version: bump snapshot

Adding missing queueconstants file
Fix transport message length check
2018-10-01 17:58:31 +02:00 · 2018-10-01 16:11:31 +02:00 · 2018-09-25 05:18:11 +02:00 · 2018-09-25 02:31:02 +02:00 · 2018-09-24 01:52:02 +02:00 · 2018-09-24 00:37:43 +02:00
55 changed files with 374 additions and 243 deletions
--- a/allowedips.go
+++ b/allowedips.go
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package main
--- a/allowedips_rand_test.go
+++ b/allowedips_rand_test.go
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package main
--- a/allowedips_test.go
+++ b/allowedips_test.go
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package main
--- a/bind_test.go
+++ b/bind_test.go
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package main
--- a/conn.go
+++ b/conn.go
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package main
--- a/conn_default.go
+++ b/conn_default.go
@@ -2,8 +2,7 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package main
--- a/conn_linux.go
+++ b/conn_linux.go
@@ -2,8 +2,7 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 *
 * This implements userspace semantics of "sticky sockets", modeled after
 * WireGuard's kernelspace implementation. This is more or less a straight port
@@ -28,6 +27,10 @@ import (
 	"unsafe"
 )
 const (
 	FD_ERR = -1
 )
 type IPv4Source struct {
 	src     [4]byte
 	ifindex int32
@@ -127,6 +130,7 @@ func createNetlinkRouteSocket() (int, error) {
 func CreateBind(port uint16, device *Device) (*NativeBind, uint16, error) {
 	var err error
 	var bind NativeBind
 	var newPort uint16
 	bind.netlinkSock, err = createNetlinkRouteSocket()
 	if err != nil {
@@ -140,18 +144,35 @@ func CreateBind(port uint16, device *Device) (*NativeBind, uint16, error) {
 	go bind.routineRouteListener(device)
-	bind.sock6, port, err = create6(port)
+	// attempt ipv6 bind, update port if succesful
-	if err != nil && err != syscall.EAFNOSUPPORT {
+
-		bind.netlinkCancel.Cancel()
+	bind.sock6, newPort, err = create6(port)
-		return nil, 0, err
+	if err != nil {
 		if err != syscall.EAFNOSUPPORT {
 			bind.netlinkCancel.Cancel()
 			return nil, 0, err
 		}
 	} else {
 		port = newPort
 	}
-	bind.sock4, port, err = create4(port)
+	// attempt ipv4 bind, update port if succesful
-	if err != nil && err != syscall.EAFNOSUPPORT {
+
-		bind.netlinkCancel.Cancel()
+	bind.sock4, newPort, err = create4(port)
-		unix.Close(bind.sock6)
+	if err != nil {
-		return nil, 0, err
+		if err != syscall.EAFNOSUPPORT {
 			bind.netlinkCancel.Cancel()
 			unix.Close(bind.sock6)
 			return nil, 0, err
 		}
 	} else {
 		port = newPort
 	}
 	if bind.sock4 == FD_ERR && bind.sock6 == FD_ERR {
 		return nil, 0, errors.New("ipv4 and ipv6 not supported")
 	}
 	return &bind, port, nil
 }
@@ -335,7 +356,7 @@ func create4(port uint16) (int, uint16, error) {
 	)
 	if err != nil {
-		return -1, 0, err
+		return FD_ERR, 0, err
 	}
 	addr := unix.SockaddrInet4{
@@ -366,7 +387,7 @@ func create4(port uint16) (int, uint16, error) {
 		return unix.Bind(fd, &addr)
 	}(); err != nil {
 		unix.Close(fd)
-		return -1, 0, err
+		return FD_ERR, 0, err
 	}
 	return fd, uint16(addr.Port), err
@@ -383,7 +404,7 @@ func create6(port uint16) (int, uint16, error) {
 	)
 	if err != nil {
-		return -1, 0, err
+		return FD_ERR, 0, err
 	}
 	// set sockopts and bind
@@ -425,7 +446,7 @@ func create6(port uint16) (int, uint16, error) {
 	}(); err != nil {
 		unix.Close(fd)
-		return -1, 0, err
+		return FD_ERR, 0, err
 	}
 	return fd, uint16(addr.Port), err
--- a/constants.go
+++ b/constants.go
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package main
@@ -27,18 +26,14 @@ const (
 	PaddingMultiple         = 16
 )
 /* Implementation specific constants */
 const (
-	QueueOutboundSize  = 1024
+	MinMessageSize = MessageKeepaliveSize                  // minimum size of transport message (keepalive)
-	QueueInboundSize   = 1024
+	MaxMessageSize = MaxSegmentSize                        // maximum size of transport message
-	QueueHandshakeSize = 1024
+	MaxContentSize = MaxSegmentSize - MessageTransportSize // maximum size of transport message content
