version: bump snapshot

wireguard-go has a bad length check in its transport message handling.
Although it cannot be exploited because of another length check earlier in the
function, this should be fixed regardless.

allowedips.go

@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package main

allowedips_rand_test.go

@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package main

allowedips_test.go

@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package main

bind_test.go

@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package main

conn.go

@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package main

conn_default.go

@@ -2,8 +2,7 @@
 
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package main

conn_linux.go

@@ -2,8 +2,7 @@
 
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  *
  * This implements userspace semantics of "sticky sockets", modeled after
  * WireGuard's kernelspace implementation. This is more or less a straight port
@@ -28,6 +27,10 @@ import (
 	"unsafe"
 )
 
+const (
+	FD_ERR = -1
+)
+
 type IPv4Source struct {
 	src     [4]byte
 	ifindex int32
@@ -127,6 +130,7 @@ func createNetlinkRouteSocket() (int, error) {
 func CreateBind(port uint16, device *Device) (*NativeBind, uint16, error) {
 	var err error
 	var bind NativeBind
+	var newPort uint16
 
 	bind.netlinkSock, err = createNetlinkRouteSocket()
 	if err != nil {
@@ -140,18 +144,35 @@ func CreateBind(port uint16, device *Device) (*NativeBind, uint16, error) {
 
 	go bind.routineRouteListener(device)
 
-	bind.sock6, port, err = create6(port)
-	if err != nil && err != syscall.EAFNOSUPPORT {
-		bind.netlinkCancel.Cancel()
-		return nil, 0, err
+	// attempt ipv6 bind, update port if succesful
+
+	bind.sock6, newPort, err = create6(port)
+	if err != nil {
+		if err != syscall.EAFNOSUPPORT {
+			bind.netlinkCancel.Cancel()
+			return nil, 0, err
+		}
+	} else {
+		port = newPort
 	}
 
-	bind.sock4, port, err = create4(port)
-	if err != nil && err != syscall.EAFNOSUPPORT {
-		bind.netlinkCancel.Cancel()
-		unix.Close(bind.sock6)
-		return nil, 0, err
+	// attempt ipv4 bind, update port if succesful
+
+	bind.sock4, newPort, err = create4(port)
+	if err != nil {
+		if err != syscall.EAFNOSUPPORT {
+			bind.netlinkCancel.Cancel()
+			unix.Close(bind.sock6)
+			return nil, 0, err
+		}
+	} else {
+		port = newPort
 	}
+
+	if bind.sock4 == FD_ERR && bind.sock6 == FD_ERR {
+		return nil, 0, errors.New("ipv4 and ipv6 not supported")
+	}
+
 	return &bind, port, nil
 }
 
@@ -335,7 +356,7 @@ func create4(port uint16) (int, uint16, error) {
 	)
 
 	if err != nil {
-		return -1, 0, err
+		return FD_ERR, 0, err
 	}
 
 	addr := unix.SockaddrInet4{
@@ -366,7 +387,7 @@ func create4(port uint16) (int, uint16, error) {
 		return unix.Bind(fd, &addr)
 	}(); err != nil {
 		unix.Close(fd)
-		return -1, 0, err
+		return FD_ERR, 0, err
 	}
 
 	return fd, uint16(addr.Port), err
@@ -383,7 +404,7 @@ func create6(port uint16) (int, uint16, error) {
 	)
 
 	if err != nil {
-		return -1, 0, err
+		return FD_ERR, 0, err
 	}
 
 	// set sockopts and bind
@@ -425,7 +446,7 @@ func create6(port uint16) (int, uint16, error) {
 
 	}(); err != nil {
 		unix.Close(fd)
-		return -1, 0, err
+		return FD_ERR, 0, err
 	}
 
 	return fd, uint16(addr.Port), err

constants.go

@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package main
@@ -27,18 +26,14 @@ const (
 	PaddingMultiple         = 16
 )
 
