version: bump snapshot

In some cases, we operate on an already-up interface, or the user brings
up the interface before we start monitoring. For those situations, we
should first check if the interface is already up.

This still technically races between the initial check and the start of
the route loop, but fixing that is a bit ugly and probably not worth it
at the moment.

Reported-by: Theo Buehler <tb@theobuehler.org>

Makefile

@@ -1,24 +1,10 @@
 PREFIX ?= /usr
 DESTDIR ?=
 BINDIR ?= $(PREFIX)/bin
-export GOPATH ?= $(CURDIR)/.gopath
 export GO111MODULE := on
 
 all: generate-version-and-build
 
-ifeq ($(shell go env GOOS)|$(wildcard .git),linux|)
-$(error Do not build this for Linux. Instead use the Linux kernel module. See wireguard.com/install/ for more info.)
-else ifeq ($(shell go env GOOS),linux)
-ireallywantobuildon_linux.go:
-	@printf "WARNING: This software is meant for use on non-Linux\nsystems. For Linux, please use the kernel module\ninstead. See wireguard.com/install/ for more info.\n\n" >&2
-	@printf 'package main\nconst UseTheKernelModuleInstead = 0xdeadbabe\n' > "$@"
-clean-ireallywantobuildon_linux.go:
-	@rm -f ireallywantobuildon_linux.go
-.PHONY: clean-ireallywantobuildon_linux.go
-clean: clean-ireallywantobuildon_linux.go
-wireguard-go: ireallywantobuildon_linux.go
-endif
-
 MAKEFLAGS += --no-print-directory
 
 generate-version-and-build:

device/conn_linux.go

@@ -391,6 +391,11 @@ func create4(port uint16) (int, uint16, error) {
 		return FD_ERR, 0, err
 	}
 
+	sa, err := unix.Getsockname(fd)
+	if err == nil {
+		addr.Port = sa.(*unix.SockaddrInet4).Port
+	}
+
 	return fd, uint16(addr.Port), err
 }
 
@@ -450,6 +455,11 @@ func create6(port uint16) (int, uint16, error) {
 		return FD_ERR, 0, err
 	}
 
+	sa, err := unix.Getsockname(fd)
+	if err == nil {
+		addr.Port = sa.(*unix.SockaddrInet6).Port
+	}
+
 	return fd, uint16(addr.Port), err
 }
 

device/version.go

@@ -1,3 +1,3 @@
 package device
 
-const WireGuardGoVersion = "0.0.20190805"
+const WireGuardGoVersion = "0.0.20190908"

donotuseon_linux.go

@@ -1,15 +0,0 @@
-// +build !android
-
-/* SPDX-License-Identifier: MIT
- *
- * Copyright (C) 2017-2019 WireGuard LLC. All Rights Reserved.
- */
-
-package main
-
-const DoNotUseThisProgramOnLinux = UseTheKernelModuleInstead
-
-// --------------------------------------------------------
-// Do not use this on Linux. Instead use the kernel module.
-// See wireguard.com/install for more information.
-// --------------------------------------------------------

go.mod

@@ -3,7 +3,8 @@ module golang.zx2c4.com/wireguard
 go 1.12
 
 require (
-	golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56
-	golang.org/x/net v0.0.0-20190613194153-d28f0bde5980
-	golang.org/x/sys v0.0.0-20190618155005-516e3c20635f
+	golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472
+	golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297
+	golang.org/x/sys v0.0.0-20190830023255-19e00faab6ad
+	golang.org/x/text v0.3.2
 )

go.sum

@@ -1,11 +1,14 @@
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56 h1:ZpKuNIejY8P0ExLOVyKhb0WsgG8UdvHXe6TWjY7eL6k=
-golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472 h1:Gv7RPwsi3eZ2Fgewe3CBsuOebPwO27PoXzRpJPsvSSM=
+golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190613194153-d28f0bde5980 h1:dfGZHvZk057jK2MCeWus/TowKpJ8y4AmooUzdBSR9GU=
-golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297 h1:k7pJ2yAPLPgbskkFdhRCsA77k2fySZ1zf2zCjvQCiIM=
+golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190618155005-516e3c20635f h1:dHNZYIYdq2QuU6w73vZ/DzesPbVlZVYZTtTZmrnsbQ8=
-golang.org/x/sys v0.0.0-20190618155005-516e3c20635f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190830023255-19e00faab6ad h1:cCejgArrk10gX6kFqjWeLwXD7aVMqWoRpyUCaaJSggc=
+golang.org/x/sys v0.0.0-20190830023255-19e00faab6ad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=

ipc/uapi_windows.go

@@ -54,7 +54,7 @@ func UAPIListen(name string) (net.Listener, error) {
 	config := winpipe.PipeConfig{
 		SecurityDescriptor: UAPISecurityDescriptor,
 	}
-	listener, err := winpipe.ListenPipe("\\\\.\\pipe\\WireGuard\\"+name, &config)
+	listener, err := winpipe.ListenPipe(`\\.\pipe\ProtectedPrefix\Administrators\WireGuard\`+name, &config)
 	if err != nil {
 		return nil, err
 	}

ipc/winpipe/pipe.go

@@ -211,7 +211,7 @@ func tryDialPipe(ctx context.Context, path *string) (syscall.Handle, error) {
 // DialPipe connects to a named pipe by path, timing out if the connection
 // takes longer than the specified duration. If timeout is nil, then we use
 // a default timeout of 2 seconds.  (We do not use WaitNamedPipe.)
-func DialPipe(path string, timeout *time.Duration) (net.Conn, error) {
+func DialPipe(path string, timeout *time.Duration, expectedOwner *syscall.SID) (net.Conn, error) {
 	var absTimeout time.Time
 	if timeout != nil {
 		absTimeout = time.Now().Add(*timeout)
@@ -219,7 +219,7 @@ func DialPipe(path string, timeout *time.Duration) (net.Conn, error) {
 		absTimeout = time.Now().Add(time.Second * 2)
 	}
 	ctx, _ := context.WithDeadline(context.Background(), absTimeout)
-	conn, err := DialPipeContext(ctx, path)
+	conn, err := DialPipeContext(ctx, path, expectedOwner)
 	if err == context.DeadlineExceeded {
 		return nil, ErrTimeout
 	}
@@ -228,7 +228,7 @@ func DialPipe(path string, timeout *time.Duration) (net.Conn, error) {
 
 // DialPipeContext attempts to connect to a named pipe by `path` until `ctx`
 // cancellation or timeout.
-func DialPipeContext(ctx context.Context, path string) (net.Conn, error) {
+func DialPipeContext(ctx context.Context, path string, expectedOwner *syscall.SID) (net.Conn, error) {
 	var err error
 	var h syscall.Handle
 	h, err = tryDialPipe(ctx, &path)
@@ -236,9 +236,25 @@ func DialPipeContext(ctx context.Context, path string) (net.Conn, error) {
 		return nil, err
 	}
 
+	if expectedOwner != nil {
+		var realOwner *syscall.SID
+		var realSd uintptr
+		err = getSecurityInfo(h, SE_FILE_OBJECT, OWNER_SECURITY_INFORMATION, &realOwner, nil, nil, nil, &realSd)
+		if err != nil {
+			syscall.Close(h)
+			return nil, err
+		}
+		defer localFree(realSd)
+		if !equalSid(realOwner, expectedOwner) {
+			syscall.Close(h)
+			return nil, syscall.ERROR_ACCESS_DENIED
+		}
+	}
+
 	var flags uint32
 	err = getNamedPipeInfo(h, &flags, nil, nil, nil)
 	if err != nil {
+		syscall.Close(h)
 		return nil, err
 	}
 

ipc/winpipe/sd.go

@@ -15,6 +15,13 @@ import (
 //sys	convertStringSecurityDescriptorToSecurityDescriptor(str string, revision uint32, sd *uintptr, size *uint32) (err error) = advapi32.ConvertStringSecurityDescriptorToSecurityDescriptorW
 //sys	localFree(mem uintptr) = LocalFree
 //sys	getSecurityDescriptorLength(sd uintptr) (len uint32) = advapi32.GetSecurityDescriptorLength
+//sys	getSecurityInfo(handle syscall.Handle, objectType uint32, securityInformation uint32, owner **syscall.SID, group **syscall.SID, dacl *uintptr, sacl *uintptr, sd *uintptr) (ret error) = advapi32.GetSecurityInfo
+//sys	equalSid(sid1 *syscall.SID, sid2 *syscall.SID) (isEqual bool) = advapi32.EqualSid
+
+const (
+	SE_FILE_OBJECT             = 1
+	OWNER_SECURITY_INFORMATION = 1
+)
 
 func SddlToSecurityDescriptor(sddl string) ([]byte, error) {
 	var sdBuffer uintptr

ipc/winpipe/zsyscall_windows.go

@@ -55,6 +55,8 @@ var (
 	procConvertStringSecurityDescriptorToSecurityDescriptorW = modadvapi32.NewProc("ConvertStringSecurityDescriptorToSecurityDescriptorW")
 	procLocalFree                                            = modkernel32.NewProc("LocalFree")
 	procGetSecurityDescriptorLength                          = modadvapi32.NewProc("GetSecurityDescriptorLength")
+	procGetSecurityInfo                                      = modadvapi32.NewProc("GetSecurityInfo")
+	procEqualSid                                             = modadvapi32.NewProc("EqualSid")
 	procCancelIoEx                                           = modkernel32.NewProc("CancelIoEx")
 	procCreateIoCompletionPort                               = modkernel32.NewProc("CreateIoCompletionPort")
 	procGetQueuedCompletionStatus                            = modkernel32.NewProc("GetQueuedCompletionStatus")
@@ -206,6 +208,20 @@ func getSecurityDescriptorLength(sd uintptr) (len uint32) {
 	return
 }
 
