device: uniformly check ECDH output for zeros

For some reason, this was omitted for response messages.

Reported-by: z <dzm@unexpl0.red>
Fixes: 8c34c4c ("First set of code review patches")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

tun: guard Device.Events() against chan writes

Signed-off-by: Jordan Whited <jordan@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

global: bump copyright year

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

tun/netstack: make http examples communicate with each other

This seems like a much better demonstration as it removes the need for
external components.

Signed-off-by: Søren L. Hansen <sorenisanerd@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

tun/netstack: bump gvisor

Bump gVisor to a recent known-good version.

Signed-off-by: Colin Adler <colin1adler@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

global: bump copyright year

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

tun/netstack: ensure `(*netTun).incomingPacket` chan is closed

Without this, `device.Close()` will deadlock.

Signed-off-by: Colin Adler <colin1adler@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

all: use Go 1.19 and its atomic types

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

tun/netstack: remove separate module

Now that the gvisor deps aren't insane, we can just do this in the main
module.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

tun/netstack: bump to latest gvisor

To build with go1.19, gvisor needs
99325baf ("Bump gVisor build tags to go1.19").

However gvisor.dev/gvisor/pkg/tcpip/buffer is no longer available,
so refactor to use gvisor.dev/gvisor/pkg/tcpip/link/channel directly.

Signed-off-by: Shengjing Zhu <i@zhsj.me>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

conn, device, tun: set CLOEXEC on fds

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

tun: use ByteSliceToString from golang.org/x/sys/unix

Use unix.ByteSliceToString in (*NativeTun).nameSlice to convert the
TUNGETIFF ioctl result []byte to a string.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

conn: remove the final alloc per packet receive

This does bind_std only; other platforms remain.

The remaining alloc per iteration in the Throughput benchmark
comes from the tuntest package, and should not appear in regular use.

name           old time/op      new time/op      delta
Latency-10         25.2µs ± 1%      25.0µs ± 0%   -0.58%  (p=0.006 n=10+10)
Throughput-10      2.44µs ± 3%      2.41µs ± 2%     ~     (p=0.140 n=10+8)

name           old alloc/op     new alloc/op     delta
Latency-10           854B ± 5%        741B ± 3%  -13.22%  (p=0.000 n=10+10)
Throughput-10        265B ±34%        267B ±39%     ~     (p=0.670 n=10+10)

name           old allocs/op    new allocs/op    delta
Latency-10           16.0 ± 0%        14.0 ± 0%  -12.50%  (p=0.000 n=10+10)
Throughput-10        2.00 ± 0%        1.00 ± 0%  -50.00%  (p=0.000 n=10+10)

name           old packet-loss  new packet-loss  delta
Throughput-10        0.01 ±82%       0.01 ±282%     ~     (p=0.321 n=9+8)

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

conn: use netip for std bind

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

version: bump snapshot

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

tun/netstack: bump mod

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

mod: bump packages and remove compat netip

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

all: use any in place of interface{}

Enabled by using Go 1.18. A bit less verbose.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>

all: update to Go 1.18

Bump go.mod and README.

Switch to upstream net/netip.

Use strings.Cut.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>

tun/netstack: check error returned by SetDeadline()

Signed-off-by: Alexander Neumann <alexander.neumann@redteam-pentesting.de>
[Jason: don't wrap deadline error.]
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

tun/netstack: update to latest wireguard-go

This commit fixes all callsites of netip.AddrFromSlice(), which has
changed its signature and now returns two values.

Signed-off-by: Alexander Neumann <alexander.neumann@redteam-pentesting.de>
[Jason: remove error handling from AddrFromSlice.]
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

tun/netstack: simplify read timeout on ping socket

I'm not 100% sure this is correct, but it certainly is a lot simpler.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

tun/netstack: implement ICMP ping

Provide a PacketConn interface for netstack's ICMP endpoint; netstack
currently only provides EchoRequest/EchoResponse ICMP support, so this
code exposes only an interface for doing ping.

Signed-off-by: Thomas Ptacek <thomas@sockpuppet.org>
[Jason: rework structure, match std go interfaces, add example code]
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

version: bump snapshot

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

ipc: bsd: try again if kqueue returns EINTR

Reported-by: J. Michael McAtee <mmcatee@jumptrading.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

global: apply gofumpt

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

device: handle peer post config on blank line

We missed a function exit point. This was exacerbated by e3134bf
("device: defer state machine transitions until configuration is
complete"), but the bug existed prior. Minus provided the following
useful reproducer script:

    #!/usr/bin/env bash

    set -eux

    make wireguard-go || exit 125

    ip netns del test-ns || true
    ip netns add test-ns
    ip link add test-kernel type wireguard
    wg set test-kernel listen-port 0 private-key <(echo "QMCfZcp1KU27kEkpcMCgASEjDnDZDYsfMLHPed7+538=") peer "eDPZJMdfnb8ZcA/VSUnLZvLB2k8HVH12ufCGa7Z7rHI=" allowed-ips 10.51.234.10/32
    ip link set test-kernel netns test-ns up
    ip -n test-ns addr add 10.51.234.1/24 dev test-kernel
    port=$(ip netns exec test-ns wg show test-kernel listen-port)

    ip link del test-go || true
    ./wireguard-go test-go
    wg set test-go private-key <(echo "WBM7qimR3vFk1QtWNfH+F4ggy/hmO+5hfIHKxxI4nF4=") peer "+nj9Dkqpl4phsHo2dQliGm5aEiWJJgBtYKbh7XjeNjg=" allowed-ips 0.0.0.0/0 endpoint 127.0.0.1:$port
    ip addr add 10.51.234.10/24 dev test-go
    ip link set test-go up

    ping -c2 -W1 10.51.234.1

Reported-by: minus <minus@mnus.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

device: reduce peer lock critical section in UAPI

The deferred RUnlock calls weren't executing until all peers
had been processed. Add an anonymous function so that each
peer may be unlocked as soon as it is completed.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

device: remove code using unsafe

There is no performance impact.

name                             old time/op  new time/op  delta
TrieIPv4Peers100Addresses1000-8  78.6ns ± 1%  79.4ns ± 3%    ~     (p=0.604 n=10+9)
TrieIPv4Peers10Addresses10-8     29.1ns ± 2%  28.8ns ± 1%  -1.12%  (p=0.014 n=10+9)
TrieIPv6Peers100Addresses1000-8  78.9ns ± 1%  78.6ns ± 1%    ~     (p=0.492 n=10+10)
TrieIPv6Peers10Addresses10-8     29.3ns ± 2%  28.6ns ± 2%  -2.16%  (p=0.000 n=10+10)

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

global: use netip where possible now

There are more places where we'll need to add it later, when Go 1.18
comes out with support for it in the "net" package. Also, allowedips
still uses slices internally, which might be suboptimal.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

device: only propagate roaming value before peer is referenced elsewhere

A peer.endpoint never becomes nil after being not-nil, so creation is
the only time we actually need to set this. This prevents a race from
when the variable is actually used elsewhere, and allows us to avoid an
expensive atomic.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

device: align 64-bit atomic member in Device

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

device: start peers before running handshake test

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Makefile: don't use test -v because it hides failures in scrollback

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

device: fix nil pointer dereference in uapi read

Signed-off-by: David Anderson <danderson@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

device: make new peers inherit broken mobile semantics

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

device: defer state machine transitions until configuration is complete

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

device: do not consume handshake messages if not running

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

tun: move wintun to its own repo

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

namedpipe: rename from winpipe to keep in sync with CL299009

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

device: timers: use pre-seeded per-thread unlocked fastrandn for jitter

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

device: timers: seed unsafe rng before use for jitter

Forgetting to seed the unsafe rng, the jitter before followed a fixed
pattern, which didn't help when a fleet of computers all boot at once.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wintun: align 64-bit argument on ARM32

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

README: raise minimum Go to 1.17

Suggested-by: Adam Bliss <abliss@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

tun/netstack: update gvisor

Update gvisor to v0.0.0-20211020211948-f76a604701b6, which requires some
changes to tun.go:

WriteRawPacket: Add function with not implemented error.

CreateNetTUN: Replace stack.AddAddress with stack.AddProtocolAddress, and
fix IPv6 address in error message.

Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

ipc, rwcancel: compile on js/wasm

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

wintun: allow retrieving DLL version

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

version: bump snapshot

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wintun: remove memmod option for dll loading

Only wireguard-windows used this, and it's moving to wgnt exclusively.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

global: remove old-style build tags

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

global: add newer-style build tags

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wintun: use new swdevice-based API for upcoming Wintun 0.14

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

conn,wintun: use unsafe.Slice instead of unsafeSlice

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

memmod: import from wireguard-windows

We'll eventually be getting rid of it here, but keep it sync'd up for
now.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

rwcancel: use unix.Poll again but bump x/sys so it uses ppoll under the hood

This reverts commit fcc601dbf0f6b626ec1d47a880cbe64f9c8fe385 but then
bumps go.mod.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

rwcancel: use ppoll on Linux for Android

This is a temporary measure while we wait for
https://go-review.googlesource.com/c/sys/+/352310 to land.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

tun: make operateonfd.go build tags more specific

(*NativeTun).operateOnFd is only used on darwin and freebsd. Adjust the
build tags accordingly.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

tun: avoid leaking sock fd in CreateTUN error cases

At these points, the socket file descriptor is not yet wrapped in an
*os.File, so it needs to be closed explicitly on error.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

global: add new go 1.17 build comments

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

memmod: register exception handler tables

Otherwise recent WDK binaries fail on ARM64, where an exception handler
is used for trapping an illegal instruction when ARMv8.1 atomics are
being tested for functionality.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

memmod: fix protected delayed load the right way

The reason this was failing before is that dloadsup.h's
DloadObtainSection was doing a linear search of sections to find which
header corresponds with the IMAGE_DELAYLOAD_DESCRIPTOR section, and we
were stupidly overwriting the VirtualSize field, so the linear search
wound up matching the .text section, which then it found to not be
marked writable and failed with FAST_FAIL_DLOAD_PROTECTION_FAILURE.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

memmod: disable protected delayed load for now

Probably a bad idea, but we don't currently support it, and those huge
windows.NewCallback trampolines make juicer targets anyway.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

ipc: allow admins but require high integrity label

Might be more reasonable.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

device: zero out allowedip node pointers when removing

This should make it a bit easier for the garbage collector.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

device: limit allowedip fuzzer a to 4 times through

Trying this for every peer winds up being very slow and precludes it
from acceptable runtime in the CI, so reduce this to 4.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

device: simplify allowedips lookup signature

The inliner should handle this for us.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

device: remove nodes by peer in O(1) instead of O(n)

