version: bump snapshot

Interestingly, ksh(1) on OpenBSD does not export PWD by default, and it
also has a notion of the "logical cwd" vs the "physical cwd", with the
latter being passed to chdir, but the former being stored in the
non-exported PWD and displayed to the user. This means that if you `cd`
into a directory that's comprised of symlinks, exec'd processes will see
the physical path. Observe:

  # ksh
  # mkdir a
  # ln -s a b
  # cd b
  # pwd
  /root/b
  # ksh -c pwd
  /root/a

The fact of separating physical and logical paths is not too uncommon
for shells (bash does it too), but not exporting PWD is very odd.

Since this is common behavior for many shells, libraries that return the
working directory will do something strange: they `stat(".")` and then
`stat(getenv("PWD"))`, and if these point to the same inode, they roll
with the value of `getenv("PWD")`, or otherwise fallback to asking the
kernel for the cwd.

Since PWD was not exported by ksh(1), Go's dep utility did not understand
it was operating inside of our faked GOPATH and became upset.

This patch works around the whole situation by simply exporting PWD
before executing dep.

Makefile

@@ -5,6 +5,8 @@ BINDIR ?= $(PREFIX)/bin
 ifeq ($(shell go env GOOS),linux)
 ifeq ($(wildcard .git),)
 $(error Do not build this for Linux. Instead use the Linux kernel module. See wireguard.com/install/ for more info.)
+else
+$(shell printf 'package main\nconst UseTheKernelModuleInstead = 0xdeadbabe\n' > ireallywantobuildon_linux.go)
 endif
 endif
 
@@ -30,7 +32,7 @@ version.go:
 
 vendor/.created: Gopkg.toml Gopkg.lock | .gopath/.created
 	command -v dep >/dev/null || go get -v github.com/golang/dep/cmd/dep
-	cd .gopath/src/$(GO_IMPORT_PATH) && dep ensure -vendor-only -v
+	export PWD; cd .gopath/src/$(GO_IMPORT_PATH) && dep ensure -vendor-only -v
 	touch $@
 
 wireguard-go: $(wildcard *.go) $(wildcard */*.go) .gopath/.created vendor/.created version.go

README.md

@@ -76,9 +76,9 @@ $ make
     are otherwise in compliance with the GPLv2 for each covered work you convey
     (including without limitation making the Corresponding Source available in
     compliance with Section 3 of the GPLv2), you are granted the additional
-    the additional permission to convey through the Apple App Store
+    permission to convey through the Apple App Store non-source executable
-    non-source executable versions of the Program as incorporated into each
+    versions of the Program as incorporated into each applicable covered work
-    applicable covered work as Executable Versions only under the Mozilla
+    as Executable Versions only under the Mozilla Public License version 2.0
-    Public License version 2.0 (https://www.mozilla.org/en-US/MPL/2.0/).
+    (https://www.mozilla.org/en-US/MPL/2.0/).
     
 

conn_default.go

@@ -11,7 +11,9 @@ package main
 import (
 	"golang.org/x/sys/unix"
 	"net"
+	"os"
 	"runtime"
+	"syscall"
 )
 
 /* This code is meant to be a temporary solution
@@ -87,6 +89,18 @@ func listenNet(network string, port int) (*net.UDPConn, int, error) {
 	return conn, uaddr.Port, nil
 }
 
+func extractErrno(err error) error {
+	opErr, ok := err.(*net.OpError)
+	if !ok {
+		return nil
+	}
+	syscallErr, ok := opErr.Err.(*os.SyscallError)
+	if !ok {
+		return nil
+	}
+	return syscallErr.Err
+}
+
 func CreateBind(uport uint16, device *Device) (Bind, uint16, error) {
 	var err error
 	var bind NativeBind
@@ -94,13 +108,15 @@ func CreateBind(uport uint16, device *Device) (Bind, uint16, error) {
 	port := int(uport)
 
 	bind.ipv4, port, err = listenNet("udp4", port)
-	if err != nil {
+	if err != nil && extractErrno(err) != syscall.EAFNOSUPPORT {
 		return nil, 0, err
 	}
 
 	bind.ipv6, port, err = listenNet("udp6", port)
-	if err != nil {
+	if err != nil && extractErrno(err) != syscall.EAFNOSUPPORT {
+		return nil, 0, err
 		bind.ipv4.Close()
+		bind.ipv4 = nil
 		return nil, 0, err
 	}
 