 	MaxSegmentSize     = (1 << 16) - 1                         // largest possible UDP datagram
 	MinMessageSize     = MessageKeepaliveSize                  // minimum size of transport message (keepalive)
 	MaxMessageSize     = MaxSegmentSize                        // maximum size of transport message
 	MaxContentSize     = MaxSegmentSize - MessageTransportSize // maximum size of transport message content
 )
 /* Implementation constants */
 const (
 	UnderLoadQueueSize = QueueHandshakeSize / 8
 	UnderLoadAfterTime = time.Second // how long does the device remain under load after detected
--- a/cookie.go
+++ b/cookie.go
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package main
--- a/cookie_test.go
+++ b/cookie_test.go
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package main
--- a/device.go
+++ b/device.go
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package main
@@ -67,7 +66,12 @@ type Device struct {
 	}
 	pool struct {
-		messageBuffers sync.Pool
+		messageBufferPool        *sync.Pool
 		messageBufferReuseChan   chan *[MaxMessageSize]byte
 		inboundElementPool       *sync.Pool
 		inboundElementReuseChan  chan *QueueInboundElement
 		outboundElementPool      *sync.Pool
 		outboundElementReuseChan chan *QueueOutboundElement
 	}
 	queue struct {
@@ -243,14 +247,6 @@ func (device *Device) SetPrivateKey(sk NoisePrivateKey) error {
 	return nil
 }
 func (device *Device) GetMessageBuffer() *[MaxMessageSize]byte {
 	return device.pool.messageBuffers.Get().(*[MaxMessageSize]byte)
 }
 func (device *Device) PutMessageBuffer(msg *[MaxMessageSize]byte) {
 	device.pool.messageBuffers.Put(msg)
 }
 func NewDevice(tunDevice tun.TUNDevice, logger *Logger) *Device {
 	device := new(Device)
@@ -275,11 +271,7 @@ func NewDevice(tunDevice tun.TUNDevice, logger *Logger) *Device {
 	device.indexTable.Init()
 	device.allowedips.Reset()
-	device.pool.messageBuffers = sync.Pool{
+	device.PopulatePools()
 		New: func() interface{} {
 			return new([MaxMessageSize]byte)
 		},
 	}
 	// create queues
@@ -385,10 +377,11 @@ func (device *Device) Close() {
 	close(device.signals.stop)
 	device.RemoveAllPeers()
 	device.state.stopping.Wait()
 	device.FlushPacketQueues()
 	device.RemoveAllPeers()
 	device.rate.limiter.Close()
 	device.state.changing.Set(false)
--- a/device_test.go
+++ b/device_test.go
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package main
--- a/donotuseon_linux.go
+++ b/donotuseon_linux.go
@@ -2,7 +2,7 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 */
 package main
--- a/endpoint_test.go
+++ b/endpoint_test.go
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package main
--- a/helper_test.go
+++ b/helper_test.go
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package main
--- a/indextable.go
+++ b/indextable.go
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package main
--- a/ip.go
+++ b/ip.go
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package main
--- a/kdf_test.go
+++ b/kdf_test.go
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package main
--- a/keypair.go
+++ b/keypair.go
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package main
--- a/logger.go
+++ b/logger.go
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package main
--- a/main.go
+++ b/main.go
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package main
--- a/misc.go
+++ b/misc.go
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package main
--- a/noise-helpers.go
+++ b/noise-helpers.go
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package main
--- a/noise-protocol.go
+++ b/noise-protocol.go
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2015-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package main
--- a/noise-types.go
+++ b/noise-types.go
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package main
--- a/noise_test.go
+++ b/noise_test.go
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package main
--- a/peer.go
+++ b/peer.go
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package main
--- a/pools.go
+++ b/pools.go
@@ -0,0 +1,89 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
 * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 */
 package main
 import "sync"
 func (device *Device) PopulatePools() {
 	if PreallocatedBuffersPerPool == 0 {
 		device.pool.messageBufferPool = &sync.Pool{
 			New: func() interface{} {
 				return new([MaxMessageSize]byte)
 			},
 		}
 		device.pool.inboundElementPool = &sync.Pool{
 			New: func() interface{} {
 				return new(QueueInboundElement)
 			},
 		}
 		device.pool.outboundElementPool = &sync.Pool{
 			New: func() interface{} {
 				return new(QueueOutboundElement)
 			},
 		}
 	} else {
 		device.pool.messageBufferReuseChan = make(chan *[MaxMessageSize]byte, PreallocatedBuffersPerPool)
 		for i := 0; i < PreallocatedBuffersPerPool; i += 1 {
 			device.pool.messageBufferReuseChan <- new([MaxMessageSize]byte)
 		}
 		device.pool.inboundElementReuseChan = make(chan *QueueInboundElement, PreallocatedBuffersPerPool)
 		for i := 0; i < PreallocatedBuffersPerPool; i += 1 {
 			device.pool.inboundElementReuseChan <- new(QueueInboundElement)
 		}
 		device.pool.outboundElementReuseChan = make(chan *QueueOutboundElement, PreallocatedBuffersPerPool)
 		for i := 0; i < PreallocatedBuffersPerPool; i += 1 {
 			device.pool.outboundElementReuseChan <- new(QueueOutboundElement)
 		}
 	}
 }
 func (device *Device) GetMessageBuffer() *[MaxMessageSize]byte {
 	if PreallocatedBuffersPerPool == 0 {
 		return device.pool.messageBufferPool.Get().(*[MaxMessageSize]byte)
 	} else {
 		return <-device.pool.messageBufferReuseChan
 	}
 }
 func (device *Device) PutMessageBuffer(msg *[MaxMessageSize]byte) {
 	if PreallocatedBuffersPerPool == 0 {
 		device.pool.messageBufferPool.Put(msg)
 	} else {
 		device.pool.messageBufferReuseChan <- msg
 	}
 }
 func (device *Device) GetInboundElement() *QueueInboundElement {
 	if PreallocatedBuffersPerPool == 0 {
 		return device.pool.inboundElementPool.Get().(*QueueInboundElement)
 	} else {
 		return <-device.pool.inboundElementReuseChan
 	}
 }
 func (device *Device) PutInboundElement(msg *QueueInboundElement) {
 	if PreallocatedBuffersPerPool == 0 {
 		device.pool.inboundElementPool.Put(msg)
 	} else {
 		device.pool.inboundElementReuseChan <- msg
 	}
 }
 func (device *Device) GetOutboundElement() *QueueOutboundElement {
 	if PreallocatedBuffersPerPool == 0 {
 		return device.pool.outboundElementPool.Get().(*QueueOutboundElement)
 	} else {
 		return <-device.pool.outboundElementReuseChan
 	}
 }
 func (device *Device) PutOutboundElement(msg *QueueOutboundElement) {
 	if PreallocatedBuffersPerPool == 0 {
 		device.pool.outboundElementPool.Put(msg)
 	} else {
 		device.pool.outboundElementReuseChan <- msg
 	}
 }
--- a/queueconstants.go
+++ b/queueconstants.go
@@ -0,0 +1,16 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
 * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 */
 package main
 /* Implementation specific constants */
 const (
 	QueueOutboundSize          = 1024
 	QueueInboundSize           = 1024
 	QueueHandshakeSize         = 1024
 	MaxSegmentSize             = (1 << 16) - 1 // largest possible UDP datagram
 	PreallocatedBuffersPerPool = 0             // Disable and allow for infinite memory growth
 )
--- a/ratelimiter/ratelimiter.go
+++ b/ratelimiter/ratelimiter.go
@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 */
 package ratelimiter
--- a/ratelimiter/ratelimiter_test.go
+++ b/ratelimiter/ratelimiter_test.go
@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 */
 package ratelimiter
--- a/receive.go
+++ b/receive.go
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package main
@@ -44,59 +43,29 @@ func (elem *QueueInboundElement) IsDropped() bool {
 	return atomic.LoadInt32(&elem.dropped) == AtomicTrue
 }
-func (device *Device) addToInboundQueue(
+func (device *Device) addToInboundAndDecryptionQueues(inboundQueue chan *QueueInboundElement, decryptionQueue chan *QueueInboundElement, element *QueueInboundElement) bool {
-	queue chan *QueueInboundElement,
+	select {
-	element *QueueInboundElement,
+	case inboundQueue <- element:
 ) {
 	for {
 		select {
-		case queue <- element:
+		case decryptionQueue <- element:
-			return