-/* Implementation specific constants */
-
 const (
-	QueueOutboundSize  = 1024
-	QueueInboundSize   = 1024
-	QueueHandshakeSize = 1024
-	MaxSegmentSize     = (1 << 16) - 1                         // largest possible UDP datagram
-	MinMessageSize     = MessageKeepaliveSize                  // minimum size of transport message (keepalive)
-	MaxMessageSize     = MaxSegmentSize                        // maximum size of transport message
-	MaxContentSize     = MaxSegmentSize - MessageTransportSize // maximum size of transport message content
+	MinMessageSize = MessageKeepaliveSize                  // minimum size of transport message (keepalive)
+	MaxMessageSize = MaxSegmentSize                        // maximum size of transport message
+	MaxContentSize = MaxSegmentSize - MessageTransportSize // maximum size of transport message content
 )
 
+/* Implementation constants */
+
 const (
 	UnderLoadQueueSize = QueueHandshakeSize / 8
 	UnderLoadAfterTime = time.Second // how long does the device remain under load after detected

cookie.go

@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package main

cookie_test.go

@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package main

device.go

@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package main
@@ -67,7 +66,12 @@ type Device struct {
 	}
 
 	pool struct {
-		messageBuffers sync.Pool
+		messageBufferPool        *sync.Pool
+		messageBufferReuseChan   chan *[MaxMessageSize]byte
+		inboundElementPool       *sync.Pool
+		inboundElementReuseChan  chan *QueueInboundElement
+		outboundElementPool      *sync.Pool
+		outboundElementReuseChan chan *QueueOutboundElement
 	}
 
 	queue struct {
@@ -243,14 +247,6 @@ func (device *Device) SetPrivateKey(sk NoisePrivateKey) error {
 	return nil
 }
 
-func (device *Device) GetMessageBuffer() *[MaxMessageSize]byte {
-	return device.pool.messageBuffers.Get().(*[MaxMessageSize]byte)
-}
-
-func (device *Device) PutMessageBuffer(msg *[MaxMessageSize]byte) {
-	device.pool.messageBuffers.Put(msg)
-}
-
 func NewDevice(tunDevice tun.TUNDevice, logger *Logger) *Device {
 	device := new(Device)
 
@@ -275,11 +271,7 @@ func NewDevice(tunDevice tun.TUNDevice, logger *Logger) *Device {
 	device.indexTable.Init()
 	device.allowedips.Reset()
 
-	device.pool.messageBuffers = sync.Pool{
-		New: func() interface{} {
-			return new([MaxMessageSize]byte)
-		},
-	}
+	device.PopulatePools()
 
 	// create queues
 
@@ -385,10 +377,11 @@ func (device *Device) Close() {
 
 	close(device.signals.stop)
 
+	device.RemoveAllPeers()
+
 	device.state.stopping.Wait()
 	device.FlushPacketQueues()
 
-	device.RemoveAllPeers()
 	device.rate.limiter.Close()
 
 	device.state.changing.Set(false)

device_test.go

@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package main

donotuseon_linux.go

@@ -2,7 +2,7 @@
 
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package main

endpoint_test.go

@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package main

helper_test.go

@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package main

indextable.go

@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package main

ip.go

@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package main

kdf_test.go

@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package main

keypair.go

@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package main

logger.go

@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package main

main.go

@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package main

misc.go

@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package main

noise-helpers.go

@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package main

noise-protocol.go

@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2015-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package main

