Commit Graph

532 Commits

Author SHA1 Message Date
Simon Rozman
b592e071d2 api: tighten source code annotation
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-10-30 16:50:59 +01:00
Simon Rozman
640605a8d9 api: update documentation
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-10-30 16:50:59 +01:00
Simon Rozman
355ce73841 api: simplify workflow
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-10-30 16:50:59 +01:00
Simon Rozman
c213663a90 api: revise and unify error codes
GetDevInfoData: Some functions returned ERROR_OBJECT_NOT_FOUND, others
ERROR_FILE_NOT_FOUND when the needle was not found in the haystack.

GetTcpipInterfaceRegPath: When IpConfig is an empty REG_MULTI_SZ, it is
actually ERROR_INVALID_DATA - like other unexpected registry values -
rather than a misleading ERROR_NETWORK_NOT_AVAILABLE.

Failure in TakeNameMutex result in ERROR_INVALID_HANDLE rather than the
ERROR_GEN_FAILURE with a misleading message: "A device attached to the
system is not functioning."

Signed-off-by: Simon Rozman <simon@rozman.si>
2020-10-30 16:50:59 +01:00
Simon Rozman
28c135b8e1 api: tighten maximum registry key path length
Maximum registry key path length is not 260 (MAX_PATH), but 255 (256
incl. zero terminator).

Signed-off-by: Simon Rozman <simon@rozman.si>
2020-10-30 16:50:59 +01:00
Simon Rozman
43a1751b21 api: fix SPDRP_DEVICEDESC zero-termination
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-10-30 16:50:59 +01:00
Simon Rozman
0adf0fab8d api: do the set-quiet-install later
Rather than setting the "quiet" flag to each and every device in the
process of iterating, set it when actually creating/deleting it.

Signed-off-by: Simon Rozman <simon@rozman.si>
2020-10-30 16:50:59 +01:00
Simon Rozman
08e2993d23 api: cleanup
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-10-30 16:50:59 +01:00
Simon Rozman
0a986ce9fc api: add pre-compiled header support
...for super-fast compilation.

Signed-off-by: Simon Rozman <simon@rozman.si>
2020-10-30 16:50:58 +01:00
Simon Rozman
a283add85b api: rename WINSTATUS to WINTUN_STATUS
...to reduce name collision probability.

Signed-off-by: Simon Rozman <simon@rozman.si>
2020-10-30 16:50:58 +01:00
Simon Rozman
7e3740018d api: finish porting from wireguard-go
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-10-30 16:50:58 +01:00
Simon Rozman
c8bf62ac19 api: unify Win32 error type
This makes the code more readable and works around the clang-format.exe
issues with _Return_type_success_ source annotation.

Signed-off-by: Simon Rozman <simon@rozman.si>
2020-10-30 16:50:58 +01:00
Simon Rozman
d3a63116ba api: port GetInterface member from wireguard-go
Mind that this also fixes the order of adapter detection checks. A fast
test to eliminate non-Wintun adapters from iteration to speed things up
rendered the method incapable of detecting a non-Wintun adapter with the
name we are looking for.

ERROR_OBJECT_NOT_FOUND was replaced with ERROR_FILE_NOT_FOUND.

Signed-off-by: Simon Rozman <simon@rozman.si>
2020-10-30 16:50:58 +01:00
Simon Rozman
3fa45fec71 api: port nci package from wireguard-go
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-10-30 16:50:58 +01:00
Simon Rozman
6f55786c65 api: port tun\wintun\namespace_windows.go from wireguard-go
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-10-30 16:50:58 +01:00
Simon Rozman
0ef8578c81 api: add skeleton for wintun.dll
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-10-30 16:50:58 +01:00
Simon Rozman
e7763f64db msi-example: add ARM64 support
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-10-30 16:50:58 +01:00
Simon Rozman
826c976523 msi-example: remove unused parameter in call :msi
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-10-30 16:50:58 +01:00
Simon Rozman
9b0c400511 Enable ARM64 MSM building
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-10-30 16:50:58 +01:00
Simon Rozman
00efaa79fa installer: ignore light.exe internal error
Wix Toolset introduced an issue beginning with the v3.14.0.3827 release.
When linking merge module, the light.exe displays an internal error:

```
WixLink:
  "C:\Program Files (x86)\WiX Toolset v3.14\bin\light.exe"  -nologo -b o
  utput_dir="..\amd64\Release" -spdb -sw1076 -sw1079 -out "..\dist\wintu
  n-amd64-0.8.msm" "..\amd64\Release\installer-intermediate\installer.wi
  xobj"
light.exe : error LGHT0204: ICEM10: The property 'ProductCode' is not al
lowed in a Merge Module [C:\Users\Simon\Projekti\wintun\installer\instal
ler.vcxproj]
C:\Users\Simon\AppData\Local\Temp\xdyw3dnt\wintun-amd64-0.8.msm : error
LGHT0204: ICE03: Table: Component Column: _IceM05Mark Missing specificat
ions in _Validation Table (or Old Database) [C:\Users\Simon\Projekti\win
tun\installer\installer.vcxproj]
C:\Users\Simon\AppData\Local\Temp\xdyw3dnt\wintun-amd64-0.8.msm : error
LGHT0204: ICE03: Table: File Column: _ICEM07CAB Missing specifications i
n _Validation Table (or Old Database) [C:\Users\Simon\Projekti\wintun\in
staller\installer.vcxproj]
light.exe : error LGHT0217: Error executing ICE action 'ICE103'. The mos
t common cause of this kind of ICE failure is an incorrectly registered
scripting engine. See http://wixtoolset.org/documentation/error217/ for
details and how to solve this problem. The following string format was n
ot expected by the external UI message logger: "There is a problem with
this Windows Installer package. A DLL required for this install to compl
ete could not be run. Contact your support personnel or package vendor.
 ". [C:\Users\Simon\Projekti\wintun\installer\installer.vcxproj]
  The command ""C:\Program Files (x86)\WiX Toolset v3.14\bin\light.exe"
   -nologo -b output_dir="..\amd64\Release" -spdb -sw1076 -sw1079 -out "
  ..\dist\wintun-amd64-0.8.msm" "..\amd64\Release\installer-intermediate
  \installer.wixobj"" exited with code 217.
```