+func getSecurityInfo(handle syscall.Handle, objectType uint32, securityInformation uint32, owner **syscall.SID, group **syscall.SID, dacl *uintptr, sacl *uintptr, sd *uintptr) (ret error) {
+	r0, _, _ := syscall.Syscall9(procGetSecurityInfo.Addr(), 8, uintptr(handle), uintptr(objectType), uintptr(securityInformation), uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(group)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(sacl)), uintptr(unsafe.Pointer(sd)), 0)
+	if r0 != 0 {
+		ret = syscall.Errno(r0)
+	}
+	return
+}
+
+func equalSid(sid1 *syscall.SID, sid2 *syscall.SID) (isEqual bool) {
+	r0, _, _ := syscall.Syscall(procEqualSid.Addr(), 2, uintptr(unsafe.Pointer(sid1)), uintptr(unsafe.Pointer(sid2)), 0)
+	isEqual = r0 != 0
+	return
+}
+
 func cancelIoEx(file syscall.Handle, o *syscall.Overlapped) (err error) {
 	r1, _, e1 := syscall.Syscall(procCancelIoEx.Addr(), 2, uintptr(file), uintptr(unsafe.Pointer(o)), 0)
 	if r1 == 0 {

main.go

@@ -40,31 +40,19 @@ func warning() {
 	if runtime.GOOS != "linux" || os.Getenv(ENV_WG_PROCESS_FOREGROUND) == "1" {
 		return
 	}
-	shouldQuit := os.Getenv("WG_I_PREFER_BUGGY_USERSPACE_TO_POLISHED_KMOD") != "1"
 
 	fmt.Fprintln(os.Stderr, "WARNING WARNING WARNING WARNING WARNING WARNING WARNING")
 	fmt.Fprintln(os.Stderr, "W                                                     G")
 	fmt.Fprintln(os.Stderr, "W   You are running this software on a Linux kernel,  G")
-	fmt.Fprintln(os.Stderr, "W   which is probably unnecessary and foolish. This   G")
+	fmt.Fprintln(os.Stderr, "W   which is probably unnecessary and misguided. This G")
 	fmt.Fprintln(os.Stderr, "W   is because the Linux kernel has built-in first    G")
 	fmt.Fprintln(os.Stderr, "W   class support for WireGuard, and this support is  G")
 	fmt.Fprintln(os.Stderr, "W   much more refined than this slower userspace      G")
 	fmt.Fprintln(os.Stderr, "W   implementation. For more information on           G")
 	fmt.Fprintln(os.Stderr, "W   installing the kernel module, please visit:       G")
 	fmt.Fprintln(os.Stderr, "W           https://www.wireguard.com/install         G")
-	if shouldQuit {
-		fmt.Fprintln(os.Stderr, "W                                                     G")
-		fmt.Fprintln(os.Stderr, "W   If you still want to use this program, against    G")
-		fmt.Fprintln(os.Stderr, "W   the advice here, please first export this         G")
-		fmt.Fprintln(os.Stderr, "W   environment variable:                             G")
-		fmt.Fprintln(os.Stderr, "W   WG_I_PREFER_BUGGY_USERSPACE_TO_POLISHED_KMOD=1    G")
-	}
 	fmt.Fprintln(os.Stderr, "W                                                     G")
 	fmt.Fprintln(os.Stderr, "WARNING WARNING WARNING WARNING WARNING WARNING WARNING")
-
-	if shouldQuit {
-		os.Exit(1)
-	}
 }
 
 func main() {
@@ -75,8 +63,6 @@ func main() {
 
 	warning()
 
-	// parse arguments
-
 	var foreground bool
 	var interfaceName string
 	if len(os.Args) < 2 || len(os.Args) > 3 {

tun/tun_openbsd.go

@@ -42,34 +42,11 @@ func (tun *NativeTun) routineRouteListener(tunIfindex int) {
 
 	defer close(tun.events)
 
-	data := make([]byte, os.Getpagesize())
-	for {
-	retry:
-		n, err := unix.Read(tun.routeSocket, data)
-		if err != nil {
-			if errno, ok := err.(syscall.Errno); ok && errno == syscall.EINTR {
-				goto retry
-			}
-			tun.errors <- err
-			return
-		}
-
-		if n < 8 {
-			continue
-		}
-
-		if data[3 /* type */] != unix.RTM_IFINFO {
-			continue
-		}
-		ifindex := int(*(*uint16)(unsafe.Pointer(&data[6 /* ifindex */])))
-		if ifindex != tunIfindex {
-			continue
-		}
-
-		iface, err := net.InterfaceByIndex(ifindex)
+	check := func() bool {
+		iface, err := net.InterfaceByIndex(tunIfindex)
 		if err != nil {
 			tun.errors <- err
-			return
+			return true
 		}
 
 		// Up / Down event
@@ -87,6 +64,38 @@ func (tun *NativeTun) routineRouteListener(tunIfindex int) {
 			tun.events <- EventMTUUpdate
 		}
 		statusMTU = iface.MTU
+		return false
+	}
+
+	if check() {
+		return
+	}
+
+	data := make([]byte, os.Getpagesize())
+	for {
+		n, err := unix.Read(tun.routeSocket, data)
+		if err != nil {
+			if errno, ok := err.(syscall.Errno); ok && errno == syscall.EINTR {
+				continue
+			}
+			tun.errors <- err
+			return
+		}
+
+		if n < 8 {
+			continue
+		}
+
+		if data[3 /* type */] != unix.RTM_IFINFO {
+			continue
+		}
+		ifindex := int(*(*uint16)(unsafe.Pointer(&data[6 /* ifindex */])))
+		if ifindex != tunIfindex {
+			continue
+		}
+		if check() {
+			return
+		}
 	}
 }
 
@@ -140,7 +149,6 @@ func CreateTUN(name string, mtu int) (Device, error) {
 }
 
 func CreateTUNFromFile(file *os.File, mtu int) (Device, error) {
-
 	tun := &NativeTun{
 		tunFile: file,
 		events:  make(chan Event, 10),

tun/tun_windows.go

@@ -19,89 +19,67 @@ import (
 )
 
 const (
-	packetAlignment    uint32 = 4        // Number of bytes packets are aligned to in rings
-	packetSizeMax             = 0xffff   // Maximum packet size
-	packetCapacity            = 0x800000 // Ring capacity, 8MiB
-	packetTrailingSize        = uint32(unsafe.Sizeof(packetHeader{})) + ((packetSizeMax + (packetAlignment - 1)) &^ (packetAlignment - 1)) - packetAlignment
-	ioctlRegisterRings        = (51820 << 16) | (0x970 << 2) | 0 /*METHOD_BUFFERED*/ | (0x3 /*FILE_READ_DATA | FILE_WRITE_DATA*/ << 14)
+	rateMeasurementGranularity = uint64((time.Second / 2) / time.Nanosecond)
+	spinloopRateThreshold      = 800000000 / 8                                   // 800mbps
+	spinloopDuration           = uint64(time.Millisecond / 80 / time.Nanosecond) // ~1gbit/s
 )
 
-type packetHeader struct {
-	size uint32
-}
-
-type packet struct {
-	packetHeader
-	data [packetSizeMax]byte
-}
-
-type ring struct {
-	head      uint32
-	tail      uint32
-	alertable int32
-	data      [packetCapacity + packetTrailingSize]byte
-}
-
-type ringDescriptor struct {
-	send, receive struct {
-		size      uint32
-		ring      *ring
-		tailMoved windows.Handle
-	}
+type rateJuggler struct {
+	current       uint64
+	nextByteCount uint64
+	nextStartTime int64
+	changing      int32
 }
 
 type NativeTun struct {
-	wt        *wintun.Wintun
+	wt        *wintun.Interface
 	handle    windows.Handle
 	close     bool
-	rings     ringDescriptor
+	rings     wintun.RingDescriptor
 	events    chan Event
 	errors    chan error
 	forcedMTU int
+	rate      rateJuggler
 }
 
-func packetAlign(size uint32) uint32 {
-	return (size + (packetAlignment - 1)) &^ (packetAlignment - 1)
-}
+const WintunPool = wintun.Pool("WireGuard")
+
+//go:linkname procyield runtime.procyield
+func procyield(cycles uint32)
+
+//go:linkname nanotime runtime.nanotime
+func nanotime() int64
 
 //
-// CreateTUN creates a Wintun adapter with the given name. Should a Wintun
-// adapter with the same name exist, it is reused.
+// CreateTUN creates a Wintun interface with the given name. Should a Wintun
+// interface with the same name exist, it is reused.
 //
 func CreateTUN(ifname string) (Device, error) {
 	return CreateTUNWithRequestedGUID(ifname, nil)
 }
 
 //
-// CreateTUNWithRequestedGUID creates a Wintun adapter with the given name and
-// a requested GUID. Should a Wintun adapter with the same name exist, it is reused.
+// CreateTUNWithRequestedGUID creates a Wintun interface with the given name and
+// a requested GUID. Should a Wintun interface with the same name exist, it is reused.
 //
 func CreateTUNWithRequestedGUID(ifname string, requestedGUID *windows.GUID) (Device, error) {
 	var err error
-	var wt *wintun.Wintun
+	var wt *wintun.Interface
 
 	// Does an interface with this name already exist?
-	wt, err = wintun.GetInterface(ifname)
+	wt, err = WintunPool.GetInterface(ifname)
 	if err == nil {
 		// If so, we delete it, in case it has weird residual configuration.
 		_, err = wt.DeleteInterface()
 		if err != nil {
 			return nil, fmt.Errorf("Unable to delete already existing Wintun interface: %v", err)
 		}
-	} else if err == windows.ERROR_ALREADY_EXISTS {
-		return nil, fmt.Errorf("Foreign network interface with the same name exists")
 	}
-	wt, _, err = wintun.CreateInterface("WireGuard Tunnel Adapter", requestedGUID)
+	wt, _, err = WintunPool.CreateInterface(ifname, requestedGUID)
 	if err != nil {
 		return nil, fmt.Errorf("Unable to create Wintun interface: %v", err)
 	}
 
-	err = wt.SetInterfaceName(ifname)
-	if err != nil {
-		wt.DeleteInterface()
-		return nil, fmt.Errorf("Unable to set name of Wintun interface: %v", err)
-	}
-
 	tun := &NativeTun{
 		wt:        wt,
 		handle:    windows.InvalidHandle,
@@ -110,30 +88,13 @@ func CreateTUNWithRequestedGUID(ifname string, requestedGUID *windows.GUID) (Dev
 		forcedMTU: 1500,
 	}
 
-	tun.rings.send.size = uint32(unsafe.Sizeof(ring{}))
-	tun.rings.send.ring = &ring{}
-	tun.rings.send.tailMoved, err = windows.CreateEvent(nil, 0, 0, nil)
+	err = tun.rings.Init()
 	if err != nil {
 		tun.Close()
-		return nil, fmt.Errorf("Error creating event: %v", err)
+		return nil, fmt.Errorf("Error creating events: %v", err)
 	}
 