noise-types.go

@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package main

noise_test.go

@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package main

peer.go

@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package main

pools.go

@@ -0,0 +1,89 @@
+/* SPDX-License-Identifier: GPL-2.0
+ *
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
+ */
+
+package main
+
+import "sync"
+
+func (device *Device) PopulatePools() {
+	if PreallocatedBuffersPerPool == 0 {
+		device.pool.messageBufferPool = &sync.Pool{
+			New: func() interface{} {
+				return new([MaxMessageSize]byte)
+			},
+		}
+		device.pool.inboundElementPool = &sync.Pool{
+			New: func() interface{} {
+				return new(QueueInboundElement)
+			},
+		}
+		device.pool.outboundElementPool = &sync.Pool{
+			New: func() interface{} {
+				return new(QueueOutboundElement)
+			},
+		}
+	} else {
+		device.pool.messageBufferReuseChan = make(chan *[MaxMessageSize]byte, PreallocatedBuffersPerPool)
+		for i := 0; i < PreallocatedBuffersPerPool; i += 1 {
+			device.pool.messageBufferReuseChan <- new([MaxMessageSize]byte)
+		}
+		device.pool.inboundElementReuseChan = make(chan *QueueInboundElement, PreallocatedBuffersPerPool)
+		for i := 0; i < PreallocatedBuffersPerPool; i += 1 {
+			device.pool.inboundElementReuseChan <- new(QueueInboundElement)
+		}
+		device.pool.outboundElementReuseChan = make(chan *QueueOutboundElement, PreallocatedBuffersPerPool)
+		for i := 0; i < PreallocatedBuffersPerPool; i += 1 {
+			device.pool.outboundElementReuseChan <- new(QueueOutboundElement)
+		}
+	}
+}
+
+func (device *Device) GetMessageBuffer() *[MaxMessageSize]byte {
+	if PreallocatedBuffersPerPool == 0 {
+		return device.pool.messageBufferPool.Get().(*[MaxMessageSize]byte)
+	} else {
+		return <-device.pool.messageBufferReuseChan
+	}
+}
+
+func (device *Device) PutMessageBuffer(msg *[MaxMessageSize]byte) {
+	if PreallocatedBuffersPerPool == 0 {
+		device.pool.messageBufferPool.Put(msg)
+	} else {
+		device.pool.messageBufferReuseChan <- msg
+	}
+}
+
+func (device *Device) GetInboundElement() *QueueInboundElement {
+	if PreallocatedBuffersPerPool == 0 {
+		return device.pool.inboundElementPool.Get().(*QueueInboundElement)
+	} else {
+		return <-device.pool.inboundElementReuseChan
+	}
+}
+
+func (device *Device) PutInboundElement(msg *QueueInboundElement) {
+	if PreallocatedBuffersPerPool == 0 {
+		device.pool.inboundElementPool.Put(msg)
+	} else {
+		device.pool.inboundElementReuseChan <- msg
+	}
+}
+
+func (device *Device) GetOutboundElement() *QueueOutboundElement {
+	if PreallocatedBuffersPerPool == 0 {
+		return device.pool.outboundElementPool.Get().(*QueueOutboundElement)
+	} else {
+		return <-device.pool.outboundElementReuseChan
+	}
+}
+
+func (device *Device) PutOutboundElement(msg *QueueOutboundElement) {
+	if PreallocatedBuffersPerPool == 0 {
+		device.pool.outboundElementPool.Put(msg)
+	} else {
+		device.pool.outboundElementReuseChan <- msg
+	}
+}

queueconstants.go

@@ -0,0 +1,16 @@
+/* SPDX-License-Identifier: GPL-2.0
+ *
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
+ */
+
+package main
+
+/* Implementation specific constants */
+
+const (
+	QueueOutboundSize          = 1024
+	QueueInboundSize           = 1024
+	QueueHandshakeSize         = 1024
+	MaxSegmentSize             = (1 << 16) - 1 // largest possible UDP datagram
+	PreallocatedBuffersPerPool = 0             // Disable and allow for infinite memory growth
+)

ratelimiter/ratelimiter.go

@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package ratelimiter

ratelimiter/ratelimiter_test.go

@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package ratelimiter

receive.go

@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package main
@@ -44,59 +43,29 @@ func (elem *QueueInboundElement) IsDropped() bool {
 	return atomic.LoadInt32(&elem.dropped) == AtomicTrue
 }
 