+			return true
 		default:
-			select {
+			element.Drop()
-			case old := <-queue:
+			element.mutex.Unlock()
-				old.Drop()
+			return false
 			default:
 			}
 		}
 	default:
 		device.PutInboundElement(element)
 		return false
 	}
 }
-func (device *Device) addToDecryptionQueue(
+func (device *Device) addToHandshakeQueue(queue chan QueueHandshakeElement, element QueueHandshakeElement) bool {
-	queue chan *QueueInboundElement,
+	select {
-	element *QueueInboundElement,
+	case queue <- element:
-) {
+		return true
-	for {
+	default:
-		select {
+		return false
 		case queue <- element:
 			return
 		default:
 			select {
 			case old := <-queue:
 				// drop & release to potential consumer
 				old.Drop()
 				old.mutex.Unlock()
 			default:
 			}
 		}
 	}
 }
 func (device *Device) addToHandshakeQueue(
 	queue chan QueueHandshakeElement,
 	element QueueHandshakeElement,
 ) {
 	for {
 		select {
 		case queue <- element:
 			return
 		default:
 			select {
 			case elem := <-queue:
 				device.PutMessageBuffer(elem.buffer)
 			default:
 			}
 		}
 	}
 }
@@ -155,6 +124,7 @@ func (device *Device) RoutineReceiveIncoming(IP int, bind Bind) {
 		}
 		if err != nil {
 			device.PutMessageBuffer(buffer)
 			return
 		}
@@ -177,7 +147,7 @@ func (device *Device) RoutineReceiveIncoming(IP int, bind Bind) {
 			// check size
-			if len(packet) < MessageTransportType {
+			if len(packet) < MessageTransportSize {
 				continue
 			}
@@ -199,23 +169,23 @@ func (device *Device) RoutineReceiveIncoming(IP int, bind Bind) {
 			}
 			// create work element
 			peer := value.peer
-			elem := &QueueInboundElement{
+			elem := device.GetInboundElement()
-				packet:   packet,
+			elem.packet = packet
-				buffer:   buffer,
+			elem.buffer = buffer
-				keypair:  keypair,
+			elem.keypair = keypair
-				dropped:  AtomicFalse,
+			elem.dropped = AtomicFalse
-				endpoint: endpoint,
+			elem.endpoint = endpoint
-			}
+			elem.counter = 0
 			elem.mutex = sync.Mutex{}
 			elem.mutex.Lock()
 			// add to decryption queues
 			if peer.isRunning.Get() {
-				device.addToDecryptionQueue(device.queue.decryption, elem)
+				if device.addToInboundAndDecryptionQueues(peer.queue.inbound, device.queue.decryption, elem) {
-				device.addToInboundQueue(peer.queue.inbound, elem)
+					buffer = device.GetMessageBuffer()
-				buffer = device.GetMessageBuffer()
+				}
 			}
 			continue
@@ -236,7 +206,7 @@ func (device *Device) RoutineReceiveIncoming(IP int, bind Bind) {
 		}
 		if okay {
-			device.addToHandshakeQueue(
+			if (device.addToHandshakeQueue(
 				device.queue.handshake,
 				QueueHandshakeElement{
 					msgType:  msgType,
@@ -244,8 +214,9 @@ func (device *Device) RoutineReceiveIncoming(IP int, bind Bind) {
 					packet:   packet,
 					endpoint: endpoint,
 				},
-			)
+			)) {
-			buffer = device.GetMessageBuffer()
+				buffer = device.GetMessageBuffer()
 			}
 		}
 	}
 }
@@ -308,6 +279,7 @@ func (device *Device) RoutineDecryption() {
 			)
 			if err != nil {
 				elem.Drop()
 				device.PutMessageBuffer(elem.buffer)
 			}
 			elem.mutex.Unlock()
 		}
@@ -322,18 +294,26 @@ func (device *Device) RoutineHandshake() {
 	logError := device.log.Error
 	logDebug := device.log.Debug
 	var elem QueueHandshakeElement
 	var ok bool
 	defer func() {
 		logDebug.Println("Routine: handshake worker - stopped")
 		device.state.stopping.Done()
 		if elem.buffer != nil {
 			device.PutMessageBuffer(elem.buffer)
 		}
 	}()
 	logDebug.Println("Routine: handshake worker - started")
 	device.state.starting.Done()
 	var elem QueueHandshakeElement
 	var ok bool
 	for {
 		if elem.buffer != nil {
 			device.PutMessageBuffer(elem.buffer)
 			elem.buffer = nil
 		}
 		select {
 		case elem, ok = <-device.queue.handshake:
 		case <-device.signals.stop:
@@ -506,9 +486,18 @@ func (peer *Peer) RoutineSequentialReceiver() {
 	logError := device.log.Error
 	logDebug := device.log.Debug
 	var elem *QueueInboundElement
 	var ok bool
 	defer func() {
 		logDebug.Println(peer, "- Routine: sequential receiver - stopped")
 		peer.routines.stopping.Done()
 		if elem != nil {
 			if !elem.IsDropped() {
