aboutsummaryrefslogtreecommitdiff
path: root/tun (follow)
Commit message (Collapse)AuthorAgeFilesLines
* netstack: fix typoDimitri Papadopoulos Orfanos2023-07-041-1/+1
| | | | | Signed-off-by: Dimitri Papadopoulos Orfanos <3234522+DimitriPapadopoulos@users.noreply.github.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: use correct IP header comparisons in tcpGRO() and tcpPacketsCanCoalesce()Jordan Whited2023-03-252-16/+119
| | | | | | | | | | | | tcpGRO() was using an incorrect IPv4 more fragments bit mask. tcpPacketsCanCoalesce() was not distinguishing tcp6 from tcp4, and TTL values were not compared. TTL values should be equal at the IP layer, otherwise the packets should not coalesce. This tracks with the kernel. Reviewed-by: Denton Gentry <dgentry@tailscale.com> Signed-off-by: Jordan Whited <jordan@tailscale.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: disqualify tcp4 packets w/IP options from coalescingJordan Whited2023-03-252-5/+55
| | | | | | | | | | IP options were not being compared prior to coalescing. They are not commonly used. Disqualification due to nonzero options is in line with the kernel. Reviewed-by: Denton Gentry <dgentry@tailscale.com> Signed-off-by: Jordan Whited <jordan@tailscale.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: remove old style build tagsJason A. Donenfeld2023-03-233-3/+0
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: replace ErrorBatch() with errors.Join()Jordan Whited2023-03-172-51/+3
| | | | | | Reviewed-by: Maisem Ali <maisem@tailscale.com> Signed-off-by: Jordan Whited <jordan@tailscale.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: buff -> bufJason A. Donenfeld2023-03-137-99/+99
| | | | | | This always struck me as kind of weird and non-standard. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun/netstack: enable TCP Selective AcknowledgementsJordan Whited2023-03-101-1/+6
| | | | | | | | | | Enable TCP SACK for the gVisor Stack used in tun/netstack. This can improve throughput by an order of magnitude in the presence of packet loss. Reviewed-by: James Tucker <james@tailscale.com> Signed-off-by: Jordan Whited <jordan@tailscale.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conn: inch BatchSize toward being non-dynamicJason A. Donenfeld2023-03-103-8/+8
| | | | | | | | There's not really a use at the moment for making this configurable, and once bind_windows.go behaves like bind_std.go, we'll be able to use constants everywhere. So begin that simplification now. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conn, device, tun: implement vectorized I/O on LinuxJordan Whited2023-03-106-70/+1148
| | | | | | | | | | | | | | | | | | | | Implement TCP offloading via TSO and GRO for the Linux tun.Device, which is made possible by virtio extensions in the kernel's TUN driver. Delete conn.LinuxSocketEndpoint in favor of a collapsed conn.StdNetBind. conn.StdNetBind makes use of recvmmsg() and sendmmsg() on Linux. All platforms now fall under conn.StdNetBind, except for Windows, which remains in conn.WinRingBind, which still needs to be adjusted to handle multiple packets. Also refactor sticky sockets support to eventually be applicable on platforms other than just Linux. However Linux remains the sole platform that fully implements it for now. Co-authored-by: James Tucker <james@tailscale.com> Signed-off-by: James Tucker <james@tailscale.com> Signed-off-by: Jordan Whited <jordan@tailscale.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conn, device, tun: implement vectorized I/O plumbingJordan Whited2023-03-109-158/+283
| | | | | | | | | | | | | | | | | | | | Accept packet vectors for reading and writing in the tun.Device and conn.Bind interfaces, so that the internal plumbing between these interfaces now passes a vector of packets. Vectors move untouched between these interfaces, i.e. if 128 packets are received from conn.Bind.Read(), 128 packets are passed to tun.Device.Write(). There is no internal buffering. Currently, existing implementations are only adjusted to have vectors of length one. Subsequent patches will improve that. Also, as a related fixup, use the unix and windows packages rather than the syscall package when possible. Co-authored-by: James Tucker <james@tailscale.com> Signed-off-by: James Tucker <james@tailscale.com> Signed-off-by: Jordan Whited <jordan@tailscale.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: guard Device.Events() against chan writesJordan Whited2023-02-098-11/+11