-	tun.rings.receive.size = uint32(unsafe.Sizeof(ring{}))
-	tun.rings.receive.ring = &ring{}
-	tun.rings.receive.tailMoved, err = windows.CreateEvent(nil, 0, 0, nil)
-	if err != nil {
-		tun.Close()
-		return nil, fmt.Errorf("Error creating event: %v", err)
-	}
-
-	tun.handle, err = tun.wt.AdapterHandle()
-	if err != nil {
-		tun.Close()
-		return nil, err
-	}
-
-	var bytesReturned uint32
-	err = windows.DeviceIoControl(tun.handle, ioctlRegisterRings, (*byte)(unsafe.Pointer(&tun.rings)), uint32(unsafe.Sizeof(tun.rings)), nil, 0, &bytesReturned, nil)
+	tun.handle, err = tun.wt.Register(&tun.rings)
 	if err != nil {
 		tun.Close()
 		return nil, fmt.Errorf("Error registering rings: %v", err)
@@ -142,7 +103,7 @@ func CreateTUNWithRequestedGUID(ifname string, requestedGUID *windows.GUID) (Dev
 }
 
 func (tun *NativeTun) Name() (string, error) {
-	return tun.wt.InterfaceName()
+	return tun.wt.Name()
 }
 
 func (tun *NativeTun) File() *os.File {
@@ -155,18 +116,13 @@ func (tun *NativeTun) Events() chan Event {
 
 func (tun *NativeTun) Close() error {
 	tun.close = true
-	if tun.rings.send.tailMoved != 0 {
-		windows.SetEvent(tun.rings.send.tailMoved) // wake the reader if it's sleeping
+	if tun.rings.Send.TailMoved != 0 {
+		windows.SetEvent(tun.rings.Send.TailMoved) // wake the reader if it's sleeping
 	}
 	if tun.handle != windows.InvalidHandle {
 		windows.CloseHandle(tun.handle)
 	}
-	if tun.rings.send.tailMoved != 0 {
-		windows.CloseHandle(tun.rings.send.tailMoved)
-	}
-	if tun.rings.send.tailMoved != 0 {
-		windows.CloseHandle(tun.rings.receive.tailMoved)
-	}
+	tun.rings.Close()
 	var err error
 	if tun.wt != nil {
 		_, err = tun.wt.DeleteInterface()
@@ -184,9 +140,6 @@ func (tun *NativeTun) ForceMTU(mtu int) {
 	tun.forcedMTU = mtu
 }
 
-//go:linkname procyield runtime.procyield
-func procyield(cycles uint32)
-
 // Note: Read() and Write() assume the caller comes only from a single thread; there's no locking.
 
 func (tun *NativeTun) Read(buff []byte, offset int) (int, error) {
@@ -200,50 +153,52 @@ retry:
 		return 0, os.ErrClosed
 	}
 
-	buffHead := atomic.LoadUint32(&tun.rings.send.ring.head)
-	if buffHead >= packetCapacity {
+	buffHead := atomic.LoadUint32(&tun.rings.Send.Ring.Head)
+	if buffHead >= wintun.PacketCapacity {
 		return 0, os.ErrClosed
 	}
 
-	start := time.Now()
+	start := nanotime()
+	shouldSpin := atomic.LoadUint64(&tun.rate.current) >= spinloopRateThreshold && uint64(start-atomic.LoadInt64(&tun.rate.nextStartTime)) <= rateMeasurementGranularity*2
 	var buffTail uint32
 	for {
-		buffTail = atomic.LoadUint32(&tun.rings.send.ring.tail)
+		buffTail = atomic.LoadUint32(&tun.rings.Send.Ring.Tail)
 		if buffHead != buffTail {
 			break
 		}
 		if tun.close {
 			return 0, os.ErrClosed
 		}
-		if time.Since(start) >= time.Millisecond/80 /* ~1gbit/s */ {
-			windows.WaitForSingleObject(tun.rings.send.tailMoved, windows.INFINITE)
+		if !shouldSpin || uint64(nanotime()-start) >= spinloopDuration {
+			windows.WaitForSingleObject(tun.rings.Send.TailMoved, windows.INFINITE)
 			goto retry
 		}
 		procyield(1)
 	}
-	if buffTail >= packetCapacity {
+	if buffTail >= wintun.PacketCapacity {
 		return 0, os.ErrClosed
 	}
 
-	buffContent := tun.rings.send.ring.wrap(buffTail - buffHead)
-	if buffContent < uint32(unsafe.Sizeof(packetHeader{})) {
+	buffContent := tun.rings.Send.Ring.Wrap(buffTail - buffHead)
+	if buffContent < uint32(unsafe.Sizeof(wintun.PacketHeader{})) {
 		return 0, errors.New("incomplete packet header in send ring")
 	}
 
-	packet := (*packet)(unsafe.Pointer(&tun.rings.send.ring.data[buffHead]))
-	if packet.size > packetSizeMax {
+	packet := (*wintun.Packet)(unsafe.Pointer(&tun.rings.Send.Ring.Data[buffHead]))
+	if packet.Size > wintun.PacketSizeMax {
 		return 0, errors.New("packet too big in send ring")
 	}
 
-	alignedPacketSize := packetAlign(uint32(unsafe.Sizeof(packetHeader{})) + packet.size)
+	alignedPacketSize := wintun.PacketAlign(uint32(unsafe.Sizeof(wintun.PacketHeader{})) + packet.Size)
 	if alignedPacketSize > buffContent {
 		return 0, errors.New("incomplete packet in send ring")
 	}
 
-	copy(buff[offset:], packet.data[:packet.size])
-	buffHead = tun.rings.send.ring.wrap(buffHead + alignedPacketSize)
-	atomic.StoreUint32(&tun.rings.send.ring.head, buffHead)
-	return int(packet.size), nil
+	copy(buff[offset:], packet.Data[:packet.Size])
+	buffHead = tun.rings.Send.Ring.Wrap(buffHead + alignedPacketSize)
+	atomic.StoreUint32(&tun.rings.Send.Ring.Head, buffHead)
+	tun.rate.update(uint64(packet.Size))
+	return int(packet.Size), nil
 }
 
 func (tun *NativeTun) Flush() error {
@@ -256,39 +211,50 @@ func (tun *NativeTun) Write(buff []byte, offset int) (int, error) {
 	}
 
 	packetSize := uint32(len(buff) - offset)
-	alignedPacketSize := packetAlign(uint32(unsafe.Sizeof(packetHeader{})) + packetSize)
+	tun.rate.update(uint64(packetSize))
+	alignedPacketSize := wintun.PacketAlign(uint32(unsafe.Sizeof(wintun.PacketHeader{})) + packetSize)
 
-	buffHead := atomic.LoadUint32(&tun.rings.receive.ring.head)
-	if buffHead >= packetCapacity {
+	buffHead := atomic.LoadUint32(&tun.rings.Receive.Ring.Head)
+	if buffHead >= wintun.PacketCapacity {
 		return 0, os.ErrClosed
 	}
 
-	buffTail := atomic.LoadUint32(&tun.rings.receive.ring.tail)
-	if buffTail >= packetCapacity {
+	buffTail := atomic.LoadUint32(&tun.rings.Receive.Ring.Tail)
+	if buffTail >= wintun.PacketCapacity {
 		return 0, os.ErrClosed
 	}
 
-	buffSpace := tun.rings.receive.ring.wrap(buffHead - buffTail - packetAlignment)
+	buffSpace := tun.rings.Receive.Ring.Wrap(buffHead - buffTail - wintun.PacketAlignment)
 	if alignedPacketSize > buffSpace {
 		return 0, nil // Dropping when ring is full.
 	}
 
-	packet := (*packet)(unsafe.Pointer(&tun.rings.receive.ring.data[buffTail]))
-	packet.size = packetSize
-	copy(packet.data[:packetSize], buff[offset:])
-	atomic.StoreUint32(&tun.rings.receive.ring.tail, tun.rings.receive.ring.wrap(buffTail+alignedPacketSize))
-	if atomic.LoadInt32(&tun.rings.receive.ring.alertable) != 0 {
-		windows.SetEvent(tun.rings.receive.tailMoved)
+	packet := (*wintun.Packet)(unsafe.Pointer(&tun.rings.Receive.Ring.Data[buffTail]))
+	packet.Size = packetSize
+	copy(packet.Data[:packetSize], buff[offset:])
+	atomic.StoreUint32(&tun.rings.Receive.Ring.Tail, tun.rings.Receive.Ring.Wrap(buffTail+alignedPacketSize))
+	if atomic.LoadInt32(&tun.rings.Receive.Ring.Alertable) != 0 {
+		windows.SetEvent(tun.rings.Receive.TailMoved)
 	}
 	return int(packetSize), nil
 }
 
-// LUID returns Windows adapter instance ID.
+// LUID returns Windows interface instance ID.
 func (tun *NativeTun) LUID() uint64 {
 	return tun.wt.LUID()
 }
 
-// wrap returns value modulo ring capacity
-func (rb *ring) wrap(value uint32) uint32 {
-	return value & (packetCapacity - 1)
+func (rate *rateJuggler) update(packetLen uint64) {
+	now := nanotime()
+	total := atomic.AddUint64(&rate.nextByteCount, packetLen)
+	period := uint64(now - atomic.LoadInt64(&rate.nextStartTime))
+	if period >= rateMeasurementGranularity {
+		if !atomic.CompareAndSwapInt32(&rate.changing, 0, 1) {
+			return
+		}
+		atomic.StoreInt64(&rate.nextStartTime, now)
+		atomic.StoreUint64(&rate.current, total*uint64(time.Second/time.Nanosecond)/period)
+		atomic.StoreUint64(&rate.nextByteCount, 0)
+		atomic.StoreInt32(&rate.changing, 0)
+	}
 }

tun/wintun/iphlpapi/conversion_windows.go

@@ -0,0 +1,25 @@
+/* SPDX-License-Identifier: MIT
+ *
+ * Copyright (C) 2019 WireGuard LLC. All Rights Reserved.
+ */
+
+package iphlpapi
+
+import "golang.org/x/sys/windows"
+
+//sys	convertInterfaceLUIDToGUID(interfaceLUID *uint64, interfaceGUID *windows.GUID) (ret error) = iphlpapi.ConvertInterfaceLuidToGuid
+//sys	convertInterfaceAliasToLUID(interfaceAlias *uint16, interfaceLUID *uint64) (ret error) = iphlpapi.ConvertInterfaceAliasToLuid
+
+func InterfaceGUIDFromAlias(alias string) (*windows.GUID, error) {
+	var luid uint64
+	var guid windows.GUID
+	err := convertInterfaceAliasToLUID(windows.StringToUTF16Ptr(alias), &luid)
+	if err != nil {
+		return nil, err
+	}
+	err = convertInterfaceLUIDToGUID(&luid, &guid)
+	if err != nil {
+		return nil, err
+	}
+	return &guid, nil
+}