This error is not a direct consequence of anything being wrong in our
source code. Fortunately, the utility still produces identical MSM file
as previous WiX Toolset versions do. Unfortunately, it exits with code
217.

However, we need recent v3.14 for ARM64 support.

I know this is a huge issue for our build system, masking out any other
potential true error, but the light.exe exit code has been temporarily
ignored.

Signed-off-by: Simon Rozman <simon@rozman.si>
2020-10-30 16:50:58 +01:00
Simon Rozman
bca23da5bf installer: ARM64 requires msiexec version >=500
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-10-30 16:50:58 +01:00
Simon Rozman
9b61d0d851 Accept WoW64 clients
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-10-30 16:50:58 +01:00
Simon Rozman
6a65b11231 installer: ARM64 is always Windows 10
ARM64 support was introduced in Windows 10. There is no need to pack the
EV signed ARM64 driver for older Windows releases.

The only use-case we do want to pack an EV signed ARM64 driver (or test
signed) in the installer.dll is when we are doing the rundll32.exe
tests. Therefore, the Debug version still packs it.

If there is no driver available to pack, fail at compile time - rather
than build an installer.dll that would fail at runtime.

Signed-off-by: Simon Rozman <simon@rozman.si>
2020-10-30 16:50:58 +01:00
Shawn Hoffman
9c39b2b567 Use standard volatile semantics
Make all archs are use the standardized concept of volatile.
This patch will cause the most changes to arm64 codegen.

Signed-off-by: Shawn Hoffman <godisgovernment@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-10-30 17:08:10 +01:00
Jason A. Donenfeld
b19c7abd41 Fix potential TunDispatchSecurityDescriptor leak
TunDispatchSecurityDescriptor will leak if RtlAbsoluteToSelfRelativeSD
fails. Add cleanup in error path.

Reported-by: Shawn Hoffman <godisgovernment@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-10-30 17:04:34 +01:00
Shawn Hoffman
cb1f62156e Use RtlSubAuthoritySid instead of directly poking SID
Signed-off-by: Shawn Hoffman <godisgovernment@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-10-30 17:00:20 +01:00
Simon Rozman
6d6e219080 Reschedule EvaluateWintun between InstallInitialize and InstallFinalize
WireGuard is always doing so-called "minor" upgrade. This makes it
enough to run EvaluateWintun only once - somewhere after CostFinalize.
The component state we bind our driver install/remove logic to will be a
singleton: either be installed,  left alone, or uninstalled. One single
action for install product session and RemoveExistingProducts session.

Other applications using Wintun might use the so-called "major" upgrade.
In this scenario the existing product is completely uninstalled first.
Including Wintun. The EvaluateWintun was called only once and it
determined that Wintun driver should be uninstalled. Since the MSI did
not execute EvaluateWintun again when installing the new product later,
the Wintun remained uninstalled.

In the case of major upgrades, the Wintun requires two separate action
logics: what to do with Wintun on uninstall of the old product, and what
to do with it when new product is installed.

Therefore, EvaluateWintun has been moved between InstallInitialize and
InstallFinalize to have MSI execute it in install and uninstall
sessions.