| | | | | Signed-off-by: Jordan Whited <jordan@tailscale.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: bump copyright yearJason A. Donenfeld2023-02-0713-13/+13
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun/netstack: make http examples communicate with each otherSoren L. Hansen2023-02-072-9/+9
| | | | | | | | This seems like a much better demonstration as it removes the need for external components. Signed-off-by: Søren L. Hansen <sorenisanerd@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun/netstack: bump gvisorColin Adler2023-02-071-1/+1
| | | | | | | Bump gVisor to a recent known-good version. Signed-off-by: Colin Adler <colin1adler@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: bump copyright yearJason A. Donenfeld2022-09-2013-13/+13
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun/netstack: ensure `(*netTun).incomingPacket` chan is closedColin Adler2022-09-201-0/+4
| | | | | | | Without this, `device.Close()` will deadlock. Signed-off-by: Colin Adler <colin1adler@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* all: use Go 1.19 and its atomic typesBrad Fitzpatrick2022-09-041-22/+18
| | | | | Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun/netstack: remove separate moduleJason A. Donenfeld2022-08-292-33/+0
| | | | | | | Now that the gvisor deps aren't insane, we can just do this in the main module. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun/netstack: bump to latest gvisorShengjing Zhu2022-08-293-1031/+37
| | | | | | | | | | | To build with go1.19, gvisor needs 99325baf ("Bump gVisor build tags to go1.19"). However gvisor.dev/gvisor/pkg/tcpip/buffer is no longer available, so refactor to use gvisor.dev/gvisor/pkg/tcpip/link/channel directly. Signed-off-by: Shengjing Zhu <i@zhsj.me> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conn, device, tun: set CLOEXEC on fdsBrad Fitzpatrick2022-07-044-21/+33
| | | | | Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: use ByteSliceToString from golang.org/x/sys/unixTobias Klauser2022-06-011-6/+1
| | | | | | | | Use unix.ByteSliceToString in (*NativeTun).nameSlice to convert the TUNGETIFF ioctl result []byte to a string. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun/netstack: bump modJason A. Donenfeld2022-03-162-24/+17
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* all: update to Go 1.18Josh Bleecher Snyder2022-03-165-5/+5
| | | | | | | | | | Bump go.mod and README. Switch to upstream net/netip. Use strings.Cut. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
* tun/netstack: check error returned by SetDeadline()Alexander Neumann2022-03-091-1/+4
| | | | | | Signed-off-by: Alexander Neumann <alexander.neumann@redteam-pentesting.de> [Jason: don't wrap deadline error.] Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun/netstack: update to latest wireguard-goAlexander Neumann2022-03-093-24/+36
| | | | | | | | | This commit fixes all callsites of netip.AddrFromSlice(), which has changed its signature and now returns two values. Signed-off-by: Alexander Neumann <alexander.neumann@redteam-pentesting.de> [Jason: remove error handling from AddrFromSlice.] Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun/netstack: simplify read timeout on ping socketJason A. Donenfeld2022-02-021-43/+14
| | | | | | I'm not 100% sure this is correct, but it certainly is a lot simpler. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun/netstack: implement ICMP pingThomas H. Ptacek2022-02-022-24/+343
| | | | | | | | | | Provide a PacketConn interface for netstack's ICMP endpoint; netstack currently only provides EchoRequest/EchoResponse ICMP support, so this code exposes only an interface for doing ping. Signed-off-by: Thomas Ptacek <thomas@sockpuppet.org> [Jason: rework structure, match std go interfaces, add example code] Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: apply gofumptJason A. Donenfeld2021-12-095-14/+11
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: use netip where possible nowJason A. Donenfeld2021-11-236-72/+99
| | | | | | | | There are more places where we'll need to add it later, when Go 1.18 comes out with support for it in the "net" package. Also, allowedips still uses slices internally, which might be suboptimal. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: move wintun to its own repoJason A. Donenfeld2021-11-041-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* namedpipe: rename from winpipe to keep in sync with CL299009Jason A. Donenfeld2021-11-043-368/+0