tun/wintun/iphlpapi/mksyscall.go

@@ -0,0 +1,8 @@
+/* SPDX-License-Identifier: MIT
+ *
+ * Copyright (C) 2019 WireGuard LLC. All Rights Reserved.
+ */
+
+package iphlpapi
+
+//go:generate go run $GOROOT/src/syscall/mksyscall_windows.go -output zsyscall_windows.go conversion_windows.go

tun/wintun/iphlpapi/zsyscall_windows.go

@@ -0,0 +1,60 @@
+// Code generated by 'go generate'; DO NOT EDIT.
+
+package iphlpapi
+
+import (
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/sys/windows"
+)
+
+var _ unsafe.Pointer
+
+// Do the interface allocations only once for common
+// Errno values.
+const (
+	errnoERROR_IO_PENDING = 997
+)
+
+var (
+	errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
+)
+
+// errnoErr returns common boxed Errno values, to prevent
+// allocations at runtime.
+func errnoErr(e syscall.Errno) error {
+	switch e {
+	case 0:
+		return nil
+	case errnoERROR_IO_PENDING:
+		return errERROR_IO_PENDING
+	}
+	// TODO: add more here, after collecting data on the common
+	// error values see on Windows. (perhaps when running
+	// all.bat?)
+	return e
+}
+
+var (
+	modiphlpapi = windows.NewLazySystemDLL("iphlpapi.dll")
+
+	procConvertInterfaceLuidToGuid  = modiphlpapi.NewProc("ConvertInterfaceLuidToGuid")
+	procConvertInterfaceAliasToLuid = modiphlpapi.NewProc("ConvertInterfaceAliasToLuid")
+)
+
+func convertInterfaceLUIDToGUID(interfaceLUID *uint64, interfaceGUID *windows.GUID) (ret error) {
+	r0, _, _ := syscall.Syscall(procConvertInterfaceLuidToGuid.Addr(), 2, uintptr(unsafe.Pointer(interfaceLUID)), uintptr(unsafe.Pointer(interfaceGUID)), 0)
+	if r0 != 0 {
+		ret = syscall.Errno(r0)
+	}
+	return
+}
+
+func convertInterfaceAliasToLUID(interfaceAlias *uint16, interfaceLUID *uint64) (ret error) {
+	r0, _, _ := syscall.Syscall(procConvertInterfaceAliasToLuid.Addr(), 2, uintptr(unsafe.Pointer(interfaceAlias)), uintptr(unsafe.Pointer(interfaceLUID)), 0)
+	if r0 != 0 {
+		ret = syscall.Errno(r0)
+	}
+	return
+}

tun/wintun/namespace_windows.go

@@ -0,0 +1,99 @@
+/* SPDX-License-Identifier: MIT
+ *
+ * Copyright (C) 2019 WireGuard LLC. All Rights Reserved.
+ */
+
+package wintun
+
+import (
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"sync"
+	"unsafe"
+
+	"golang.org/x/crypto/blake2s"
+	"golang.org/x/sys/windows"
+	"golang.org/x/text/unicode/norm"
+
+	"golang.zx2c4.com/wireguard/ipc/winpipe"
+	"golang.zx2c4.com/wireguard/tun/wintun/namespaceapi"
+)
+
+var (
+	wintunObjectSecurityAttributes *windows.SecurityAttributes
+	hasInitializedNamespace        bool
+	initializingNamespace          sync.Mutex
+)
+
+func initializeNamespace() error {
+	initializingNamespace.Lock()
+	defer initializingNamespace.Unlock()
+	if hasInitializedNamespace {
+		return nil
+	}
+	sd, err := winpipe.SddlToSecurityDescriptor("O:SYD:P(A;;GA;;;SY)")
+	if err != nil {
+		return fmt.Errorf("SddlToSecurityDescriptor failed: %v", err)
+	}
+	wintunObjectSecurityAttributes = &windows.SecurityAttributes{
+		Length:             uint32(len(sd)),
+		SecurityDescriptor: uintptr(unsafe.Pointer(&sd[0])),
+	}
+	sid, err := windows.CreateWellKnownSid(windows.WinLocalSystemSid)
+	if err != nil {
+		return fmt.Errorf("CreateWellKnownSid(LOCAL_SYSTEM) failed: %v", err)
+	}
+
+	boundary, err := namespaceapi.CreateBoundaryDescriptor("Wintun")
+	if err != nil {
+		return fmt.Errorf("CreateBoundaryDescriptor failed: %v", err)
+	}
+	err = boundary.AddSid(sid)
+	if err != nil {
+		return fmt.Errorf("AddSIDToBoundaryDescriptor failed: %v", err)
+	}
+	for {
+		_, err = namespaceapi.CreatePrivateNamespace(wintunObjectSecurityAttributes, boundary, "Wintun")
+		if err == windows.ERROR_ALREADY_EXISTS {
+			_, err = namespaceapi.OpenPrivateNamespace(boundary, "Wintun")
+			if err == windows.ERROR_PATH_NOT_FOUND {
+				continue
+			}
+		}
+		if err != nil {
+			return fmt.Errorf("Create/OpenPrivateNamespace failed: %v", err)
+		}
+		break
+	}
+	hasInitializedNamespace = true
+	return nil
+}
+
+func (pool Pool) takeNameMutex() (windows.Handle, error) {
+	err := initializeNamespace()
+	if err != nil {
+		return 0, err
+	}
+
+	const mutexLabel = "WireGuard Adapter Name Mutex Stable Suffix v1 jason@zx2c4.com"
+	b2, _ := blake2s.New256(nil)
+	b2.Write([]byte(mutexLabel))
+	b2.Write(norm.NFC.Bytes([]byte(string(pool))))
+	mutexName := `Wintun\Wintun-Name-Mutex-` + hex.EncodeToString(b2.Sum(nil))
+	mutex, err := windows.CreateMutex(wintunObjectSecurityAttributes, false, windows.StringToUTF16Ptr(mutexName))
+	if err != nil {
+		err = fmt.Errorf("Error creating name mutex: %v", err)
+		return 0, err
+	}
+	event, err := windows.WaitForSingleObject(mutex, windows.INFINITE)
+	if err != nil {
+		windows.CloseHandle(mutex)
+		return 0, fmt.Errorf("Error waiting on name mutex: %v", err)
+	}
+	if event != windows.WAIT_OBJECT_0 && event != windows.WAIT_ABANDONED {
+		windows.CloseHandle(mutex)
+		return 0, errors.New("Error with event trigger of name mutex")
+	}
+	return mutex, nil
+}

tun/wintun/namespaceapi/mksyscall.go

@@ -0,0 +1,8 @@
+/* SPDX-License-Identifier: MIT
+ *
+ * Copyright (C) 2019 WireGuard LLC. All Rights Reserved.
+ */
+
+package namespaceapi
+
+//go:generate go run $GOROOT/src/syscall/mksyscall_windows.go -output zsyscall_windows.go namespaceapi_windows.go

tun/wintun/namespaceapi/namespaceapi_windows.go

@@ -0,0 +1,83 @@
+/* SPDX-License-Identifier: MIT
+ *
+ * Copyright (C) 2019 WireGuard LLC. All Rights Reserved.
+ */
+
+package namespaceapi
+
+import "golang.org/x/sys/windows"
+
+//sys	createBoundaryDescriptor(name *uint16, flags uint32) (handle windows.Handle, err error) = kernel32.CreateBoundaryDescriptorW
+//sys	deleteBoundaryDescriptor(boundaryDescriptor windows.Handle) = kernel32.DeleteBoundaryDescriptor
+//sys	addSIDToBoundaryDescriptor(boundaryDescriptor *windows.Handle, requiredSid *windows.SID) (err error) = kernel32.AddSIDToBoundaryDescriptor
+//sys	createPrivateNamespace(privateNamespaceAttributes *windows.SecurityAttributes, boundaryDescriptor windows.Handle, aliasPrefix *uint16) (handle windows.Handle, err error) = kernel32.CreatePrivateNamespaceW
+//sys	openPrivateNamespace(boundaryDescriptor windows.Handle, aliasPrefix *uint16) (handle windows.Handle, err error) = kernel32.OpenPrivateNamespaceW
+//sys	closePrivateNamespace(handle windows.Handle, flags uint32) (err error) = kernel32.ClosePrivateNamespace
+
+// BoundaryDescriptor represents a boundary that defines how the objects in the namespace are to be isolated.
+type BoundaryDescriptor windows.Handle
+
+// CreateBoundaryDescriptor creates a boundary descriptor.
+func CreateBoundaryDescriptor(name string) (BoundaryDescriptor, error) {
+	name16, err := windows.UTF16PtrFromString(name)
+	if err != nil {
+		return 0, err
+	}
+	handle, err := createBoundaryDescriptor(name16, 0)
+	if err != nil {
+		return 0, err
+	}
+	return BoundaryDescriptor(handle), nil
+}
+
+// Delete deletes the specified boundary descriptor.
+func (bd BoundaryDescriptor) Delete() {
+	deleteBoundaryDescriptor(windows.Handle(bd))
+}
+
+// AddSid adds a security identifier (SID) to the specified boundary descriptor.
+func (bd *BoundaryDescriptor) AddSid(requiredSid *windows.SID) error {
+	return addSIDToBoundaryDescriptor((*windows.Handle)(bd), requiredSid)
+}
+
+// PrivateNamespace represents a private namespace. Duh?!
+type PrivateNamespace windows.Handle
+
+// CreatePrivateNamespace creates a private namespace.
+func CreatePrivateNamespace(privateNamespaceAttributes *windows.SecurityAttributes, boundaryDescriptor BoundaryDescriptor, aliasPrefix string) (PrivateNamespace, error) {
+	aliasPrefix16, err := windows.UTF16PtrFromString(aliasPrefix)
+	if err != nil {
+		return 0, err
+	}
+	handle, err := createPrivateNamespace(privateNamespaceAttributes, windows.Handle(boundaryDescriptor), aliasPrefix16)
+	if err != nil {
+		return 0, err
+	}
+	return PrivateNamespace(handle), nil
+}
+
+// OpenPrivateNamespace opens a private namespace.
+func OpenPrivateNamespace(boundaryDescriptor BoundaryDescriptor, aliasPrefix string) (PrivateNamespace, error) {
+	aliasPrefix16, err := windows.UTF16PtrFromString(aliasPrefix)
+	if err != nil {
+		return 0, err
+	}
+	handle, err := openPrivateNamespace(windows.Handle(boundaryDescriptor), aliasPrefix16)
+	if err != nil {
+		return 0, err
+	}
+	return PrivateNamespace(handle), nil
+}
+
+// ClosePrivateNamespaceFlags describes flags that are used by PrivateNamespace's Close() method.
+type ClosePrivateNamespaceFlags uint32
+
+const (
+	// PrivateNamespaceFlagDestroy makes the close to destroy the namespace.
+	PrivateNamespaceFlagDestroy = ClosePrivateNamespaceFlags(0x1)
+)
+
+// Close closes an open namespace handle.
+func (pns PrivateNamespace) Close(flags ClosePrivateNamespaceFlags) error {
+	return closePrivateNamespace(windows.Handle(pns), uint32(flags))
+}