 				device.PutMessageBuffer(elem.buffer)
 			}
 			device.PutInboundElement(elem)
 		}
 	}()
 	logDebug.Println(peer, "- Routine: sequential receiver - started")
@@ -516,13 +505,20 @@ func (peer *Peer) RoutineSequentialReceiver() {
 	peer.routines.starting.Done()
 	for {
 		if elem != nil {
 			if !elem.IsDropped() {
 				device.PutMessageBuffer(elem.buffer)
 			}
 			device.PutInboundElement(elem)
 			elem = nil
 		}
 		select {
 		case <-peer.routines.stop:
 			return
-		case elem, ok := <-peer.queue.inbound:
+		case elem, ok = <-peer.queue.inbound:
 			if !ok {
 				return
@@ -633,10 +629,7 @@ func (peer *Peer) RoutineSequentialReceiver() {
 			offset := MessageTransportOffsetContent
 			atomic.AddUint64(&peer.stats.rxBytes, uint64(len(elem.packet)))
-			_, err := device.tun.device.Write(
+			_, err := device.tun.device.Write(elem.buffer[:offset+len(elem.packet)], offset)
 				elem.buffer[:offset+len(elem.packet)],
 				offset)
 			device.PutMessageBuffer(elem.buffer)
 			if err != nil {
 				logError.Println("Failed to write packet to TUN device:", err)
 			}
--- a/replay/replay.go
+++ b/replay/replay.go
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package replay
--- a/replay/replay_test.go
+++ b/replay/replay_test.go
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package replay
--- a/rwcancel/fdset_default.go
+++ b/rwcancel/fdset_default.go
@@ -2,7 +2,7 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 */
 package rwcancel
--- a/rwcancel/fdset_freebsd.go
+++ b/rwcancel/fdset_freebsd.go
@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 */
 package rwcancel
--- a/rwcancel/rwcancel.go
+++ b/rwcancel/rwcancel.go
@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 */
 package rwcancel
--- a/rwcancel/select_default.go
+++ b/rwcancel/select_default.go
@@ -2,7 +2,7 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 */
 package rwcancel
--- a/rwcancel/select_linux.go
+++ b/rwcancel/select_linux.go
@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 */
 package rwcancel
--- a/send.go
+++ b/send.go
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package main
@@ -53,10 +52,14 @@ type QueueOutboundElement struct {
 }
 func (device *Device) NewOutboundElement() *QueueOutboundElement {
-	return &QueueOutboundElement{
+	elem := device.GetOutboundElement()
-		dropped: AtomicFalse,
+	elem.dropped = AtomicFalse
-		buffer:  device.pool.messageBuffers.Get().(*[MaxMessageSize]byte),
+	elem.buffer = device.GetMessageBuffer()
-	}
+	elem.mutex = sync.Mutex{}
 	elem.nonce = 0
 	elem.keypair = nil
 	elem.peer = nil
 	return elem
 }
 func (elem *QueueOutboundElement) Drop() {
@@ -67,10 +70,7 @@ func (elem *QueueOutboundElement) IsDropped() bool {
 	return atomic.LoadInt32(&elem.dropped) == AtomicTrue
 }
-func addToOutboundQueue(
+func addToNonceQueue(queue chan *QueueOutboundElement, element *QueueOutboundElement, device *Device) {
 	queue chan *QueueOutboundElement,
 	element *QueueOutboundElement,
 ) {
 	for {
 		select {
 		case queue <- element:
@@ -78,30 +78,28 @@ func addToOutboundQueue(
 		default:
 			select {
 			case old := <-queue:
-				old.Drop()
+				device.PutMessageBuffer(old.buffer)
 				device.PutOutboundElement(old)
 			default:
 			}
 		}
 	}
 }
-func addToEncryptionQueue(
+func addToOutboundAndEncryptionQueues(outboundQueue chan *QueueOutboundElement, encryptionQueue chan *QueueOutboundElement, element *QueueOutboundElement) {
-	queue chan *QueueOutboundElement,
+	select {
-	element *QueueOutboundElement,
+	case outboundQueue <- element:
 ) {
 	for {
 		select {
-		case queue <- element:
+		case encryptionQueue <- element:
 			return
 		default:
-			select {
+			element.Drop()
-			case old := <-queue:
+			element.peer.device.PutMessageBuffer(element.buffer)
-				// drop & release to potential consumer
+			element.mutex.Unlock()
 				old.Drop()
 				old.mutex.Unlock()
 			default:
 			}
 		}
 	default:
 		element.peer.device.PutMessageBuffer(element.buffer)
 		element.peer.device.PutOutboundElement(element)
 	}
 }
@@ -118,6 +116,8 @@ func (peer *Peer) SendKeepalive() bool {
 		peer.device.log.Debug.Println(peer, "- Sending keepalive packet")