Reported-by: Dmitry Smirnov <dmitry.smirnov@netprotect.com>
Tested-by: Simon Rozman <simon@rozman.si>
Signed-off-by: Simon Rozman <simon@rozman.si>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-02-29 19:39:11 +08:00
Jason A. Donenfeld
27e4d334fc Version bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-10 14:54:10 +01:00
Jason A. Donenfeld
5f681022c9 Invert skipPacket condition so code matches
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-10 14:39:06 +01:00
Jason A. Donenfeld
96553f4217 Increment discarded packets properly
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-10 14:38:59 +01:00
Simon Rozman
6cc9786b47 Process send NBLs in batches
When using packet forwarding on Windows computer, adjacent NBLs may
represent packet fragments. Those NBLs must not be completed separately,
but in a single NdisMSendNetBufferListsComplete() call.

This fixes a bugcheck on Windows Server with RRAS role and IP forwarding
packets to Wintun adapter.

Signed-off-by: Simon Rozman <simon@rozman.si>
2019-12-10 14:22:50 +01:00
Simon Rozman
c4becc5b90 Remove excessive ASSERT
Signed-off-by: Simon Rozman <simon@rozman.si>
2019-12-10 14:22:50 +01:00
Jason A. Donenfeld
a5cc2b2ed4 Version bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-10-06 13:28:31 +00:00
Jason A. Donenfeld
fd52a3a429 Ensure that buffers are unmapped on process exit and adapter deletion
Before duplicating a handle elsewhere and closing the original process
would result in disaster. Also, it turns out that TunHaltEx can be
called before the handles are all closed, so we need to unregister prior
to freeing the ctx, lest disaster occurs. Finally, now that we have a
few different things happening with registration and deregistration, we
serialize all accesses with an eresource, a bit heavy-weight but
sufficient.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-10-06 12:37:51 +00:00
Jason A. Donenfeld
53332cd078 installer: improve resource freeing flow
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-10-04 08:52:58 +00:00
Jason A. Donenfeld
736131960f msi-example: add instructions and sample code 2019-09-18 15:19:09 -06:00
Simon Rozman
af580a57af Stop timestamping test-signed binaries
WDK doesn't timestamp test-signed drivers. Neither should we.

Signed-off-by: Simon Rozman <simon@rozman.si>
2019-09-02 10:10:03 +02:00
Jason A. Donenfeld
c072f4f3c4 Explicitly opt-in to READ_ONCE/WRITE_ONCE semantics
We mark all atomic variables as volatile and have our atomic accessors
built around that. We probably, therefore, want Linux-style
READ/WRITE_ONCE semantics of implying memory barriers. /volatile:ms does
this automatically.

This was already the default on amd64 and x86 but not on ARM.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reported-by: Lev Stipakov <lstipakov@gmail.com>
2019-08-24 12:26:00 +00:00
Jason A. Donenfeld
e8e5a42e98 README: clarify spinning
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-08-22 11:27:57 +02:00
Simon Rozman
fa715c4863 Use WiX directly rather than via WiX's MSBuild
Signed-off-by: Simon Rozman <simon@rozman.si>
2019-08-05 17:14:27 +02:00
Jason A. Donenfeld
03f356c492 Dynamically gather signtool full path
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-08-05 14:08:06 +02:00
Simon Rozman
810d2ac73a Unify XML empty-element spacing
Signed-off-by: Simon Rozman <simon@rozman.si>
2019-08-05 09:45:52 +02:00
Jason A. Donenfeld
c9da443273 Version bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-08-04 15:29:48 +00:00
Jason A. Donenfeld
5b872e8cf9 Use performance counter for less spinning
Previously we had to spin for a minimum of 15ms because the tick
interval is 156250 on NT. On linux, usually trips to the high
performance timers are discouraged because if they don't hit the RDTSC
path (due to being unstable or the like), they hit more expensive
hardware. I assume that's probably the same on NT, but all of tcpip.sys
and ndis.sys uses the performance counters too, so what are we going to
do?

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-08-04 11:13:39 +00:00
Jason A. Donenfeld
85a8076d08 Spin less and more efficiently
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-08-04 07:06:50 +00:00
Jason A. Donenfeld
bc22e2dd25 GetCurrentProcessToken() is Win8+, so open our own token
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-08-03 08:46:21 +00:00
Jason A. Donenfeld
0e5c1a7a94 Shorten README
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-08-02 17:21:26 +02:00
Jason A. Donenfeld
fb68232f16 Free interface list when aborting in installer
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-08-02 13:24:21 +02:00
Jason A. Donenfeld
71afd84033 Document how to get file handle
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-08-02 13:22:35 +02:00
Simon Rozman
cd6fe285b4 Cleanup NBL reference counting
The Empty event state is now set according to
Ctx->Device.Receive.ActiveNbls.Head != NULL. But, we still have to clear
the Empty event inside the TransitionLock to prevent race with
TunPause().

Signed-off-by: Simon Rozman <simon@rozman.si>
2019-08-02 12:25:22 +02:00