Now that we have parent pointers hooked up, we can simply go right to
the node and remove it in place, rather than having to recursively walk
the entire trie.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

device: remove recursion from insertion and connect parent pointers

This makes the insertion algorithm a bit more efficient, while also now
taking on the additional task of connecting up parent pointers. This
will be handy in the following commit.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

device: reduce size of trie struct

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

go.mod: bump golang.org/x/sys again

To pick up https://go-review.googlesource.com/c/sys/+/307129.

Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>

device: allow reducing queue constants on iOS

Heavier network extensions might require the wireguard-go component to
use less ram, so let users of this reduce these as needed.

At some point we'll put this behind a configuration method of sorts, but
for now, just expose the consts as vars.

Requested-by: Josh Bleecher Snyder <josh@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

tun: linux: account for interface removal from outside

On Linux we can run `ip link del wg0`, in which case the fd becomes
stale, and we should exit. Since this is an intentional action, don't
treat it as an error.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

conn: linux: protect read fds

The -1 protection was removed and the wrong error was returned, causing
us to read from a bogus fd. As well, remove the useless closures that
aren't doing anything, since this is all synchronized anyway.

Fixes: 10533c3 ("all: make conn.Bind.Open return a slice of receive functions")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

rwcancel: use ordinary os.ErrClosed instead of custom error

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

rwcancel: use poll instead of select

Suggested-by: Lennart Poettering <lennart@poettering.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

device: optimize Peer.String even more

This reduces the allocation, branches, and amount of base64 encoding.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

device: optimize Peer.String

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>

conn: windows: set count=0 on retry

When retrying, if count is not 0, we forget to dequeue another request,
and so the ring fills up and errors out.

Reported-by: Sascha Dierberg <dierberg@dresearch-fe.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

main: replace crlf on windows in fmt test

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

main: check that code is formatted in unit test

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

tun: format

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

device: add ID to repeated routines

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

device: remove unusual ... in messages

We dont use ... in any other present progressive messages except these.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

device: avoid verbose log line during ordinary shutdown sequence

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

tun: windows: set event before waiting

In 097af6e ("tun: windows: protect reads from closing") we made sure no
functions are running when End() is called, to avoid a UaF. But we still
need to kick that event somehow, so that Read() is allowed to exit, in
order to release the lock. So this commit calls SetEvent, while moving
the closing boolean to be atomic so it can be modified without locks,
and then moves to a WaitGroup for the RCU-like pattern.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

tun: windows: rearrange struct to avoid alignment trap on 32bit

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

tun: windows: check alignment in unit test

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

device: log all errors received by RoutineReceiveIncoming

When debugging, it's useful to know why a receive func exited.

We were already logging that, but only in the "death spiral" case.
Move the logging up, to capture it always.
Reduce the verbosity, since it is not an error case any more.
Put the receive func name in the log line.

Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>

tun/netstack: update go mod and remove GSO argument

Reported-by: John Xiong <xiaoyang1258@yeah.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

tun: windows: send MTU update when forced MTU changes

Otherwise the padding doesn't get updated.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

tun: windows: protect reads from closing

The code previously used the old errors channel for checking, rather
than the simpler boolean, which caused issues on shutdown, since the
errors channel was meaningless. However, looking at this exposed a more
basic problem: Close() and all the other functions that check the closed
boolean can race. So protect with a basic RW lock, to ensure that
Close() waits for all pending operations to complete.

Reported-by: Joshua Sjoding <joshua.sjoding@scjalliance.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

conn: windows: do not error out when receiving UDP jumbogram

If we receive a large UDP packet, don't return an error to receive.go,
which then terminates the receive loop. Instead, simply retry.

Considering Winsock's general finickiness, we might consider other
places where an attacker on the wire can generate error conditions like
this.

Reported-by: Sascha Dierberg <sascha.dierberg@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

version: bump snapshot

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

tun: freebsd: avoid OOB writes

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

tun: freebsd: become controlling process when reopening tun FD

When we pass the TUN FD to the child, we have to call TUNSIFPID;
otherwise when we close the device, we get a splat in dmesg.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

tun: freebsd: restructure and cleanup

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

tun: freebsd: remove horrific hack for getting tunnel name

As of FreeBSD 12.1, there's TUNGIFNAME.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

tun: freebsd: set IFF_MULTICAST for routing daemons

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

main: print kernel warning on OpenBSD and FreeBSD too

More kernels!

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

device: don't defer unlocking from loop

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>