-func (device *Device) addToInboundQueue(
-	queue chan *QueueInboundElement,
-	element *QueueInboundElement,
-) {
-	for {
+func (device *Device) addToInboundAndDecryptionQueues(inboundQueue chan *QueueInboundElement, decryptionQueue chan *QueueInboundElement, element *QueueInboundElement) bool {
+	select {
+	case inboundQueue <- element:
 		select {
-		case queue <- element:
-			return
+		case decryptionQueue <- element:
+			return true
 		default:
-			select {
-			case old := <-queue:
-				old.Drop()
-			default:
-			}
+			element.Drop()
+			element.mutex.Unlock()
+			return false
 		}
+	default:
+		device.PutInboundElement(element)
+		return false
 	}
 }
 
-func (device *Device) addToDecryptionQueue(
-	queue chan *QueueInboundElement,
-	element *QueueInboundElement,
-) {
-	for {
-		select {
-		case queue <- element:
-			return
-		default:
-			select {
-			case old := <-queue:
-				// drop & release to potential consumer
-				old.Drop()
-				old.mutex.Unlock()
-			default:
-			}
-		}
-	}
-}
-
-func (device *Device) addToHandshakeQueue(
-	queue chan QueueHandshakeElement,
-	element QueueHandshakeElement,
-) {
-	for {
-		select {
-		case queue <- element:
-			return
-		default:
-			select {
-			case elem := <-queue:
-				device.PutMessageBuffer(elem.buffer)
-			default:
-			}
-		}
+func (device *Device) addToHandshakeQueue(queue chan QueueHandshakeElement, element QueueHandshakeElement) bool {
+	select {
+	case queue <- element:
+		return true
+	default:
+		return false
 	}
 }
 
@@ -155,6 +124,7 @@ func (device *Device) RoutineReceiveIncoming(IP int, bind Bind) {
 		}
 
 		if err != nil {
+			device.PutMessageBuffer(buffer)
 			return
 		}
 
@@ -177,7 +147,7 @@ func (device *Device) RoutineReceiveIncoming(IP int, bind Bind) {
 
 			// check size
 
-			if len(packet) < MessageTransportType {
+			if len(packet) < MessageTransportSize {
 				continue
 			}
 
@@ -199,23 +169,23 @@ func (device *Device) RoutineReceiveIncoming(IP int, bind Bind) {
 			}
 
 			// create work element
-
 			peer := value.peer
-			elem := &QueueInboundElement{
-				packet:   packet,
-				buffer:   buffer,
-				keypair:  keypair,
-				dropped:  AtomicFalse,
-				endpoint: endpoint,
-			}
+			elem := device.GetInboundElement()
+			elem.packet = packet
+			elem.buffer = buffer
+			elem.keypair = keypair
+			elem.dropped = AtomicFalse
+			elem.endpoint = endpoint
+			elem.counter = 0
+			elem.mutex = sync.Mutex{}
 			elem.mutex.Lock()
 
 			// add to decryption queues
 
 			if peer.isRunning.Get() {
-				device.addToDecryptionQueue(device.queue.decryption, elem)
-				device.addToInboundQueue(peer.queue.inbound, elem)
-				buffer = device.GetMessageBuffer()
+				if device.addToInboundAndDecryptionQueues(peer.queue.inbound, device.queue.decryption, elem) {
+					buffer = device.GetMessageBuffer()
+				}
 			}
 
 			continue
@@ -236,7 +206,7 @@ func (device *Device) RoutineReceiveIncoming(IP int, bind Bind) {
 		}
 
 		if okay {
-			device.addToHandshakeQueue(
+			if (device.addToHandshakeQueue(
 				device.queue.handshake,
 				QueueHandshakeElement{
 					msgType:  msgType,
@@ -244,8 +214,9 @@ func (device *Device) RoutineReceiveIncoming(IP int, bind Bind) {
 					packet:   packet,
 					endpoint: endpoint,
 				},
-			)
-			buffer = device.GetMessageBuffer()
+			)) {
+				buffer = device.GetMessageBuffer()
+			}
 		}
 	}
 }
@@ -308,6 +279,7 @@ func (device *Device) RoutineDecryption() {
 			)
 			if err != nil {
 				elem.Drop()
+				device.PutMessageBuffer(elem.buffer)
 			}
 			elem.mutex.Unlock()
 		}
@@ -322,18 +294,26 @@ func (device *Device) RoutineHandshake() {
 	logError := device.log.Error
 	logDebug := device.log.Debug
 
