2022 18:23:56 +0000 (11:23 -0700)] 
conn: remove the final alloc per packet receive

This does bind_std only; other platforms remain.

The remaining alloc per iteration in the Throughput benchmark
comes from the tuntest package, and should not appear in regular use.

name           old time/op      new time/op      delta
Latency-10         25.2µs ± 1%      25.0µs ± 0%   -0.58%  (p=0.006 n=10+10)
Throughput-10      2.44µs ± 3%      2.41µs ± 2%     ~     (p=0.140 n=10+8)

name           old alloc/op     new alloc/op     delta
Latency-10           854B ± 5%        741B ± 3%  -13.22%  (p=0.000 n=10+10)
Throughput-10        265B ±34%        267B ±39%     ~     (p=0.670 n=10+10)

name           old allocs/op    new allocs/op    delta
Latency-10           16.0 ± 0%        14.0 ± 0%  -12.50%  (p=0.000 n=10+10)
Throughput-10        2.00 ± 0%        1.00 ± 0%  -50.00%  (p=0.000 n=10+10)

name           old packet-loss  new packet-loss  delta
Throughput-10        0.01 ±82%       0.01 ±282%     ~     (p=0.321 n=9+8)

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agoconn: use netip for std bind
Jason A. Donenfeld [Fri, 18 Mar 2022 04:23:02 +0000 (22:23 -0600)] 
conn: use netip for std bind

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agoversion: bump snapshot 0.0.20220316
Jason A. Donenfeld [Thu, 17 Mar 2022 03:32:14 +0000 (21:32 -0600)] 
version: bump snapshot

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agotun/netstack: bump mod
Jason A. Donenfeld [Wed, 16 Mar 2022 23:58:35 +0000 (17:58 -0600)] 
tun/netstack: bump mod

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agomod: bump packages and remove compat netip
Jason A. Donenfeld [Wed, 16 Mar 2022 23:51:47 +0000 (17:51 -0600)] 
mod: bump packages and remove compat netip

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agoall: use any in place of interface{}
Josh Bleecher Snyder [Wed, 16 Mar 2022 23:40:24 +0000 (16:40 -0700)] 
all: use any in place of interface{}

Enabled by using Go 1.18. A bit less verbose.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
3 years agoall: update to Go 1.18
Josh Bleecher Snyder [Wed, 16 Mar 2022 23:09:48 +0000 (16:09 -0700)] 
all: update to Go 1.18

Bump go.mod and README.

Switch to upstream net/netip.

Use strings.Cut.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
3 years agotun/netstack: check error returned by SetDeadline()
Alexander Neumann [Fri, 4 Mar 2022 09:38:10 +0000 (10:38 +0100)] 
tun/netstack: check error returned by SetDeadline()

Signed-off-by: Alexander Neumann <alexander.neumann@redteam-pentesting.de>
[Jason: don't wrap deadline error.]
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agotun/netstack: update to latest wireguard-go
Alexander Neumann [Fri, 4 Mar 2022 09:36:15 +0000 (10:36 +0100)] 
tun/netstack: update to latest wireguard-go

This commit fixes all callsites of netip.AddrFromSlice(), which has
changed its signature and now returns two values.

Signed-off-by: Alexander Neumann <alexander.neumann@redteam-pentesting.de>
[Jason: remove error handling from AddrFromSlice.]
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agotun/netstack: simplify read timeout on ping socket
Jason A. Donenfeld [Wed, 2 Feb 2022 22:30:31 +0000 (23:30 +0100)] 
tun/netstack: simplify read timeout on ping socket

I'm not 100% sure this is correct, but it certainly is a lot simpler.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agotun/netstack: implement ICMP ping
Thomas H. Ptacek [Mon, 31 Jan 2022 22:55:36 +0000 (16:55 -0600)] 
tun/netstack: implement ICMP ping

Provide a PacketConn interface for netstack's ICMP endpoint; netstack
currently only provides EchoRequest/EchoResponse ICMP support, so this
code exposes only an interface for doing ping.