 		return true
 	default:
 		peer.device.PutMessageBuffer(elem.buffer)
 		peer.device.PutOutboundElement(elem)
 		return false
 	}
 }
@@ -243,8 +243,6 @@ func (peer *Peer) keepKeyFreshSending() {
 */
 func (device *Device) RoutineReadFromTUN() {
 	elem := device.NewOutboundElement()
 	logDebug := device.log.Debug
 	logError := device.log.Error
@@ -256,7 +254,14 @@ func (device *Device) RoutineReadFromTUN() {
 	logDebug.Println("Routine: TUN reader - started")
 	device.state.starting.Done()
 	var elem *QueueOutboundElement
 	for {
 		if elem != nil {
 			device.PutMessageBuffer(elem.buffer)
 			device.PutOutboundElement(elem)
 		}
 		elem = device.NewOutboundElement()
 		// read packet
@@ -268,6 +273,8 @@ func (device *Device) RoutineReadFromTUN() {
 				logError.Println("Failed to read packet from TUN device:", err)
 				device.Close()
 			}
 			device.PutMessageBuffer(elem.buffer)
 			device.PutOutboundElement(elem)
 			return
 		}
@@ -309,8 +316,8 @@ func (device *Device) RoutineReadFromTUN() {
 			if peer.queue.packetInNonceQueueIsAwaitingKey.Get() {
 				peer.SendHandshakeInitiation(false)
 			}
-			addToOutboundQueue(peer.queue.nonce, elem)
+			addToNonceQueue(peer.queue.nonce, elem, device)
-			elem = device.NewOutboundElement()
+			elem = nil
 		}
 	}
 }
@@ -334,22 +341,25 @@ func (peer *Peer) RoutineNonce() {
 	device := peer.device
 	logDebug := device.log.Debug
 	defer func() {
 		logDebug.Println(peer, "- Routine: nonce worker - stopped")
 		peer.queue.packetInNonceQueueIsAwaitingKey.Set(false)
 		peer.routines.stopping.Done()
 	}()
 	flush := func() {
 		for {
 			select {
-			case <-peer.queue.nonce:
+			case elem := <-peer.queue.nonce:
 				device.PutMessageBuffer(elem.buffer)
 				device.PutOutboundElement(elem)
 			default:
 				return
 			}
 		}
 	}
 	defer func() {
 		flush()
 		logDebug.Println(peer, "- Routine: nonce worker - stopped")
 		peer.queue.packetInNonceQueueIsAwaitingKey.Set(false)
 		peer.routines.stopping.Done()
 	}()
 	peer.routines.starting.Done()
 	logDebug.Println(peer, "- Routine: nonce worker - started")
@@ -403,10 +413,14 @@ func (peer *Peer) RoutineNonce() {
 					logDebug.Println(peer, "- Obtained awaited keypair")
 				case <-peer.signals.flushNonceQueue:
 					device.PutMessageBuffer(elem.buffer)
 					device.PutOutboundElement(elem)
 					flush()
 					goto NextPacket
 				case <-peer.routines.stop:
 					device.PutMessageBuffer(elem.buffer)
 					device.PutOutboundElement(elem)
 					return
 				}
 			}
@@ -421,6 +435,8 @@ func (peer *Peer) RoutineNonce() {
 			if elem.nonce >= RejectAfterMessages {
 				atomic.StoreUint64(&keypair.sendNonce, RejectAfterMessages)
 				device.PutMessageBuffer(elem.buffer)
 				device.PutOutboundElement(elem)
 				goto NextPacket
 			}
@@ -429,9 +445,7 @@ func (peer *Peer) RoutineNonce() {
 			elem.mutex.Lock()
 			// add to parallel and sequential queue
-
+			addToOutboundAndEncryptionQueues(peer.queue.outbound, device.queue.encryption, elem)
 			addToEncryptionQueue(device.queue.encryption, elem)
 			addToOutboundQueue(peer.queue.outbound, elem)
 		}
 	}
 }
@@ -448,6 +462,19 @@ func (device *Device) RoutineEncryption() {
 	logDebug := device.log.Debug
 	defer func() {
 		for {
 			select {
 			case elem, ok := <-device.queue.encryption:
 				if ok && !elem.IsDropped() {
 					elem.Drop()
 					device.PutMessageBuffer(elem.buffer)
 					elem.mutex.Unlock()
 				}
 			default:
 				goto out
 			}
 		}
 	out:
 		logDebug.Println("Routine: encryption worker - stopped")
 		device.state.stopping.Done()
 	}()
@@ -490,11 +517,13 @@ func (device *Device) RoutineEncryption() {
 			// pad content to multiple of 16
 			mtu := int(atomic.LoadInt32(&device.tun.mtu))
-			rem := len(elem.packet) % PaddingMultiple
+			lastUnit := len(elem.packet) % mtu
-			if rem > 0 {
+			paddedSize := (lastUnit + PaddingMultiple - 1) & ^(PaddingMultiple - 1)
-				for i := 0; i < PaddingMultiple-rem && len(elem.packet) < mtu; i++ {
+			if paddedSize > mtu {
-					elem.packet = append(elem.packet, 0)
+				paddedSize = mtu
-				}
+			}
 			for i := len(elem.packet); i < paddedSize; i++ {