+	var elem QueueHandshakeElement
+	var ok bool
+
 	defer func() {
 		logDebug.Println("Routine: handshake worker - stopped")
 		device.state.stopping.Done()
+		if elem.buffer != nil {
+			device.PutMessageBuffer(elem.buffer)
+		}
 	}()
 
 	logDebug.Println("Routine: handshake worker - started")
 	device.state.starting.Done()
 
-	var elem QueueHandshakeElement
-	var ok bool
-
 	for {
+		if elem.buffer != nil {
+			device.PutMessageBuffer(elem.buffer)
+			elem.buffer = nil
+		}
+
 		select {
 		case elem, ok = <-device.queue.handshake:
 		case <-device.signals.stop:
@@ -506,9 +486,18 @@ func (peer *Peer) RoutineSequentialReceiver() {
 	logError := device.log.Error
 	logDebug := device.log.Debug
 
+	var elem *QueueInboundElement
+	var ok bool
+
 	defer func() {
 		logDebug.Println(peer, "- Routine: sequential receiver - stopped")
 		peer.routines.stopping.Done()
+		if elem != nil {
+			if !elem.IsDropped() {
+				device.PutMessageBuffer(elem.buffer)
+			}
+			device.PutInboundElement(elem)
+		}
 	}()
 
 	logDebug.Println(peer, "- Routine: sequential receiver - started")
@@ -516,13 +505,20 @@ func (peer *Peer) RoutineSequentialReceiver() {
 	peer.routines.starting.Done()
 
 	for {
+		if elem != nil {
+			if !elem.IsDropped() {
+				device.PutMessageBuffer(elem.buffer)
+			}
+			device.PutInboundElement(elem)
+			elem = nil
+		}
 
 		select {
 
 		case <-peer.routines.stop:
 			return
 
-		case elem, ok := <-peer.queue.inbound:
+		case elem, ok = <-peer.queue.inbound:
 
 			if !ok {
 				return
@@ -633,10 +629,7 @@ func (peer *Peer) RoutineSequentialReceiver() {
 
 			offset := MessageTransportOffsetContent
 			atomic.AddUint64(&peer.stats.rxBytes, uint64(len(elem.packet)))
-			_, err := device.tun.device.Write(
-				elem.buffer[:offset+len(elem.packet)],
-				offset)
-			device.PutMessageBuffer(elem.buffer)
+			_, err := device.tun.device.Write(elem.buffer[:offset+len(elem.packet)], offset)
 			if err != nil {
 				logError.Println("Failed to write packet to TUN device:", err)
 			}

replay/replay.go

@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package replay

replay/replay_test.go

@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package replay

rwcancel/fdset_default.go

@@ -2,7 +2,7 @@
 
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package rwcancel

rwcancel/fdset_freebsd.go

@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package rwcancel

rwcancel/rwcancel.go

@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package rwcancel

rwcancel/select_default.go

@@ -2,7 +2,7 @@
 
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package rwcancel

rwcancel/select_linux.go

@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package rwcancel

send.go

@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package main
@@ -53,10 +52,14 @@ type QueueOutboundElement struct {
 }
 
 func (device *Device) NewOutboundElement() *QueueOutboundElement {
-	return &QueueOutboundElement{
-		dropped: AtomicFalse,
-		buffer:  device.pool.messageBuffers.Get().(*[MaxMessageSize]byte),
-	}
+	elem := device.GetOutboundElement()
+	elem.dropped = AtomicFalse
+	elem.buffer = device.GetMessageBuffer()
+	elem.mutex = sync.Mutex{}
+	elem.nonce = 0
+	elem.keypair = nil
+	elem.peer = nil
+	return elem
 }
 
 func (elem *QueueOutboundElement) Drop() {
@@ -67,10 +70,7 @@ func (elem *QueueOutboundElement) IsDropped() bool {
 	return atomic.LoadInt32(&elem.dropped) == AtomicTrue
 }
 