Signed-off-by: Thomas Ptacek <thomas@sockpuppet.org>
[Jason: rework structure, match std go interfaces, add example code]
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agoversion: bump snapshot 0.0.20220117
Jason A. Donenfeld [Mon, 17 Jan 2022 16:37:42 +0000 (17:37 +0100)] 
version: bump snapshot

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agoipc: bsd: try again if kqueue returns EINTR
Jason A. Donenfeld [Fri, 14 Jan 2022 15:10:43 +0000 (16:10 +0100)] 
ipc: bsd: try again if kqueue returns EINTR

Reported-by: J. Michael McAtee <mmcatee@jumptrading.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agoglobal: apply gofumpt
Jason A. Donenfeld [Thu, 9 Dec 2021 16:55:50 +0000 (17:55 +0100)] 
global: apply gofumpt

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agodevice: handle peer post config on blank line
Jason A. Donenfeld [Mon, 29 Nov 2021 17:31:54 +0000 (12:31 -0500)] 
device: handle peer post config on blank line

We missed a function exit point. This was exacerbated by e3134bf
("device: defer state machine transitions until configuration is
complete"), but the bug existed prior. Minus provided the following
useful reproducer script:

    #!/usr/bin/env bash

    set -eux

    make wireguard-go || exit 125

    ip netns del test-ns || true
    ip netns add test-ns
    ip link add test-kernel type wireguard
    wg set test-kernel listen-port 0 private-key <(echo "QMCfZcp1KU27kEkpcMCgASEjDnDZDYsfMLHPed7+538=") peer "eDPZJMdfnb8ZcA/VSUnLZvLB2k8HVH12ufCGa7Z7rHI=" allowed-ips 10.51.234.10/32
    ip link set test-kernel netns test-ns up
    ip -n test-ns addr add 10.51.234.1/24 dev test-kernel
    port=$(ip netns exec test-ns wg show test-kernel listen-port)

    ip link del test-go || true
    ./wireguard-go test-go
    wg set test-go private-key <(echo "WBM7qimR3vFk1QtWNfH+F4ggy/hmO+5hfIHKxxI4nF4=") peer "+nj9Dkqpl4phsHo2dQliGm5aEiWJJgBtYKbh7XjeNjg=" allowed-ips 0.0.0.0/0 endpoint 127.0.0.1:$port
    ip addr add 10.51.234.10/24 dev test-go
    ip link set test-go up

    ping -c2 -W1 10.51.234.1

Reported-by: minus <minus@mnus.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agodevice: reduce peer lock critical section in UAPI
Josh Bleecher Snyder [Thu, 18 Nov 2021 23:37:24 +0000 (15:37 -0800)] 
device: reduce peer lock critical section in UAPI

The deferred RUnlock calls weren't executing until all peers
had been processed. Add an anonymous function so that each
peer may be unlocked as soon as it is completed.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agodevice: remove code using unsafe
Josh Bleecher Snyder [Mon, 8 Nov 2021 19:15:06 +0000 (11:15 -0800)] 
device: remove code using unsafe

There is no performance impact.

name                             old time/op  new time/op  delta
TrieIPv4Peers100Addresses1000-8  78.6ns ± 1%  79.4ns ± 3%    ~     (p=0.604 n=10+9)
TrieIPv4Peers10Addresses10-8     29.1ns ± 2%  28.8ns ± 1%  -1.12%  (p=0.014 n=10+9)
TrieIPv6Peers100Addresses1000-8  78.9ns ± 1%  78.6ns ± 1%    ~     (p=0.492 n=10+10)
TrieIPv6Peers10Addresses10-8     29.3ns ± 2%  28.6ns ± 2%  -2.16%  (p=0.000 n=10+10)

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agoglobal: use netip where possible now
Jason A. Donenfeld [Fri, 5 Nov 2021 00:52:54 +0000 (01:52 +0100)] 
global: use netip where possible now

There are more places where we'll need to add it later, when Go 1.18
comes out with support for it in the "net" package. Also, allowedips
still uses slices internally, which might be suboptimal.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agodevice: only propagate roaming value before peer is referenced elsewhere
Jason A. Donenfeld [Tue, 16 Nov 2021 20:13:55 +0000 (21:13 +0100)] 
device: only propagate roaming value before peer is referenced elsewhere

A peer.endpoint never becomes nil after being not-nil, so creation is
the only time we actually need to set this. This prevents a race from
when the variable is actually used elsewhere, and allows us to avoid an
expensive atomic.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agodevice: align 64-bit atomic member in Device
Jason A. Donenfeld [Tue, 16 Nov 2021 20:07:15 +0000 (21:07 +0100)] 
device: align 64-bit atomic member in Device

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agodevice: start peers before running handshake test
Jason A. Donenfeld [Tue, 16 Nov 2021 20:04:54 +0000 (21:04 +0100)] 
device: start peers before running handshake test