 				elem.packet = append(elem.packet, 0)
 			}
 			// encrypt content and release to consumer
@@ -521,8 +550,25 @@ func (peer *Peer) RoutineSequentialSender() {
 	device := peer.device
 	logDebug := device.log.Debug
 	logError := device.log.Error
 	defer func() {
 		for {
 			select {
 			case elem, ok := <-peer.queue.outbound:
 				if ok {
 					if !elem.IsDropped() {
 						device.PutMessageBuffer(elem.buffer)
 						elem.Drop()
 					}
 					device.PutOutboundElement(elem)
 					elem.mutex.Unlock()
 				}
 			default:
 				goto out
 			}
 		}
 	out:
 		logDebug.Println(peer, "- Routine: sequential sender - stopped")
 		peer.routines.stopping.Done()
 	}()
@@ -545,6 +591,7 @@ func (peer *Peer) RoutineSequentialSender() {
 			elem.mutex.Lock()
 			if elem.IsDropped() {
 				device.PutOutboundElement(elem)
 				continue
 			}
@@ -556,8 +603,9 @@ func (peer *Peer) RoutineSequentialSender() {
 			length := uint64(len(elem.packet))
 			err := peer.SendBuffer(elem.packet)
 			device.PutMessageBuffer(elem.buffer)
 			device.PutOutboundElement(elem)
 			if err != nil {
-				logDebug.Println("Failed to send authenticated packet to peer", peer)
+				logError.Println(peer, "- Failed to send data packet", err)
 				continue
 			}
 			atomic.AddUint64(&peer.stats.txBytes, length)
--- a/tai64n/tai64n.go
+++ b/tai64n/tai64n.go
@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 */
 package tai64n
--- a/tai64n/tai64n_test.go
+++ b/tai64n/tai64n_test.go
@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 */
 package tai64n
--- a/timers.go
+++ b/timers.go
@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2015-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 *
 * This is based heavily on timers.c from the kernel implementation.
 */
--- a/tun.go
+++ b/tun.go
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package main
--- a/tun/tun.go
+++ b/tun/tun.go
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package tun
--- a/tun/tun_darwin.go
+++ b/tun/tun_darwin.go
@@ -2,8 +2,7 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package tun
--- a/tun/tun_freebsd.go
+++ b/tun/tun_freebsd.go
@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 */
 package tun
--- a/tun/tun_linux.go
+++ b/tun/tun_linux.go
@@ -1,11 +1,8 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 /* Copyright 2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. */
 package tun
 /* Implementation of the TUN device interface for linux
--- a/tun/tun_openbsd.go
+++ b/tun/tun_openbsd.go
@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 */
 package tun
--- a/uapi.go
+++ b/uapi.go
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package main
@@ -75,6 +74,7 @@ func ipcGetOperation(device *Device, socket *bufio.ReadWriter) *IPCError {
 			send("public_key=" + peer.handshake.remoteStatic.ToHex())
 			send("preshared_key=" + peer.handshake.presharedKey.ToHex())
 			send("protocol_version=1")
 			if peer.endpoint != nil {
 				send("endpoint=" + peer.endpoint.DstToString())
 			}
@@ -362,6 +362,13 @@ func ipcSetOperation(device *Device, socket *bufio.ReadWriter) *IPCError {
 				ones, _ := network.Mask.Size()
 				device.allowedips.Insert(network.IP, uint(ones), peer)
 			case "protocol_version":
 				if value != "1" {
 					logError.Println("Invalid protocol version:", value)
 					return &IPCError{Code: ipcErrorInvalid}
 				}
 			default:
 				logError.Println("Invalid UAPI peer key:", key)
 				return &IPCError{Code: ipcErrorInvalid}
--- a/uapi_bsd.go
+++ b/uapi_bsd.go
@@ -2,8 +2,7 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package main
@@ -18,12 +17,13 @@ import (
 	"unsafe"
 )
 var socketDirectory = "/var/run/wireguard"
 const (
 	ipcErrorIO        = -int64(unix.EIO)
 	ipcErrorProtocol  = -int64(unix.EPROTO)
 	ipcErrorInvalid   = -int64(unix.EINVAL)
 	ipcErrorPortInUse = -int64(unix.EADDRINUSE)
 	socketDirectory   = "/var/run/wireguard"
 	socketName        = "%s.sock"
 )
--- a/uapi_linux.go
+++ b/uapi_linux.go
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 * Copyright (C) 2017-2018 Mathias N. Hall-Andersen <mathias@hall-andersen.dk>.