-func addToOutboundQueue(
-	queue chan *QueueOutboundElement,
-	element *QueueOutboundElement,
-) {
+func addToNonceQueue(queue chan *QueueOutboundElement, element *QueueOutboundElement, device *Device) {
 	for {
 		select {
 		case queue <- element:
@@ -78,30 +78,28 @@ func addToOutboundQueue(
 		default:
 			select {
 			case old := <-queue:
-				old.Drop()
+				device.PutMessageBuffer(old.buffer)
+				device.PutOutboundElement(old)
 			default:
 			}
 		}
 	}
 }
 
-func addToEncryptionQueue(
-	queue chan *QueueOutboundElement,
-	element *QueueOutboundElement,
-) {
-	for {
+func addToOutboundAndEncryptionQueues(outboundQueue chan *QueueOutboundElement, encryptionQueue chan *QueueOutboundElement, element *QueueOutboundElement) {
+	select {
+	case outboundQueue <- element:
 		select {
-		case queue <- element:
+		case encryptionQueue <- element:
 			return
 		default:
-			select {
-			case old := <-queue:
-				// drop & release to potential consumer
-				old.Drop()
-				old.mutex.Unlock()
-			default:
-			}
+			element.Drop()
+			element.peer.device.PutMessageBuffer(element.buffer)
+			element.mutex.Unlock()
 		}
+	default:
+		element.peer.device.PutMessageBuffer(element.buffer)
+		element.peer.device.PutOutboundElement(element)
 	}
 }
 
@@ -118,6 +116,8 @@ func (peer *Peer) SendKeepalive() bool {
 		peer.device.log.Debug.Println(peer, "- Sending keepalive packet")
 		return true
 	default:
+		peer.device.PutMessageBuffer(elem.buffer)
+		peer.device.PutOutboundElement(elem)
 		return false
 	}
 }
@@ -243,8 +243,6 @@ func (peer *Peer) keepKeyFreshSending() {
  */
 func (device *Device) RoutineReadFromTUN() {
 
-	elem := device.NewOutboundElement()
-
 	logDebug := device.log.Debug
 	logError := device.log.Error
 
@@ -256,7 +254,14 @@ func (device *Device) RoutineReadFromTUN() {
 	logDebug.Println("Routine: TUN reader - started")
 	device.state.starting.Done()
 
+	var elem *QueueOutboundElement
+
 	for {
+		if elem != nil {
+			device.PutMessageBuffer(elem.buffer)
+			device.PutOutboundElement(elem)
+		}
+		elem = device.NewOutboundElement()
 
 		// read packet
 
@@ -268,6 +273,8 @@ func (device *Device) RoutineReadFromTUN() {
 				logError.Println("Failed to read packet from TUN device:", err)
 				device.Close()
 			}
+			device.PutMessageBuffer(elem.buffer)
+			device.PutOutboundElement(elem)
 			return
 		}
 
@@ -309,8 +316,8 @@ func (device *Device) RoutineReadFromTUN() {
 			if peer.queue.packetInNonceQueueIsAwaitingKey.Get() {
 				peer.SendHandshakeInitiation(false)
 			}
-			addToOutboundQueue(peer.queue.nonce, elem)
-			elem = device.NewOutboundElement()
+			addToNonceQueue(peer.queue.nonce, elem, device)
+			elem = nil
 		}
 	}
 }
@@ -334,22 +341,25 @@ func (peer *Peer) RoutineNonce() {
 	device := peer.device
 	logDebug := device.log.Debug
 
-	defer func() {
-		logDebug.Println(peer, "- Routine: nonce worker - stopped")
-		peer.queue.packetInNonceQueueIsAwaitingKey.Set(false)
-		peer.routines.stopping.Done()
-	}()
-
 	flush := func() {
 		for {
 			select {
-			case <-peer.queue.nonce:
+			case elem := <-peer.queue.nonce:
+				device.PutMessageBuffer(elem.buffer)
+				device.PutOutboundElement(elem)
 			default:
 				return
 			}
 		}
 	}
 