tun/wintun/namespaceapi/zsyscall_windows.go

@@ -0,0 +1,116 @@
+// Code generated by 'go generate'; DO NOT EDIT.
+
+package namespaceapi
+
+import (
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/sys/windows"
+)
+
+var _ unsafe.Pointer
+
+// Do the interface allocations only once for common
+// Errno values.
+const (
+	errnoERROR_IO_PENDING = 997
+)
+
+var (
+	errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
+)
+
+// errnoErr returns common boxed Errno values, to prevent
+// allocations at runtime.
+func errnoErr(e syscall.Errno) error {
+	switch e {
+	case 0:
+		return nil
+	case errnoERROR_IO_PENDING:
+		return errERROR_IO_PENDING
+	}
+	// TODO: add more here, after collecting data on the common
+	// error values see on Windows. (perhaps when running
+	// all.bat?)
+	return e
+}
+
+var (
+	modkernel32 = windows.NewLazySystemDLL("kernel32.dll")
+
+	procCreateBoundaryDescriptorW  = modkernel32.NewProc("CreateBoundaryDescriptorW")
+	procDeleteBoundaryDescriptor   = modkernel32.NewProc("DeleteBoundaryDescriptor")
+	procAddSIDToBoundaryDescriptor = modkernel32.NewProc("AddSIDToBoundaryDescriptor")
+	procCreatePrivateNamespaceW    = modkernel32.NewProc("CreatePrivateNamespaceW")
+	procOpenPrivateNamespaceW      = modkernel32.NewProc("OpenPrivateNamespaceW")
+	procClosePrivateNamespace      = modkernel32.NewProc("ClosePrivateNamespace")
+)
+
+func createBoundaryDescriptor(name *uint16, flags uint32) (handle windows.Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procCreateBoundaryDescriptorW.Addr(), 2, uintptr(unsafe.Pointer(name)), uintptr(flags), 0)
+	handle = windows.Handle(r0)
+	if handle == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func deleteBoundaryDescriptor(boundaryDescriptor windows.Handle) {
+	syscall.Syscall(procDeleteBoundaryDescriptor.Addr(), 1, uintptr(boundaryDescriptor), 0, 0)
+	return
+}
+
+func addSIDToBoundaryDescriptor(boundaryDescriptor *windows.Handle, requiredSid *windows.SID) (err error) {
+	r1, _, e1 := syscall.Syscall(procAddSIDToBoundaryDescriptor.Addr(), 2, uintptr(unsafe.Pointer(boundaryDescriptor)), uintptr(unsafe.Pointer(requiredSid)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func createPrivateNamespace(privateNamespaceAttributes *windows.SecurityAttributes, boundaryDescriptor windows.Handle, aliasPrefix *uint16) (handle windows.Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procCreatePrivateNamespaceW.Addr(), 3, uintptr(unsafe.Pointer(privateNamespaceAttributes)), uintptr(boundaryDescriptor), uintptr(unsafe.Pointer(aliasPrefix)))
+	handle = windows.Handle(r0)
+	if handle == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func openPrivateNamespace(boundaryDescriptor windows.Handle, aliasPrefix *uint16) (handle windows.Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procOpenPrivateNamespaceW.Addr(), 2, uintptr(boundaryDescriptor), uintptr(unsafe.Pointer(aliasPrefix)), 0)
+	handle = windows.Handle(r0)
+	if handle == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func closePrivateNamespace(handle windows.Handle, flags uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procClosePrivateNamespace.Addr(), 2, uintptr(handle), uintptr(flags), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}

tun/wintun/nci/mksyscall.go

@@ -0,0 +1,8 @@
+/* SPDX-License-Identifier: MIT
+ *
+ * Copyright (C) 2019 WireGuard LLC. All Rights Reserved.
+ */
+
+package nci
+
+//go:generate go run $GOROOT/src/syscall/mksyscall_windows.go -output zsyscall_windows.go nci_windows.go

tun/wintun/nci/nci_windows.go

@@ -0,0 +1,28 @@
+/* SPDX-License-Identifier: MIT
+ *
+ * Copyright (C) 2019 WireGuard LLC. All Rights Reserved.
+ */
+
+package nci
+
+import "golang.org/x/sys/windows"
+
+//sys	nciSetConnectionName(guid *windows.GUID, newName *uint16) (ret error) = nci.NciSetConnectionName
+//sys	nciGetConnectionName(guid *windows.GUID, destName *uint16, inDestNameBytes uint32, outDestNameBytes *uint32) (ret error) = nci.NciGetConnectionName
+
+func SetConnectionName(guid *windows.GUID, newName string) error {
+	newName16, err := windows.UTF16PtrFromString(newName)
+	if err != nil {
+		return err
+	}
+	return nciSetConnectionName(guid, newName16)
+}
+
+func ConnectionName(guid *windows.GUID) (string, error) {
+	var name [0x400]uint16
+	err := nciGetConnectionName(guid, &name[0], uint32(len(name)*2), nil)
+	if err != nil {
+		return "", err
+	}
+	return windows.UTF16ToString(name[:]), nil
+}

tun/wintun/nci/zsyscall_windows.go

@@ -0,0 +1,60 @@
+// Code generated by 'go generate'; DO NOT EDIT.
+
+package nci
+
+import (
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/sys/windows"
+)
+
+var _ unsafe.Pointer
+
+// Do the interface allocations only once for common
+// Errno values.
+const (
+	errnoERROR_IO_PENDING = 997
+)
+
+var (
+	errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
+)
+
+// errnoErr returns common boxed Errno values, to prevent
+// allocations at runtime.
+func errnoErr(e syscall.Errno) error {
+	switch e {
+	case 0:
+		return nil
+	case errnoERROR_IO_PENDING:
+		return errERROR_IO_PENDING
+	}
+	// TODO: add more here, after collecting data on the common
+	// error values see on Windows. (perhaps when running
+	// all.bat?)
+	return e
+}
+
+var (
+	modnci = windows.NewLazySystemDLL("nci.dll")
+
+	procNciSetConnectionName = modnci.NewProc("NciSetConnectionName")
+	procNciGetConnectionName = modnci.NewProc("NciGetConnectionName")
+)
+
+func nciSetConnectionName(guid *windows.GUID, newName *uint16) (ret error) {
+	r0, _, _ := syscall.Syscall(procNciSetConnectionName.Addr(), 2, uintptr(unsafe.Pointer(guid)), uintptr(unsafe.Pointer(newName)), 0)
+	if r0 != 0 {
+		ret = syscall.Errno(r0)
+	}
+	return
+}
+
+func nciGetConnectionName(guid *windows.GUID, destName *uint16, inDestNameBytes uint32, outDestNameBytes *uint32) (ret error) {
+	r0, _, _ := syscall.Syscall6(procNciGetConnectionName.Addr(), 4, uintptr(unsafe.Pointer(guid)), uintptr(unsafe.Pointer(destName)), uintptr(inDestNameBytes), uintptr(unsafe.Pointer(outDestNameBytes)), 0, 0)
+	if r0 != 0 {
+		ret = syscall.Errno(r0)
+	}
+	return
+}

tun/wintun/netshell/netshell_windows.go

@@ -1,32 +0,0 @@
-/* SPDX-License-Identifier: MIT
- *
- * Copyright (C) 2019 WireGuard LLC. All Rights Reserved.
- */
-
-package netshell
-
-import (
-	"syscall"
-	"unsafe"
-
-	"golang.org/x/sys/windows"
-)
-
-var (
-	modnetshell            = windows.NewLazySystemDLL("netshell.dll")
-	procHrRenameConnection = modnetshell.NewProc("HrRenameConnection")
-)
-
-func HrRenameConnection(guid *windows.GUID, newName *uint16) (err error) {
-	err = procHrRenameConnection.Find()
-	if err != nil {
-		// Missing from servercore, so we can't presume it's always there.
-		return
-	}
-
-	ret, _, _ := syscall.Syscall(procHrRenameConnection.Addr(), 2, uintptr(unsafe.Pointer(guid)), uintptr(unsafe.Pointer(newName)), 0)
-	if ret != 0 {
-		err = syscall.Errno(ret)
-	}
-	return
-}

tun/wintun/ring_windows.go

@@ -0,0 +1,97 @@
+/* SPDX-License-Identifier: MIT
+ *
+ * Copyright (C) 2019 WireGuard LLC. All Rights Reserved.
+ */
+
+package wintun
+
+import (
+	"unsafe"
+
+	"golang.org/x/sys/windows"
+)
+
+const (
+	PacketAlignment    = 4        // Number of bytes packets are aligned to in rings
+	PacketSizeMax      = 0xffff   // Maximum packet size
+	PacketCapacity     = 0x800000 // Ring capacity, 8MiB
+	PacketTrailingSize = uint32(unsafe.Sizeof(PacketHeader{})) + ((PacketSizeMax + (PacketAlignment - 1)) &^ (PacketAlignment - 1)) - PacketAlignment
+	ioctlRegisterRings = (51820 << 16) | (0x970 << 2) | 0 /*METHOD_BUFFERED*/ | (0x3 /*FILE_READ_DATA | FILE_WRITE_DATA*/ << 14)
+)
+
+type PacketHeader struct {
+	Size uint32
+}
+
+type Packet struct {
+	PacketHeader
+	Data [PacketSizeMax]byte
+}
+
+type Ring struct {
+	Head      uint32
+	Tail      uint32
+	Alertable int32
+	Data      [PacketCapacity + PacketTrailingSize]byte
+}
+
+type RingDescriptor struct {
+	Send, Receive struct {
+		Size      uint32
+		Ring      *Ring
+		TailMoved windows.Handle
+	}
+}
+
+// Wrap returns value modulo ring capacity
+func (rb *Ring) Wrap(value uint32) uint32 {
+	return value & (PacketCapacity - 1)
+}
+
+// Aligns a packet size to PacketAlignment
+func PacketAlign(size uint32) uint32 {
+	return (size + (PacketAlignment - 1)) &^ (PacketAlignment - 1)
+}
+
+func (descriptor *RingDescriptor) Init() (err error) {
+	descriptor.Send.Size = uint32(unsafe.Sizeof(Ring{}))
+	descriptor.Send.Ring = &Ring{}
+	descriptor.Send.TailMoved, err = windows.CreateEvent(nil, 0, 0, nil)
+	if err != nil {
+		return
+	}
+
+	descriptor.Receive.Size = uint32(unsafe.Sizeof(Ring{}))
+	descriptor.Receive.Ring = &Ring{}
+	descriptor.Receive.TailMoved, err = windows.CreateEvent(nil, 0, 0, nil)
+	if err != nil {
+		windows.CloseHandle(descriptor.Send.TailMoved)
+		return
+	}
+
+	return
+}
+
+func (descriptor *RingDescriptor) Close() {
+	if descriptor.Send.TailMoved != 0 {
+		windows.CloseHandle(descriptor.Send.TailMoved)
+		descriptor.Send.TailMoved = 0
+	}
+	if descriptor.Send.TailMoved != 0 {
+		windows.CloseHandle(descriptor.Receive.TailMoved)
+		descriptor.Receive.TailMoved = 0
+	}
+}
+
+func (wintun *Interface) Register(descriptor *RingDescriptor) (windows.Handle, error) {
+	handle, err := wintun.handle()
+	if err != nil {
+		return 0, err
+	}
+	var bytesReturned uint32
+	err = windows.DeviceIoControl(handle, ioctlRegisterRings, (*byte)(unsafe.Pointer(descriptor)), uint32(unsafe.Sizeof(*descriptor)), nil, 0, &bytesReturned, nil)
+	if err != nil {
+		return 0, err
+	}
+	return handle, nil
+}