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agoMakefile: don't use test -v because it hides failures in scrollback
Jason A. Donenfeld [Tue, 16 Nov 2021 19:59:40 +0000 (20:59 +0100)] 
Makefile: don't use test -v because it hides failures in scrollback

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agodevice: fix nil pointer dereference in uapi read
David Anderson [Tue, 16 Nov 2021 19:27:44 +0000 (11:27 -0800)] 
device: fix nil pointer dereference in uapi read

Signed-off-by: David Anderson <danderson@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agodevice: make new peers inherit broken mobile semantics
Jason A. Donenfeld [Thu, 11 Nov 2021 02:13:20 +0000 (03:13 +0100)] 
device: make new peers inherit broken mobile semantics

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agodevice: defer state machine transitions until configuration is complete
Jason A. Donenfeld [Thu, 11 Nov 2021 02:12:37 +0000 (03:12 +0100)] 
device: defer state machine transitions until configuration is complete

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agodevice: do not consume handshake messages if not running
Jason A. Donenfeld [Thu, 11 Nov 2021 02:11:29 +0000 (03:11 +0100)] 
device: do not consume handshake messages if not running

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agotun: move wintun to its own repo
Jason A. Donenfeld [Thu, 4 Nov 2021 11:53:44 +0000 (12:53 +0100)] 
tun: move wintun to its own repo

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agonamedpipe: rename from winpipe to keep in sync with CL299009
Jason A. Donenfeld [Sat, 30 Oct 2021 00:39:56 +0000 (02:39 +0200)] 
namedpipe: rename from winpipe to keep in sync with CL299009

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agodevice: timers: use pre-seeded per-thread unlocked fastrandn for jitter
Jason A. Donenfeld [Thu, 28 Oct 2021 11:47:50 +0000 (13:47 +0200)] 
device: timers: use pre-seeded per-thread unlocked fastrandn for jitter

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 years agodevice: timers: seed unsafe rng before use for jitter
Jason A. Donenfeld [Thu, 28 Oct 2021 11:34:21 +0000 (13:34 +0200)] 
device: timers: seed unsafe rng before use for jitter

Forgetting to seed the unsafe rng, the jitter before followed a fixed
pattern, which didn't help when a fleet of computers all boot at once.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agowintun: align 64-bit argument on ARM32
Jason A. Donenfeld [Tue, 26 Oct 2021 12:51:44 +0000 (14:51 +0200)] 
wintun: align 64-bit argument on ARM32

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agoREADME: raise minimum Go to 1.17
Jason A. Donenfeld [Mon, 25 Oct 2021 15:53:11 +0000 (17:53 +0200)] 
README: raise minimum Go to 1.17

Suggested-by: Adam Bliss <abliss@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agotun/netstack: update gvisor
Mikael Magnusson [Thu, 21 Oct 2021 22:04:20 +0000 (00:04 +0200)] 
tun/netstack: update gvisor

Update gvisor to v0.0.0-20211020211948-f76a604701b6, which requires some
changes to tun.go:

WriteRawPacket: Add function with not implemented error.

CreateNetTUN: Replace stack.AddAddress with stack.AddProtocolAddress, and
fix IPv6 address in error message.

Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agoipc, rwcancel: compile on js/wasm
Brad Fitzpatrick [Wed, 20 Oct 2021 15:56:39 +0000 (08:56 -0700)] 
ipc, rwcancel: compile on js/wasm

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years agowintun: allow retrieving DLL version
Jason A. Donenfeld [Wed, 20 Oct 2021 18:13:44 +0000 (12:13 -0600)] 
wintun: allow retrieving DLL version

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agoversion: bump snapshot 0.0.20211016
Jason A. Donenfeld [Sun, 17 Oct 2021 05:27:13 +0000 (23:27 -0600)] 
version: bump snapshot

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agowintun: remove memmod option for dll loading
Jason A. Donenfeld [Sun, 17 Oct 2021 04:49:38 +0000 (22:49 -0600)] 
wintun: remove memmod option for dll loading

Only wireguard-windows used this, and it's moving to wgnt exclusively.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agoglobal: remove old-style build tags
Jason A. Donenfeld [Tue, 12 Oct 2021 18:02:10 +0000 (12:02 -0600)] 
global: remove old-style build tags

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agoglobal: add newer-style build tags
Jason A. Donenfeld [Tue, 12 Oct 2021 17:46:53 +0000 (11:46 -0600)] 
global: add newer-style build tags