+	defer func() {
+		flush()
+		logDebug.Println(peer, "- Routine: nonce worker - stopped")
+		peer.queue.packetInNonceQueueIsAwaitingKey.Set(false)
+		peer.routines.stopping.Done()
+	}()
+
 	peer.routines.starting.Done()
 	logDebug.Println(peer, "- Routine: nonce worker - started")
 
@@ -403,10 +413,14 @@ func (peer *Peer) RoutineNonce() {
 					logDebug.Println(peer, "- Obtained awaited keypair")
 
 				case <-peer.signals.flushNonceQueue:
+					device.PutMessageBuffer(elem.buffer)
+					device.PutOutboundElement(elem)
 					flush()
 					goto NextPacket
 
 				case <-peer.routines.stop:
+					device.PutMessageBuffer(elem.buffer)
+					device.PutOutboundElement(elem)
 					return
 				}
 			}
@@ -421,6 +435,8 @@ func (peer *Peer) RoutineNonce() {
 
 			if elem.nonce >= RejectAfterMessages {
 				atomic.StoreUint64(&keypair.sendNonce, RejectAfterMessages)
+				device.PutMessageBuffer(elem.buffer)
+				device.PutOutboundElement(elem)
 				goto NextPacket
 			}
 
@@ -429,9 +445,7 @@ func (peer *Peer) RoutineNonce() {
 			elem.mutex.Lock()
 
 			// add to parallel and sequential queue
-
-			addToEncryptionQueue(device.queue.encryption, elem)
-			addToOutboundQueue(peer.queue.outbound, elem)
+			addToOutboundAndEncryptionQueues(peer.queue.outbound, device.queue.encryption, elem)
 		}
 	}
 }
@@ -448,6 +462,19 @@ func (device *Device) RoutineEncryption() {
 	logDebug := device.log.Debug
 
 	defer func() {
+		for {
+			select {
+			case elem, ok := <-device.queue.encryption:
+				if ok && !elem.IsDropped() {
+					elem.Drop()
+					device.PutMessageBuffer(elem.buffer)
+					elem.mutex.Unlock()
+				}
+			default:
+				goto out
+			}
+		}
+	out:
 		logDebug.Println("Routine: encryption worker - stopped")
 		device.state.stopping.Done()
 	}()
@@ -490,11 +517,13 @@ func (device *Device) RoutineEncryption() {
 			// pad content to multiple of 16
 
 			mtu := int(atomic.LoadInt32(&device.tun.mtu))
-			rem := len(elem.packet) % PaddingMultiple
-			if rem > 0 {
-				for i := 0; i < PaddingMultiple-rem && len(elem.packet) < mtu; i++ {
-					elem.packet = append(elem.packet, 0)
-				}
+			lastUnit := len(elem.packet) % mtu
+			paddedSize := (lastUnit + PaddingMultiple - 1) & ^(PaddingMultiple - 1)
+			if paddedSize > mtu {
+				paddedSize = mtu
+			}
+			for i := len(elem.packet); i < paddedSize; i++ {
+				elem.packet = append(elem.packet, 0)
 			}
 
 			// encrypt content and release to consumer
@@ -521,8 +550,25 @@ func (peer *Peer) RoutineSequentialSender() {
 	device := peer.device
 
 	logDebug := device.log.Debug
+	logError := device.log.Error
 
 	defer func() {
+		for {
+			select {
+			case elem, ok := <-peer.queue.outbound:
+				if ok {
+					if !elem.IsDropped() {
+						device.PutMessageBuffer(elem.buffer)
+						elem.Drop()
+					}
+					device.PutOutboundElement(elem)
+					elem.mutex.Unlock()
+				}
+			default:
+				goto out
+			}
+		}
+	out:
 		logDebug.Println(peer, "- Routine: sequential sender - stopped")
 		peer.routines.stopping.Done()
 	}()
@@ -545,6 +591,7 @@ func (peer *Peer) RoutineSequentialSender() {
 
 			elem.mutex.Lock()
 			if elem.IsDropped() {
+				device.PutOutboundElement(elem)
 				continue
 			}
 