@@ -108,8 +124,13 @@ func CreateBind(uport uint16, device *Device) (Bind, uint16, error) {
 }
 
 func (bind *NativeBind) Close() error {
-	err1 := bind.ipv4.Close()
+	var err1, err2 error
-	err2 := bind.ipv6.Close()
+	if bind.ipv4 != nil {
+		err1 = bind.ipv4.Close()
+	}
+	if bind.ipv6 != nil {
+		err2 = bind.ipv6.Close()
+	}
 	if err1 != nil {
 		return err1
 	}
@@ -117,6 +138,9 @@ func (bind *NativeBind) Close() error {
 }
 
 func (bind *NativeBind) ReceiveIPv4(buff []byte) (int, Endpoint, error) {
+	if bind.ipv4 == nil {
+		return 0, nil, syscall.EAFNOSUPPORT
+	}
 	n, endpoint, err := bind.ipv4.ReadFromUDP(buff)
 	if endpoint != nil {
 		endpoint.IP = endpoint.IP.To4()
@@ -125,6 +149,9 @@ func (bind *NativeBind) ReceiveIPv4(buff []byte) (int, Endpoint, error) {
 }
 
 func (bind *NativeBind) ReceiveIPv6(buff []byte) (int, Endpoint, error) {
+	if bind.ipv6 == nil {
+		return 0, nil, syscall.EAFNOSUPPORT
+	}
 	n, endpoint, err := bind.ipv6.ReadFromUDP(buff)
 	return n, (*NativeEndpoint)(endpoint), err
 }
@@ -133,8 +160,14 @@ func (bind *NativeBind) Send(buff []byte, endpoint Endpoint) error {
 	var err error
 	nend := endpoint.(*NativeEndpoint)
 	if nend.IP.To4() != nil {
+		if bind.ipv4 == nil {
+			return syscall.EAFNOSUPPORT
+		}
 		_, err = bind.ipv4.WriteToUDP(buff, (*net.UDPAddr)(nend))
 	} else {
+		if bind.ipv6 == nil {
+			return syscall.EAFNOSUPPORT
+		}
 		_, err = bind.ipv6.WriteToUDP(buff, (*net.UDPAddr)(nend))
 	}
 	return err
@@ -157,31 +190,29 @@ func (bind *NativeBind) SetMark(mark uint32) error {
 	if fwmarkIoctl == 0 {
 		return nil
 	}
-	fd4, err1 := bind.ipv4.SyscallConn()
+	if bind.ipv4 != nil {
-	fd6, err2 := bind.ipv6.SyscallConn()
+		fd, err := bind.ipv4.SyscallConn()
-	if err1 != nil {
+		if err != nil {
-		return err1
+			return err
+		}
+		err = fd.Control(func(fd uintptr) {
+			err = unix.SetsockoptInt(int(fd), unix.SOL_SOCKET, fwmarkIoctl, int(mark))
+		})
+		if err != nil {
+			return err
+		}
 	}
-	if err2 != nil {
+	if bind.ipv6 != nil {
-		return err2
+		fd, err := bind.ipv6.SyscallConn()
-	}
+		if err != nil {
-	err3 := fd4.Control(func(fd uintptr) {
+			return err
-		err1 = unix.SetsockoptInt(int(fd), unix.SOL_SOCKET, fwmarkIoctl, int(mark))
+		}
-	})
+		err = fd.Control(func(fd uintptr) {
-	err4 := fd6.Control(func(fd uintptr) {
+			err = unix.SetsockoptInt(int(fd), unix.SOL_SOCKET, fwmarkIoctl, int(mark))
-		err2 = unix.SetsockoptInt(int(fd), unix.SOL_SOCKET, fwmarkIoctl, int(mark))
+		})
-	})
+		if err != nil {
-	if err1 != nil {
+			return err
-		return err1
+		}
-	}
-	if err2 != nil {
-		return err2
-	}
-	if err3 != nil {
-		return err3
-	}
-	if err4 != nil {
-		return err4
 	}
 	return nil
 }

conn_linux.go

@@ -24,6 +24,7 @@ import (
 	"net"
 	"strconv"
 	"sync"
+	"syscall"
 	"unsafe"
 )
 