tun/wintun/wintun_windows.go

@@ -15,17 +15,20 @@ import (
 	"golang.org/x/sys/windows"
 	"golang.org/x/sys/windows/registry"
 
-	"golang.zx2c4.com/wireguard/tun/wintun/netshell"
+	"golang.zx2c4.com/wireguard/tun/wintun/iphlpapi"
+	"golang.zx2c4.com/wireguard/tun/wintun/nci"
 	registryEx "golang.zx2c4.com/wireguard/tun/wintun/registry"
 	"golang.zx2c4.com/wireguard/tun/wintun/setupapi"
 )
 
-// Wintun is a handle of a Wintun adapter.
-type Wintun struct {
+type Pool string
+
+type Interface struct {
 	cfgInstanceID windows.GUID
 	devInstanceID string
 	luidIndex     uint32
 	ifType        uint32
+	pool          Pool
 }
 
 var deviceClassNetGUID = windows.GUID{Data1: 0x4d36e972, Data2: 0xe325, Data3: 0x11ce, Data4: [8]byte{0xbf, 0xc1, 0x08, 0x00, 0x2b, 0xe1, 0x03, 0x18}}
@@ -37,7 +40,7 @@ const (
 )
 
 // makeWintun creates a Wintun interface handle and populates it from the device's registry key.
-func makeWintun(deviceInfoSet setupapi.DevInfo, deviceInfoData *setupapi.DevInfoData) (*Wintun, error) {
+func makeWintun(deviceInfoSet setupapi.DevInfo, deviceInfoData *setupapi.DevInfoData, pool Pool) (*Interface, error) {
 	// Open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\<class>\<id> registry key.
 	key, err := deviceInfoSet.OpenDevRegKey(deviceInfoData, setupapi.DICS_FLAG_GLOBAL, 0, setupapi.DIREG_DRV, registry.QUERY_VALUE)
 	if err != nil {
@@ -74,19 +77,37 @@ func makeWintun(deviceInfoSet setupapi.DevInfo, deviceInfoData *setupapi.DevInfo
 		return nil, fmt.Errorf("DeviceInstanceID failed: %v", err)
 	}
 
-	return &Wintun{
+	return &Interface{
 		cfgInstanceID: ifid,
 		devInstanceID: instanceID,
 		luidIndex:     uint32(luidIdx),
 		ifType:        uint32(ifType),
+		pool:          pool,
 	}, nil
 }
 
+func removeNumberedSuffix(ifname string) string {
+	removed := strings.TrimRight(ifname, "0123456789")
+	if removed != ifname && len(removed) > 1 && removed[len(removed)-1] == ' ' {
+		return removed[:len(removed)-1]
+	}
+	return ifname
+}
+
 // GetInterface finds a Wintun interface by its name. This function returns
 // the interface if found, or windows.ERROR_OBJECT_NOT_FOUND otherwise. If
-// the interface is found but not a Wintun-class, this function returns
-// windows.ERROR_ALREADY_EXISTS.
-func GetInterface(ifname string) (*Wintun, error) {
+// the interface is found but not a Wintun-class or a member of the pool,
+// this function returns windows.ERROR_ALREADY_EXISTS.
+func (pool Pool) GetInterface(ifname string) (*Interface, error) {
+	mutex, err := pool.takeNameMutex()
+	if err != nil {
+		return nil, err
+	}
+	defer func() {
+		windows.ReleaseMutex(mutex)
+		windows.CloseHandle(mutex)
+	}()
+
 	// Create a list of network devices.
 	devInfoList, err := setupapi.SetupDiGetClassDevsEx(&deviceClassNetGUID, "", 0, setupapi.DIGCF_PRESENT, setupapi.DevInfo(0), "")
 	if err != nil {
@@ -110,18 +131,20 @@ func GetInterface(ifname string) (*Wintun, error) {
 			continue
 		}
 
-		wintun, err := makeWintun(devInfoList, deviceData)
+		wintun, err := makeWintun(devInfoList, deviceData, pool)
 		if err != nil {
 			continue
 		}
 
 		// TODO: is there a better way than comparing ifnames?
-		ifname2, err := wintun.InterfaceName()
+		ifname2, err := wintun.Name()
 		if err != nil {
 			continue
 		}
+		ifname2 = strings.ToLower(ifname2)
+		ifname3 := removeNumberedSuffix(ifname2)
 
-		if ifname == strings.ToLower(ifname2) {
+		if ifname == ifname2 || ifname == ifname3 {
 			err = devInfoList.BuildDriverInfoList(deviceData, setupapi.SPDIT_COMPATDRIVER)
 			if err != nil {
 				return nil, fmt.Errorf("SetupDiBuildDriverInfoList failed: %v", err)
@@ -144,6 +167,14 @@ func GetInterface(ifname string) (*Wintun, error) {
 				}
 
 				if driverDetailData.IsCompatible(hardwareID) {
+					isMember, err := pool.isMember(devInfoList, deviceData)
+					if err != nil {
+						return nil, err
+					}
+					if !isMember {
+						return nil, windows.ERROR_ALREADY_EXISTS
+					}
+
 					return wintun, nil
 				}
 			}
@@ -156,17 +187,24 @@ func GetInterface(ifname string) (*Wintun, error) {
 	return nil, windows.ERROR_OBJECT_NOT_FOUND
 }
 
-// CreateInterface creates a Wintun interface. description is a string that
-// supplies the text description of the device. The description is optional
-// and can be "". requestedGUID is the GUID of the created network interface,
-// which then influences NLA generation deterministically. If it is set to nil,
-// the GUID is chosen by the system at random, and hence a new NLA entry is
-// created for each new interface. It is called "requested" GUID because the
-// API it uses is completely undocumented, and so there could be minor
+// CreateInterface creates a Wintun interface. ifname is the requested name of
+// the interface, while requestedGUID is the GUID of the created network
+// interface, which then influences NLA generation deterministically. If it is
+// set to nil, the GUID is chosen by the system at random, and hence a new NLA
+// entry is created for each new interface. It is called "requested" GUID
+// because the API it uses is completely undocumented, and so there could be minor
 // interesting complications with its usage. This function returns the network
 // interface ID and a flag if reboot is required.
-//
-func CreateInterface(description string, requestedGUID *windows.GUID) (wintun *Wintun, rebootRequired bool, err error) {
+func (pool Pool) CreateInterface(ifname string, requestedGUID *windows.GUID) (wintun *Interface, rebootRequired bool, err error) {
+	mutex, err := pool.takeNameMutex()
+	if err != nil {
+		return
+	}
+	defer func() {
+		windows.ReleaseMutex(mutex)
+		windows.CloseHandle(mutex)
+	}()
+
 	// Create an empty device info set for network adapter device class.
 	devInfoList, err := setupapi.SetupDiCreateDeviceInfoListEx(&deviceClassNetGUID, 0, "")
 	if err != nil {
@@ -183,7 +221,8 @@ func CreateInterface(description string, requestedGUID *windows.GUID) (wintun *W
 	}
 
 	// Create a new device info element and add it to the device info set.
-	deviceData, err := devInfoList.CreateDeviceInfo(className, &deviceClassNetGUID, description, 0, setupapi.DICD_GENERATE_ID)
+	deviceTypeName := pool.deviceTypeName()
+	deviceData, err := devInfoList.CreateDeviceInfo(className, &deviceClassNetGUID, deviceTypeName, 0, setupapi.DICD_GENERATE_ID)
 	if err != nil {
 		err = fmt.Errorf("SetupDiCreateDeviceInfo failed: %v", err)
 		return
@@ -251,42 +290,6 @@ func CreateInterface(description string, requestedGUID *windows.GUID) (wintun *W
 		return
 	}
 
-	// Call appropriate class installer.
-	err = devInfoList.CallClassInstaller(setupapi.DIF_REGISTERDEVICE, deviceData)
-	if err != nil {
-		err = fmt.Errorf("SetupDiCallClassInstaller(DIF_REGISTERDEVICE) failed: %v", err)
-		return
-	}
-
-	// Register device co-installers if any. (Ignore errors)
-	devInfoList.CallClassInstaller(setupapi.DIF_REGISTER_COINSTALLERS, deviceData)
-
-	var key registry.Key
-	const pollTimeout = time.Millisecond * 50
-	for i := 0; i < int(waitForRegistryTimeout/pollTimeout); i++ {
-		if i != 0 {
-			time.Sleep(pollTimeout)
-		}
-		key, err = devInfoList.OpenDevRegKey(deviceData, setupapi.DICS_FLAG_GLOBAL, 0, setupapi.DIREG_DRV, registry.SET_VALUE|registry.QUERY_VALUE|registry.NOTIFY)
-		if err == nil {
-			break
-		}
-	}
-	if err != nil {
-		err = fmt.Errorf("SetupDiOpenDevRegKey failed: %v", err)
-		return
-	}
-	defer key.Close()
-	if requestedGUID != nil {
-		err = key.SetStringValue("NetSetupAnticipatedInstanceId", requestedGUID.String())
-		if err != nil {
-			err = fmt.Errorf("SetStringValue(NetSetupAnticipatedInstanceId) failed: %v", err)
-			return
-		}
-	}
-
-	// Install interfaces if any. (Ignore errors)
-	devInfoList.CallClassInstaller(setupapi.DIF_INSTALLINTERFACES, deviceData)
 	defer func() {
 		if err != nil {
 			// The interface failed to install, or the interface ID was unobtainable. Clean-up.
@@ -307,6 +310,43 @@ func CreateInterface(description string, requestedGUID *windows.GUID) (wintun *W
 		}
 	}()
 