@@ -556,8 +603,9 @@ func (peer *Peer) RoutineSequentialSender() {
 			length := uint64(len(elem.packet))
 			err := peer.SendBuffer(elem.packet)
 			device.PutMessageBuffer(elem.buffer)
+			device.PutOutboundElement(elem)
 			if err != nil {
-				logDebug.Println("Failed to send authenticated packet to peer", peer)
+				logError.Println(peer, "- Failed to send data packet", err)
 				continue
 			}
 			atomic.AddUint64(&peer.stats.txBytes, length)

tai64n/tai64n.go

@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package tai64n

tai64n/tai64n_test.go

@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package tai64n

timers.go

@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2015-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  *
  * This is based heavily on timers.c from the kernel implementation.
  */

tun.go

@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package main

tun/tun.go

@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package tun

tun/tun_darwin.go

@@ -2,8 +2,7 @@
 
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package tun

tun/tun_freebsd.go

@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package tun

tun/tun_linux.go

@@ -1,11 +1,8 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
-/* Copyright 2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. */
-
 package tun
 
 /* Implementation of the TUN device interface for linux

tun/tun_openbsd.go

@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package tun

uapi.go

@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package main
@@ -75,6 +74,7 @@ func ipcGetOperation(device *Device, socket *bufio.ReadWriter) *IPCError {
 
 			send("public_key=" + peer.handshake.remoteStatic.ToHex())
 			send("preshared_key=" + peer.handshake.presharedKey.ToHex())
+			send("protocol_version=1")
 			if peer.endpoint != nil {
 				send("endpoint=" + peer.endpoint.DstToString())
 			}
@@ -362,6 +362,13 @@ func ipcSetOperation(device *Device, socket *bufio.ReadWriter) *IPCError {
 				ones, _ := network.Mask.Size()
 				device.allowedips.Insert(network.IP, uint(ones), peer)
 
+			case "protocol_version":
+
+				if value != "1" {
+					logError.Println("Invalid protocol version:", value)
+					return &IPCError{Code: ipcErrorInvalid}
+				}
+
 			default:
 				logError.Println("Invalid UAPI peer key:", key)
 				return &IPCError{Code: ipcErrorInvalid}

uapi_bsd.go

@@ -2,8 +2,7 @@
 
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package main
@@ -18,12 +17,13 @@ import (
 	"unsafe"
 )
 
+var socketDirectory = "/var/run/wireguard"
+
 const (
 	ipcErrorIO        = -int64(unix.EIO)
 	ipcErrorProtocol  = -int64(unix.EPROTO)
 	ipcErrorInvalid   = -int64(unix.EINVAL)
 	ipcErrorPortInUse = -int64(unix.EADDRINUSE)
-	socketDirectory   = "/var/run/wireguard"
 	socketName        = "%s.sock"
 )
 

uapi_linux.go

@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package main
@@ -16,12 +15,13 @@ import (
 	"path"
 )
 
+var socketDirectory = "/var/run/wireguard"
+
 const (
 	ipcErrorIO        = -int64(unix.EIO)
 	ipcErrorProtocol  = -int64(unix.EPROTO)
 	ipcErrorInvalid   = -int64(unix.EINVAL)
 	ipcErrorPortInUse = -int64(unix.EADDRINUSE)
-	socketDirectory   = "/var/run/wireguard"
 	socketName        = "%s.sock"
 )
 

version.go

@@ -1,2 +1,2 @@
 package main
-const WireGuardGoVersion = "0.0.20180613"
+const WireGuardGoVersion = "0.0.20181001"

xchacha20poly1305/xchacha20.go

@@ -1,7 +1,7 @@
 /* SPDX-License-Identifier: MIT
  *
  * Copyright (C) 2016 Andreas Auernhammer. All Rights Reserved.
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package xchacha20poly1305

xchacha20poly1305/xchacha20_test.go

@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
  *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
  */
 
 package xchacha20poly1305