@@ -140,40 +141,45 @@ func CreateBind(port uint16, device *Device) (*NativeBind, uint16, error) {
 	go bind.routineRouteListener(device)
 
 	bind.sock6, port, err = create6(port)
-	if err != nil {
+	if err != nil && err != syscall.EAFNOSUPPORT {
 		bind.netlinkCancel.Cancel()
-		return nil, port, err
+		return nil, 0, err
 	}
 
 	bind.sock4, port, err = create4(port)
-	if err != nil {
+	if err != nil && err != syscall.EAFNOSUPPORT {
 		bind.netlinkCancel.Cancel()
 		unix.Close(bind.sock6)
+		return nil, 0, err
 	}
-	return &bind, port, err
+	return &bind, port, nil
 }
 
 func (bind *NativeBind) SetMark(value uint32) error {
-	err := unix.SetsockoptInt(
+	if bind.sock6 != -1 {
-		bind.sock6,
+		err := unix.SetsockoptInt(
-		unix.SOL_SOCKET,
+			bind.sock6,
-		unix.SO_MARK,
+			unix.SOL_SOCKET,
-		int(value),
+			unix.SO_MARK,
-	)
+			int(value),
+		)
 
-	if err != nil {
+		if err != nil {
-		return err
+			return err
+		}
 	}
 
-	err = unix.SetsockoptInt(
+	if bind.sock4 != -1 {
-		bind.sock4,
+		err := unix.SetsockoptInt(
-		unix.SOL_SOCKET,
+			bind.sock4,
-		unix.SO_MARK,
+			unix.SOL_SOCKET,
-		int(value),
+			unix.SO_MARK,
-	)
+			int(value),
+		)
 
-	if err != nil {
+		if err != nil {
-		return err
+			return err
+		}
 	}
 
 	bind.lastMark = value
@@ -187,9 +193,14 @@ func closeUnblock(fd int) error {
 }
 
 func (bind *NativeBind) Close() error {
-	err1 := closeUnblock(bind.sock6)
+	var err1, err2, err3 error
-	err2 := closeUnblock(bind.sock4)
+	if bind.sock6 != -1 {
-	err3 := bind.netlinkCancel.Cancel()
+		err1 = closeUnblock(bind.sock6)
+	}
+	if bind.sock4 != -1 {
+		err2 = closeUnblock(bind.sock4)
+	}
+	err3 = bind.netlinkCancel.Cancel()
 
 	if err1 != nil {
 		return err1
@@ -202,6 +213,9 @@ func (bind *NativeBind) Close() error {
 
 func (bind *NativeBind) ReceiveIPv6(buff []byte) (int, Endpoint, error) {
 	var end NativeEndpoint
+	if bind.sock6 == -1 {
+		return 0, nil, syscall.EAFNOSUPPORT
+	}
 	n, err := receive6(
 		bind.sock6,
 		buff,
@@ -212,6 +226,9 @@ func (bind *NativeBind) ReceiveIPv6(buff []byte) (int, Endpoint, error) {
 
 func (bind *NativeBind) ReceiveIPv4(buff []byte) (int, Endpoint, error) {
 	var end NativeEndpoint
+	if bind.sock4 == -1 {
+		return 0, nil, syscall.EAFNOSUPPORT
+	}
 	n, err := receive4(
 		bind.sock4,
 		buff,
@@ -223,8 +240,14 @@ func (bind *NativeBind) ReceiveIPv4(buff []byte) (int, Endpoint, error) {
 func (bind *NativeBind) Send(buff []byte, end Endpoint) error {
 	nend := end.(*NativeEndpoint)
 	if !nend.isV6 {
+		if bind.sock4 == -1 {
+			return syscall.EAFNOSUPPORT
+		}
 		return send4(bind.sock4, nend, buff)
 	} else {
+		if bind.sock6 == -1 {
+			return syscall.EAFNOSUPPORT
+		}
 		return send6(bind.sock6, nend, buff)
 	}
 }

tun/tun_darwin.go

@@ -1,3 +1,5 @@
+// +build !ios
+
 /* SPDX-License-Identifier: GPL-2.0
  *
  * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.

version.go

@@ -1,2 +1,2 @@
 package main
-const WireGuardGoVersion = "0.0.20180531"
+const WireGuardGoVersion = "0.0.20180613"