+	// Call appropriate class installer.
+	err = devInfoList.CallClassInstaller(setupapi.DIF_REGISTERDEVICE, deviceData)
+	if err != nil {
+		err = fmt.Errorf("SetupDiCallClassInstaller(DIF_REGISTERDEVICE) failed: %v", err)
+		return
+	}
+
+	// Register device co-installers if any. (Ignore errors)
+	devInfoList.CallClassInstaller(setupapi.DIF_REGISTER_COINSTALLERS, deviceData)
+
+	var netDevRegKey registry.Key
+	const pollTimeout = time.Millisecond * 50
+	for i := 0; i < int(waitForRegistryTimeout/pollTimeout); i++ {
+		if i != 0 {
+			time.Sleep(pollTimeout)
+		}
+		netDevRegKey, err = devInfoList.OpenDevRegKey(deviceData, setupapi.DICS_FLAG_GLOBAL, 0, setupapi.DIREG_DRV, registry.SET_VALUE|registry.QUERY_VALUE|registry.NOTIFY)
+		if err == nil {
+			break
+		}
+	}
+	if err != nil {
+		err = fmt.Errorf("SetupDiOpenDevRegKey failed: %v", err)
+		return
+	}
+	defer netDevRegKey.Close()
+	if requestedGUID != nil {
+		err = netDevRegKey.SetStringValue("NetSetupAnticipatedInstanceId", requestedGUID.String())
+		if err != nil {
+			err = fmt.Errorf("SetStringValue(NetSetupAnticipatedInstanceId) failed: %v", err)
+			return
+		}
+	}
+
+	// Install interfaces if any. (Ignore errors)
+	devInfoList.CallClassInstaller(setupapi.DIF_INSTALLINTERFACES, deviceData)
+
 	// Install the device.
 	err = devInfoList.CallClassInstaller(setupapi.DIF_INSTALLDEVICE, deviceData)
 	if err != nil {
@@ -315,56 +355,40 @@ func CreateInterface(description string, requestedGUID *windows.GUID) (wintun *W
 	}
 	rebootRequired = checkReboot(devInfoList, deviceData)
 
+	err = devInfoList.SetDeviceRegistryPropertyString(deviceData, setupapi.SPDRP_DEVICEDESC, deviceTypeName)
+	if err != nil {
+		err = fmt.Errorf("SetDeviceRegistryPropertyString(SPDRP_DEVICEDESC) failed: %v", err)
+		return
+	}
+
 	// DIF_INSTALLDEVICE returns almost immediately, while the device installation
 	// continues in the background. It might take a while, before all registry
 	// keys and values are populated.
-	_, err = registryEx.GetStringValueWait(key, "NetCfgInstanceId", waitForRegistryTimeout)
+	_, err = registryEx.GetStringValueWait(netDevRegKey, "NetCfgInstanceId", waitForRegistryTimeout)
 	if err != nil {
 		err = fmt.Errorf("GetStringValueWait(NetCfgInstanceId) failed: %v", err)
 		return
 	}
-	_, err = registryEx.GetIntegerValueWait(key, "NetLuidIndex", waitForRegistryTimeout)
+	_, err = registryEx.GetIntegerValueWait(netDevRegKey, "NetLuidIndex", waitForRegistryTimeout)
 	if err != nil {
 		err = fmt.Errorf("GetIntegerValueWait(NetLuidIndex) failed: %v", err)
 		return
 	}
-	_, err = registryEx.GetIntegerValueWait(key, "*IfType", waitForRegistryTimeout)
+	_, err = registryEx.GetIntegerValueWait(netDevRegKey, "*IfType", waitForRegistryTimeout)
 	if err != nil {
 		err = fmt.Errorf("GetIntegerValueWait(*IfType) failed: %v", err)
 		return
 	}
 
 	// Get network interface.
-	wintun, err = makeWintun(devInfoList, deviceData)
+	wintun, err = makeWintun(devInfoList, deviceData, pool)
 	if err != nil {
 		err = fmt.Errorf("makeWintun failed: %v", err)
 		return
 	}
 
-	// Wait for network registry key to emerge and populate.
-	key, err = registryEx.OpenKeyWait(
-		registry.LOCAL_MACHINE,
-		wintun.netRegKeyName(),
-		registry.QUERY_VALUE|registry.NOTIFY,
-		waitForRegistryTimeout)
-	if err != nil {
-		err = fmt.Errorf("makeWintun failed: %v", err)
-		return
-	}
-	defer key.Close()
-	_, err = registryEx.GetStringValueWait(key, "Name", waitForRegistryTimeout)
-	if err != nil {
-		err = fmt.Errorf("GetStringValueWait(Name) failed: %v", err)
-		return
-	}
-	_, err = registryEx.GetStringValueWait(key, "PnPInstanceId", waitForRegistryTimeout)
-	if err != nil {
-		err = fmt.Errorf("GetStringValueWait(PnPInstanceId) failed: %v", err)
-		return
-	}
-
 	// Wait for TCP/IP adapter registry key to emerge and populate.
-	key, err = registryEx.OpenKeyWait(
+	tcpipAdapterRegKey, err := registryEx.OpenKeyWait(
 		registry.LOCAL_MACHINE,
 		wintun.tcpipAdapterRegKeyName(), registry.QUERY_VALUE|registry.NOTIFY,
 		waitForRegistryTimeout)
@@ -372,8 +396,8 @@ func CreateInterface(description string, requestedGUID *windows.GUID) (wintun *W
 		err = fmt.Errorf("OpenKeyWait(HKLM\\%s) failed: %v", wintun.tcpipAdapterRegKeyName(), err)
 		return
 	}
-	defer key.Close()
-	_, err = registryEx.GetStringValueWait(key, "IpConfig", waitForRegistryTimeout)
+	defer tcpipAdapterRegKey.Close()
+	_, err = registryEx.GetStringValueWait(tcpipAdapterRegKey, "IpConfig", waitForRegistryTimeout)
 	if err != nil {
 		err = fmt.Errorf("GetStringValueWait(IpConfig) failed: %v", err)
 		return
@@ -386,28 +410,23 @@ func CreateInterface(description string, requestedGUID *windows.GUID) (wintun *W
 	}
 
 	// Wait for TCP/IP interface registry key to emerge.
-	key, err = registryEx.OpenKeyWait(
+	tcpipInterfaceRegKey, err := registryEx.OpenKeyWait(
 		registry.LOCAL_MACHINE,
-		tcpipInterfaceRegKeyName, registry.QUERY_VALUE,
+		tcpipInterfaceRegKeyName, registry.QUERY_VALUE|registry.SET_VALUE,
 		waitForRegistryTimeout)
 	if err != nil {
 		err = fmt.Errorf("OpenKeyWait(HKLM\\%s) failed: %v", tcpipInterfaceRegKeyName, err)
 		return
 	}
-	key.Close()
-
-	//
-	// All the registry keys and values we're relying on are present now.
-	//
-
+	defer tcpipInterfaceRegKey.Close()
 	// Disable dead gateway detection on our interface.
-	key, err = registry.OpenKey(registry.LOCAL_MACHINE, tcpipInterfaceRegKeyName, registry.SET_VALUE)
+	tcpipInterfaceRegKey.SetDWordValue("EnableDeadGWDetect", 0)
+
+	err = wintun.SetName(ifname)
 	if err != nil {
-		err = fmt.Errorf("Error opening interface-specific TCP/IP network registry key: %v", err)
+		err = fmt.Errorf("Unable to set name of Wintun interface: %v", err)
 		return
 	}
-	key.SetDWordValue("EnableDeadGWDetect", 0)
-	key.Close()
 
 	return
 }
@@ -415,7 +434,7 @@ func CreateInterface(description string, requestedGUID *windows.GUID) (wintun *W
 // DeleteInterface deletes a Wintun interface. This function succeeds
 // if the interface was not found. It returns a bool indicating whether
 // a reboot is required.
-func (wintun *Wintun) DeleteInterface() (rebootRequired bool, err error) {
+func (wintun *Interface) DeleteInterface() (rebootRequired bool, err error) {
 	devInfoList, deviceData, err := wintun.deviceData()
 	if err == windows.ERROR_OBJECT_NOT_FOUND {
 		return false, nil
@@ -446,10 +465,20 @@ func (wintun *Wintun) DeleteInterface() (rebootRequired bool, err error) {
 	return checkReboot(devInfoList, deviceData), nil
 }
 
-// DeleteAllInterfaces deletes all Wintun interfaces, and returns which
-// ones it deleted, whether a reboot is required after, and which errors
-// occurred during the process.
-func DeleteAllInterfaces() (deviceInstancesDeleted []uint32, rebootRequired bool, errors []error) {
+// DeleteMatchingInterfaces deletes all Wintun interfaces, which match
+// given criteria, and returns which ones it deleted, whether a reboot
+// is required after, and which errors occurred during the process.
+func (pool Pool) DeleteMatchingInterfaces(matches func(wintun *Interface) bool) (deviceInstancesDeleted []uint32, rebootRequired bool, errors []error) {
+	mutex, err := pool.takeNameMutex()
+	if err != nil {
+		errors = append(errors, err)
+		return
+	}
+	defer func() {
+		windows.ReleaseMutex(mutex)
+		windows.CloseHandle(mutex)
+	}()
+
 	devInfoList, err := setupapi.SetupDiGetClassDevsEx(&deviceClassNetGUID, "", 0, setupapi.DIGCF_PRESENT, setupapi.DevInfo(0), "")
 	if err != nil {
 		return nil, false, []error{fmt.Errorf("SetupDiGetClassDevsEx(%v) failed: %v", deviceClassNetGUID, err.Error())}
@@ -493,6 +522,24 @@ func DeleteAllInterfaces() (deviceInstancesDeleted []uint32, rebootRequired bool
 			continue
 		}
 