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wintun: align 64-bit argument on ARM32Jason A. Donenfeld2021-10-261-1/+5
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun/netstack: update gvisorMikael Magnusson2021-10-223-22/+403
| | | | | | | | | | | | | Update gvisor to v0.0.0-20211020211948-f76a604701b6, which requires some changes to tun.go: WriteRawPacket: Add function with not implemented error. CreateNetTUN: Replace stack.AddAddress with stack.AddProtocolAddress, and fix IPv6 address in error message. Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wintun: allow retrieving DLL versionJason A. Donenfeld2021-10-202-1/+31
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wintun: remove memmod option for dll loadingJason A. Donenfeld2021-10-1613-1481/+39
| | | | | | Only wireguard-windows used this, and it's moving to wgnt exclusively. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: remove old-style build tagsJason A. Donenfeld2021-10-129-9/+0
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: add newer-style build tagsJason A. Donenfeld2021-10-124-0/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wintun: use new swdevice-based API for upcoming Wintun 0.14Jason A. Donenfeld2021-10-122-149/+61
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conn,wintun: use unsafe.Slice instead of unsafeSliceJason A. Donenfeld2021-10-111-20/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* memmod: import from wireguard-windowsJason A. Donenfeld2021-10-115-33/+95
| | | | | | | We'll eventually be getting rid of it here, but keep it sync'd up for now. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: make operateonfd.go build tags more specificTobias Klauser2021-09-231-2/+2
| | | | | | | | (*NativeTun).operateOnFd is only used on darwin and freebsd. Adjust the build tags accordingly. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: avoid leaking sock fd in CreateTUN error casesTobias Klauser2021-09-232-6/+11
| | | | | | | | At these points, the socket file descriptor is not yet wrapped in an *os.File, so it needs to be closed explicitly on error. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: add new go 1.17 build commentsJason A. Donenfeld2021-09-051-0/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* memmod: register exception handler tablesJason A. Donenfeld2021-08-052-0/+19
| | | | | | | | Otherwise recent WDK binaries fail on ARM64, where an exception handler is used for trapping an illegal instruction when ARMv8.1 atomics are being tested for functionality. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* memmod: fix protected delayed load the right wayJason A. Donenfeld2021-07-292-9/+13
| | | | | | | | | | | The reason this was failing before is that dloadsup.h's DloadObtainSection was doing a linear search of sections to find which header corresponds with the IMAGE_DELAYLOAD_DESCRIPTOR section, and we were stupidly overwriting the VirtualSize field, so the linear search wound up matching the .text section, which then it found to not be marked writable and failed with FAST_FAIL_DLOAD_PROTECTION_FAILURE. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* memmod: disable protected delayed load for nowJason A. Donenfeld2021-07-294-2/+155
| | | | | | | Probably a bad idea, but we don't currently support it, and those huge windows.NewCallback trampolines make juicer targets anyway. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: linux: account for interface removal from outsideJason A. Donenfeld2021-05-201-25/+28
| | | | | | | | On Linux we can run `ip link del wg0`, in which case the fd becomes stale, and we should exit. Since this is an intentional action, don't treat it as an error. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: formatJason A. Donenfeld2021-05-072-3/+3
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: windows: set event before waitingJason A. Donenfeld2021-05-071-18/+18
| | | | | | | | | | | In 097af6e ("tun: windows: protect reads from closing") we made sure no functions are running when End() is called, to avoid a UaF. But we still need to kick that event somehow, so that Read() is allowed to exit, in order to release the lock. So this commit calls SetEvent, while moving the closing boolean to be atomic so it can be modified without locks, and then moves to a WaitGroup for the RCU-like pattern. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tun: windows: rearrange struct to avoid alignment trap on 32bitJason A. Donenfeld2021-05-071-4/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-19 21:54:09 +0000