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agowintun: use new swdevice-based API for upcoming Wintun 0.14
Jason A. Donenfeld [Tue, 12 Oct 2021 06:26:46 +0000 (00:26 -0600)] 
wintun: use new swdevice-based API for upcoming Wintun 0.14

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agoconn,wintun: use unsafe.Slice instead of unsafeSlice
Jason A. Donenfeld [Mon, 11 Oct 2021 20:57:53 +0000 (14:57 -0600)] 
conn,wintun: use unsafe.Slice instead of unsafeSlice

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agomemmod: import from wireguard-windows
Jason A. Donenfeld [Mon, 11 Oct 2021 20:53:36 +0000 (14:53 -0600)] 
memmod: import from wireguard-windows

We'll eventually be getting rid of it here, but keep it sync'd up for
now.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agorwcancel: use unix.Poll again but bump x/sys so it uses ppoll under the hood
Jason A. Donenfeld [Mon, 27 Sep 2021 20:18:38 +0000 (14:18 -0600)] 
rwcancel: use unix.Poll again but bump x/sys so it uses ppoll under the hood

This reverts commit fcc601dbf0f6b626ec1d47a880cbe64f9c8fe385 but then
bumps go.mod.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agorwcancel: use ppoll on Linux for Android
Jason A. Donenfeld [Sun, 26 Sep 2021 23:15:58 +0000 (17:15 -0600)] 
rwcancel: use ppoll on Linux for Android

This is a temporary measure while we wait for
https://go-review.googlesource.com/c/sys/+/352310 to land.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agotun: make operateonfd.go build tags more specific
Tobias Klauser [Thu, 23 Sep 2021 10:07:19 +0000 (12:07 +0200)] 
tun: make operateonfd.go build tags more specific

(*NativeTun).operateOnFd is only used on darwin and freebsd. Adjust the
build tags accordingly.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agotun: avoid leaking sock fd in CreateTUN error cases
Tobias Klauser [Thu, 23 Sep 2021 10:05:13 +0000 (12:05 +0200)] 
tun: avoid leaking sock fd in CreateTUN error cases

At these points, the socket file descriptor is not yet wrapped in an
*os.File, so it needs to be closed explicitly on error.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agoglobal: add new go 1.17 build comments
Jason A. Donenfeld [Sun, 5 Sep 2021 14:00:43 +0000 (16:00 +0200)] 
global: add new go 1.17 build comments

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agomemmod: register exception handler tables
Jason A. Donenfeld [Thu, 5 Aug 2021 12:56:48 +0000 (14:56 +0200)] 
memmod: register exception handler tables

Otherwise recent WDK binaries fail on ARM64, where an exception handler
is used for trapping an illegal instruction when ARMv8.1 atomics are
being tested for functionality.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agomemmod: fix protected delayed load the right way
Jason A. Donenfeld [Wed, 28 Jul 2021 23:27:40 +0000 (01:27 +0200)] 
memmod: fix protected delayed load the right way

The reason this was failing before is that dloadsup.h's
DloadObtainSection was doing a linear search of sections to find which
header corresponds with the IMAGE_DELAYLOAD_DESCRIPTOR section, and we
were stupidly overwriting the VirtualSize field, so the linear search
wound up matching the .text section, which then it found to not be
marked writable and failed with FAST_FAIL_DLOAD_PROTECTION_FAILURE.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agomemmod: disable protected delayed load for now
Jason A. Donenfeld [Wed, 28 Jul 2021 23:01:46 +0000 (01:01 +0200)] 
memmod: disable protected delayed load for now

Probably a bad idea, but we don't currently support it, and those huge
windows.NewCallback trampolines make juicer targets anyway.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agoipc: allow admins but require high integrity label
Jason A. Donenfeld [Wed, 23 Jun 2021 23:19:29 +0000 (01:19 +0200)] 
ipc: allow admins but require high integrity label

Might be more reasonable.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agodevice: zero out allowedip node pointers when removing
Jason A. Donenfeld [Fri, 4 Jun 2021 14:33:28 +0000 (16:33 +0200)] 
device: zero out allowedip node pointers when removing

This should make it a bit easier for the garbage collector.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agodevice: limit allowedip fuzzer a to 4 times through
Jason A. Donenfeld [Thu, 3 Jun 2021 16:22:50 +0000 (18:22 +0200)] 
device: limit allowedip fuzzer a to 4 times through

Trying this for every peer winds up being very slow and precludes it
from acceptable runtime in the CI, so reduce this to 4.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agodevice: simplify allowedips lookup signature
Jason A. Donenfeld [Thu, 3 Jun 2021 14:12:29 +0000 (16:12 +0200)] 
device: simplify allowedips lookup signature