+		isMember, err := pool.isMember(devInfoList, deviceData)
+		if err != nil {
+			errors = append(errors, err)
+			continue
+		}
+		if !isMember {
+			continue
+		}
+
+		wintun, err := makeWintun(devInfoList, deviceData, pool)
+		if err != nil {
+			errors = append(errors, fmt.Errorf("Unable to make Wintun interface object: %v", err))
+			continue
+		}
+		if !matches(wintun) {
+			continue
+		}
+
 		err = setQuietInstall(devInfoList, deviceData)
 		if err != nil {
 			errors = append(errors, err)
@@ -520,6 +567,23 @@ func DeleteAllInterfaces() (deviceInstancesDeleted []uint32, rebootRequired bool
 	return
 }
 
+// isMember checks if SPDRP_DEVICEDESC or SPDRP_FRIENDLYNAME match device type name.
+func (pool Pool) isMember(deviceInfoSet setupapi.DevInfo, deviceInfoData *setupapi.DevInfoData) (bool, error) {
+	deviceDescVal, err := deviceInfoSet.DeviceRegistryProperty(deviceInfoData, setupapi.SPDRP_DEVICEDESC)
+	if err != nil {
+		return false, fmt.Errorf("DeviceRegistryPropertyString(SPDRP_DEVICEDESC) failed: %v", err)
+	}
+	deviceDesc, _ := deviceDescVal.(string)
+	friendlyNameVal, err := deviceInfoSet.DeviceRegistryProperty(deviceInfoData, setupapi.SPDRP_FRIENDLYNAME)
+	if err != nil {
+		return false, fmt.Errorf("DeviceRegistryPropertyString(SPDRP_FRIENDLYNAME) failed: %v", err)
+	}
+	friendlyName, _ := friendlyNameVal.(string)
+	deviceTypeName := pool.deviceTypeName()
+	return friendlyName == deviceTypeName || deviceDesc == deviceTypeName ||
+		removeNumberedSuffix(friendlyName) == deviceTypeName || removeNumberedSuffix(deviceDesc) == deviceTypeName, nil
+}
+
 // checkReboot checks device install parameters if a system reboot is required.
 func checkReboot(deviceInfoSet setupapi.DevInfo, deviceInfoData *setupapi.DevInfoData) bool {
 	devInstallParams, err := deviceInfoSet.DeviceInstallParams(deviceInfoData)
@@ -541,47 +605,79 @@ func setQuietInstall(deviceInfoSet setupapi.DevInfo, deviceInfoData *setupapi.De
 	return deviceInfoSet.SetDeviceInstallParams(deviceInfoData, devInstallParams)
 }
 
-// InterfaceName returns the name of the Wintun interface.
-func (wintun *Wintun) InterfaceName() (string, error) {
-	key, err := registry.OpenKey(registry.LOCAL_MACHINE, wintun.netRegKeyName(), registry.QUERY_VALUE)
+// deviceTypeName returns pool-specific device type name.
+func (pool Pool) deviceTypeName() string {
+	return fmt.Sprintf("%s Tunnel", pool)
+}
+
+// Name returns the name of the Wintun interface.
+func (wintun *Interface) Name() (string, error) {
+	return nci.ConnectionName(&wintun.cfgInstanceID)
+}
+
+// SetName sets name of the Wintun interface.
+func (wintun *Interface) SetName(ifname string) error {
+	const maxSuffix = 1000
+	availableIfname := ifname
+	for i := 0; ; i++ {
+		err := nci.SetConnectionName(&wintun.cfgInstanceID, availableIfname)
+		if err == windows.ERROR_DUP_NAME {
+			duplicateGuid, err2 := iphlpapi.InterfaceGUIDFromAlias(availableIfname)
+			if err2 == nil {
+				for j := 0; j < maxSuffix; j++ {
+					proposal := fmt.Sprintf("%s %d", ifname, j+1)
+					if proposal == availableIfname {
+						continue
+					}
+					err2 = nci.SetConnectionName(duplicateGuid, proposal)
+					if err2 == windows.ERROR_DUP_NAME {
+						continue
+					}
+					if err2 == nil {
+						err = nci.SetConnectionName(&wintun.cfgInstanceID, availableIfname)
+						if err == nil {
+							break
+						}
+					}
+					break
+				}
+			}
+		}
+		if err == nil {
+			break
+		}
+
+		if i > maxSuffix || err != windows.ERROR_DUP_NAME {
+			return fmt.Errorf("NciSetConnectionName failed: %v", err)
+		}
+		availableIfname = fmt.Sprintf("%s %d", ifname, i+1)
+	}
+
+	// TODO: This should use NetSetup2 so that it doesn't get unset.
+	deviceRegKey, err := registry.OpenKey(registry.LOCAL_MACHINE, wintun.deviceRegKeyName(), registry.SET_VALUE)
 	if err != nil {
-		return "", fmt.Errorf("Network-specific registry key open failed: %v", err)
+		return fmt.Errorf("Device-level registry key open failed: %v", err)
 	}
-	defer key.Close()
-
-	// Get the interface name.
-	return registryEx.GetStringValue(key, "Name")
-}
-
-// SetInterfaceName sets name of the Wintun interface.
-func (wintun *Wintun) SetInterfaceName(ifname string) error {
-	// We have to tell the various runtime COM services about the new name too. We ignore the
-	// error because netshell isn't available on servercore.
-	// TODO: netsh.exe falls back to NciSetConnection in this case. If somebody complains, maybe
-	// we should do the same.
-	netshell.HrRenameConnection(&wintun.cfgInstanceID, windows.StringToUTF16Ptr(ifname))
-
-	// Set the interface name. The above line should have done this too, but in case it failed, we force it.
-	key, err := registry.OpenKey(registry.LOCAL_MACHINE, wintun.netRegKeyName(), registry.SET_VALUE)
+	defer deviceRegKey.Close()
+	err = deviceRegKey.SetStringValue("FriendlyName", wintun.pool.deviceTypeName())
 	if err != nil {
-		return fmt.Errorf("Network-specific registry key open failed: %v", err)
+		return fmt.Errorf("SetStringValue(FriendlyName) failed: %v", err)
 	}
-	defer key.Close()
-	return key.SetStringValue("Name", ifname)
-}
-
-// netRegKeyName returns the interface-specific network registry key name.
-func (wintun *Wintun) netRegKeyName() string {
-	return fmt.Sprintf("SYSTEM\\CurrentControlSet\\Control\\Network\\%v\\%v\\Connection", deviceClassNetGUID, wintun.cfgInstanceID)
+	return nil
 }
 
 // tcpipAdapterRegKeyName returns the adapter-specific TCP/IP network registry key name.
-func (wintun *Wintun) tcpipAdapterRegKeyName() string {
+func (wintun *Interface) tcpipAdapterRegKeyName() string {
 	return fmt.Sprintf("SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Adapters\\%v", wintun.cfgInstanceID)
 }
 
+// deviceRegKeyName returns the device-level registry key name
+func (wintun *Interface) deviceRegKeyName() string {
+	return fmt.Sprintf("SYSTEM\\CurrentControlSet\\Enum\\%v", wintun.devInstanceID)
+}
+
 // tcpipInterfaceRegKeyName returns the interface-specific TCP/IP network registry key name.
-func (wintun *Wintun) tcpipInterfaceRegKeyName() (path string, err error) {
+func (wintun *Interface) tcpipInterfaceRegKeyName() (path string, err error) {
 	key, err := registry.OpenKey(registry.LOCAL_MACHINE, wintun.tcpipAdapterRegKeyName(), registry.QUERY_VALUE)
 	if err != nil {
 		return "", fmt.Errorf("Error opening adapter-specific TCP/IP network registry key: %v", err)
@@ -600,7 +696,7 @@ func (wintun *Wintun) tcpipInterfaceRegKeyName() (path string, err error) {
 // deviceData returns TUN device info list handle and interface device info
 // data. The device info list handle must be closed after use. In case the
 // device is not found, windows.ERROR_OBJECT_NOT_FOUND is returned.
-func (wintun *Wintun) deviceData() (setupapi.DevInfo, *setupapi.DevInfoData, error) {
+func (wintun *Interface) deviceData() (setupapi.DevInfo, *setupapi.DevInfoData, error) {
 	// Create a list of network devices.
 	devInfoList, err := setupapi.SetupDiGetClassDevsEx(&deviceClassNetGUID, "", 0, setupapi.DIGCF_PRESENT, setupapi.DevInfo(0), "")
 	if err != nil {
@@ -618,7 +714,7 @@ func (wintun *Wintun) deviceData() (setupapi.DevInfo, *setupapi.DevInfoData, err
 
 		// Get interface ID.
 		// TODO: Store some ID in the Wintun object such that this call isn't required.
-		wintun2, err := makeWintun(devInfoList, deviceData)
+		wintun2, err := makeWintun(devInfoList, deviceData, wintun.pool)
 		if err != nil {
 			continue
 		}
@@ -637,25 +733,25 @@ func (wintun *Wintun) deviceData() (setupapi.DevInfo, *setupapi.DevInfoData, err
 	return 0, nil, windows.ERROR_OBJECT_NOT_FOUND
 }
 
-// AdapterHandle returns a handle to the adapter device object.
-func (wintun *Wintun) AdapterHandle() (windows.Handle, error) {
+// handle returns a handle to the interface device object.
+func (wintun *Interface) handle() (windows.Handle, error) {
 	interfaces, err := setupapi.CM_Get_Device_Interface_List(wintun.devInstanceID, &deviceInterfaceNetGUID, setupapi.CM_GET_DEVICE_INTERFACE_LIST_PRESENT)
 	if err != nil {
-		return windows.InvalidHandle, err
+		return windows.InvalidHandle, fmt.Errorf("Error listing NDIS interfaces: %v", err)
 	}
 	handle, err := windows.CreateFile(windows.StringToUTF16Ptr(interfaces[0]), windows.GENERIC_READ|windows.GENERIC_WRITE, windows.FILE_SHARE_READ|windows.FILE_SHARE_WRITE|windows.FILE_SHARE_DELETE, nil, windows.OPEN_EXISTING, 0, 0)
 	if err != nil {
-		return windows.InvalidHandle, fmt.Errorf("Open NDIS device failed: %v", err)
+		return windows.InvalidHandle, fmt.Errorf("Error opening NDIS device: %v", err)
 	}
 	return handle, nil
 }
 
 // GUID returns the GUID of the interface.
-func (wintun *Wintun) GUID() windows.GUID {
+func (wintun *Interface) GUID() windows.GUID {
 	return wintun.cfgInstanceID
 }
 
 // LUID returns the LUID of the interface.
-func (wintun *Wintun) LUID() uint64 {
+func (wintun *Interface) LUID() uint64 {
 	return ((uint64(wintun.luidIndex) & ((1 << 24) - 1)) << 24) | ((uint64(wintun.ifType) & ((1 << 16) - 1)) << 48)
 }