 */
 package main
@@ -16,12 +15,13 @@ import (
 	"path"
 )
 var socketDirectory = "/var/run/wireguard"
 const (
 	ipcErrorIO        = -int64(unix.EIO)
 	ipcErrorProtocol  = -int64(unix.EPROTO)
 	ipcErrorInvalid   = -int64(unix.EINVAL)
 	ipcErrorPortInUse = -int64(unix.EADDRINUSE)
 	socketDirectory   = "/var/run/wireguard"
 	socketName        = "%s.sock"
 )
--- a/version.go
+++ b/version.go
@@ -1,2 +1,2 @@
 package main
-const WireGuardGoVersion = "0.0.20180613"
+const WireGuardGoVersion = "0.0.20181001"
--- a/xchacha20poly1305/xchacha20.go
+++ b/xchacha20poly1305/xchacha20.go
@@ -1,7 +1,7 @@
 /* SPDX-License-Identifier: MIT
 *
 * Copyright (C) 2016 Andreas Auernhammer. All Rights Reserved.
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 */
 package xchacha20poly1305
--- a/xchacha20poly1305/xchacha20_test.go
+++ b/xchacha20poly1305/xchacha20_test.go
@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0
 *
- * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
 */
 package xchacha20poly1305
Author	SHA1	Message	Date
Jason A. Donenfeld	b41922e5c8	version: bump snapshot	2018-10-01 17:58:31 +02:00
Jason A. Donenfeld	dbb72402f2	Adding missing queueconstants file	2018-10-01 16:11:31 +02:00
Chris Branch	7c971d7ef4	Fix transport message length check wireguard-go has a bad length check in its transport message handling. Although it cannot be exploited because of another length check earlier in the function, this should be fixed regardless.	2018-09-25 05:18:11 +02:00
Jason A. Donenfeld	70bcf9ecb8	Make it easy to restrict queue sizes more	2018-09-25 02:31:02 +02:00
Jason A. Donenfeld	ebc7541953	Fix shutdown races	2018-09-24 01:52:02 +02:00
Jason A. Donenfeld	833597b585	More pooling	2018-09-24 00:37:43 +02:00
Jason A. Donenfeld	cf81a28dd3	Fixup buffer freeing	2018-09-22 05:43:03 +02:00
Jason A. Donenfeld	942abf948a	send: more precise padding calculation	2018-09-16 23:42:31 +02:00
Jason A. Donenfeld	47d1140361	device: preallocated buffers scheme Not useful now but quite possibly later.	2018-09-16 23:10:19 +02:00
Jason A. Donenfeld	39d6e4f2f1	Change queueing drop order and fix memory leaks If the queues are full, we drop the present packet, which is better for network traffic flow. Also, we try to fix up the memory leaks with not putting buffers from our shared pool.	2018-09-16 21:50:58 +02:00
Jason A. Donenfeld	1c02557013	send: use accessor function for buffer pool	2018-09-16 18:49:19 +02:00
Mathias Hall-Andersen	32d2148835	Fixed port overwrite issue on kernels without ipv6 Fixed an issue in CreateBind for Linux: If ipv6 was not supported the error code would be correctly identified as EAFNOSUPPORT and ipv4 binding attempted. However the port would be set to 0, which results in the subsequent create4 call requesting a random port rather than the one provided to CreateBind. This issue was identified by: Kent Friis <leeloored@gmx.com>	2018-09-16 18:49:19 +02:00
Jason A. Donenfeld	5be541d147	global: fix up copyright headers	2018-09-16 18:49:19 +02:00
Jason A. Donenfeld	063becdc73	uapi: insert peer version placeholder While we don't want people to ever use old protocols, people will complain if the API "changes", so explicitly make the unset protocol mean the latest, and add a dummy mechanism of specifying the protocol on a per-peer basis, which we hope nobody actually ever uses.	2018-09-02 23:04:47 -06:00
Jason A. Donenfeld	15da869b31	Fix duplicate copyright line	2018-07-30 05:14:17 +02:00
Jason A. Donenfeld	3ad3e83c7a	uapi: allow overriding socket directory at compile time	2018-07-24 14:32:35 +02:00
Jason A. Donenfeld	2e13b7b0fb	send: better debug message for failed data packet	2018-07-16 16:05:36 +02:00
`@@ -1,2 +1,2 @@`
	`package main`	`package main`
	`const WireGuardGoVersion = "0.0.20180613"`	`const WireGuardGoVersion = "0.0.20181001"`