The inliner should handle this for us.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agodevice: remove nodes by peer in O(1) instead of O(n)
Jason A. Donenfeld [Thu, 3 Jun 2021 13:40:09 +0000 (15:40 +0200)] 
device: remove nodes by peer in O(1) instead of O(n)

Now that we have parent pointers hooked up, we can simply go right to
the node and remove it in place, rather than having to recursively walk
the entire trie.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agodevice: remove recursion from insertion and connect parent pointers
Jason A. Donenfeld [Thu, 3 Jun 2021 12:50:28 +0000 (14:50 +0200)] 
device: remove recursion from insertion and connect parent pointers

This makes the insertion algorithm a bit more efficient, while also now
taking on the additional task of connecting up parent pointers. This
will be handy in the following commit.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agodevice: reduce size of trie struct
Jason A. Donenfeld [Thu, 3 Jun 2021 11:51:03 +0000 (13:51 +0200)] 
device: reduce size of trie struct

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agogo.mod: bump golang.org/x/sys again
Josh Bleecher Snyder [Sat, 3 Apr 2021 17:15:59 +0000 (10:15 -0700)] 
go.mod: bump golang.org/x/sys again

To pick up https://go-review.googlesource.com/c/sys/+/307129.

Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>
4 years agodevice: allow reducing queue constants on iOS
Jason A. Donenfeld [Fri, 21 May 2021 22:57:42 +0000 (00:57 +0200)] 
device: allow reducing queue constants on iOS

Heavier network extensions might require the wireguard-go component to
use less ram, so let users of this reduce these as needed.

At some point we'll put this behind a configuration method of sorts, but
for now, just expose the consts as vars.

Requested-by: Josh Bleecher Snyder <josh@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agotun: linux: account for interface removal from outside
Jason A. Donenfeld [Thu, 20 May 2021 16:26:01 +0000 (18:26 +0200)] 
tun: linux: account for interface removal from outside

On Linux we can run `ip link del wg0`, in which case the fd becomes
stale, and we should exit. Since this is an intentional action, don't
treat it as an error.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agoconn: linux: protect read fds
Jason A. Donenfeld [Thu, 20 May 2021 16:09:55 +0000 (18:09 +0200)] 
conn: linux: protect read fds

The -1 protection was removed and the wrong error was returned, causing
us to read from a bogus fd. As well, remove the useless closures that
aren't doing anything, since this is all synchronized anyway.

Fixes: 10533c3 ("all: make conn.Bind.Open return a slice of receive functions")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agorwcancel: use ordinary os.ErrClosed instead of custom error
Jason A. Donenfeld [Thu, 20 May 2021 15:56:36 +0000 (17:56 +0200)] 
rwcancel: use ordinary os.ErrClosed instead of custom error

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agorwcancel: use poll instead of select
Jason A. Donenfeld [Thu, 20 May 2021 15:42:34 +0000 (17:42 +0200)] 
rwcancel: use poll instead of select

Suggested-by: Lennart Poettering <lennart@poettering.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agodevice: optimize Peer.String even more
Jason A. Donenfeld [Thu, 13 May 2021 23:07:55 +0000 (01:07 +0200)] 
device: optimize Peer.String even more

This reduces the allocation, branches, and amount of base64 encoding.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agodevice: optimize Peer.String
Josh Bleecher Snyder [Thu, 13 May 2021 22:30:18 +0000 (15:30 -0700)] 
device: optimize Peer.String

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
4 years agoconn: windows: set count=0 on retry
Jason A. Donenfeld [Tue, 11 May 2021 14:47:17 +0000 (16:47 +0200)] 
conn: windows: set count=0 on retry

When retrying, if count is not 0, we forget to dequeue another request,
and so the ring fills up and errors out.

Reported-by: Sascha Dierberg <dierberg@dresearch-fe.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agomain: replace crlf on windows in fmt test
Jason A. Donenfeld [Mon, 10 May 2021 20:23:32 +0000 (22:23 +0200)] 
main: replace crlf on windows in fmt test

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agomain: check that code is formatted in unit test
Jason A. Donenfeld [Fri, 7 May 2021 10:56:10 +0000 (12:56 +0200)] 
main: check that code is formatted in unit test

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4 years agotun: format
Jason A. Donenfeld [Fri, 7 May 2021 10:21:27 +0000 (12:21 +0200)] 
tun: format

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>