From 3b9411044fbc86bf9f4a64e22a11d4f4be2a1814 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Tue, 10 Nov 2015 16:00:21 -0800 Subject: [PATCH] Patch tap-mac to latest tuntaposx upstream changes, and add updated build for 10.8 or later (keep old one for 10.7). --- .../com.zerotier.tap.kext/Contents/Info.plist | 36 ++++++ .../com.zerotier.tap.kext/Contents/MacOS/tap | Bin 0 -> 50496 bytes .../Contents/_CodeSignature/CodeResources | 105 ++++++++++++++++++ ext/tap-mac/tuntap/Makefile | 89 ++++++++++++++- ext/tap-mac/tuntap/src/lock.cc | 15 ++- ext/tap-mac/tuntap/src/tap/Makefile | 20 ++-- ext/tap-mac/tuntap/src/tap/tap.cc | 81 ++++++++++++++ ext/tap-mac/tuntap/src/tap/tap.h | 14 ++- ext/tap-mac/tuntap/src/tuntap.cc | 21 ++-- ext/tap-mac/tuntap/src/tuntap.h | 2 +- 10 files changed, 349 insertions(+), 34 deletions(-) create mode 100644 ext/bin/tap-mac/com.zerotier.tap.kext/Contents/Info.plist create mode 100755 ext/bin/tap-mac/com.zerotier.tap.kext/Contents/MacOS/tap create mode 100644 ext/bin/tap-mac/com.zerotier.tap.kext/Contents/_CodeSignature/CodeResources diff --git a/ext/bin/tap-mac/com.zerotier.tap.kext/Contents/Info.plist b/ext/bin/tap-mac/com.zerotier.tap.kext/Contents/Info.plist new file mode 100644 index 000000000..c20eefa58 --- /dev/null +++ b/ext/bin/tap-mac/com.zerotier.tap.kext/Contents/Info.plist @@ -0,0 +1,36 @@ + + + + + CFBundleDevelopmentRegion + English + CFBundleExecutable + tap + CFBundleIdentifier + com.zerotier.tap + CFBundleInfoDictionaryVersion + 6.0 + CFBundleName + tap + CFBundlePackageType + KEXT + CFBundleShortVersionString + 20150118 + CFBundleSignature + ???? + CFBundleVersion + 1.0 + OSBundleLibraries + + com.apple.kpi.mach + 8.0 + com.apple.kpi.bsd + 8.0 + com.apple.kpi.libkern + 8.0 + com.apple.kpi.unsupported + 8.0 + + + + diff --git a/ext/bin/tap-mac/com.zerotier.tap.kext/Contents/MacOS/tap b/ext/bin/tap-mac/com.zerotier.tap.kext/Contents/MacOS/tap new file mode 100755 index 0000000000000000000000000000000000000000..48bf9625551ea8af1d97fe3a0868e499ab55a48c GIT binary patch literal 50496 zcmeIb3tW`N_dmWMAR@Ztz0_RqnwJ(t#XBggtAgSMwJaBeMNn=6t7xIDg1N3FmX>9j zm;7jENok5&3TlF8ispsPip*>&Q#4I1i~sw~%=7H-1Dc=j@ALnD{=fgreZAQ8oS8E- zXU?2CbLPxE%gH}}{kyhG3zM6rYHianz}D z$DganHW<>3>1lRaWqo1ZJa7AG4heU&lM|BZh#Cx0sc9*3iPJ=)vc9UxJmV&H3?B*S zn4K>Pr+zMWp?(GjjSrGi0VBk-kAMoC`bkYlyn?T!#8i7n?^j=#;EU>)9#KuTkHHWf znHFhJR@N65#q;`tclr?i;QFGH5)zUUId%2^=0@`zA5sMIk@`lcXhzC{yr!n6%2@UK z*2VM8W)3ut{3+|BanR$>UKQ?BD-!0FRX{LKVhi@z!O`=?L90+s4C5utrj)#mu4cC4G;^4hW4zuAG?JC}$2 zlse)mr1{`a`n1FY;T3OVjM_`7kKiK-Jd(g82|SX(BMCf`z#|F#-!Fl1z2!&!!mC=n zC8I)bG1>Iyj0)&3l;cl@60Ed3i*^gB%*IfQ?qZSdUPB~Vb@%iO4{M)46r*mHMI}_#__2gj!-6Lr zC>(hzMOG;lQ)iKn2A)bePg@ukZnK=zTTy|;8L`1Qd#Ls;rmK3V<_EJ{?ILk#zKv7! zdBChF{cvr^#Kd%0^gmD@4`RR)N-YT)&_>Bo1|`TUK^kPxk7emfxD4_chH)V-tQn=K zvKW$pkN`pp^p?U9tF9oZs)WX@X2}F%WY|Z^Uzn1=5DS`>c{H%5?Sd*sRx#3KwE_!F zcM2Gxokws~f~vtB@d*%`&-e_@58}F2GoNA4A5yovvxM;~Z4wizgI)KoEU`ru!_Yaa&w+fc|(MbHrA{wY*#9?|p$r-_* z(e$FRB}N{s!y1x+qP_p&e5MJdw>r${nq|&fl;rJ${#8QCl_-lr*0L%xD%o_0?WnL1 zfDg+;3Oa`_EiVJkjm5&lKF=Q#^WP_*%mb^`Vyb|RK$cVgobxT=us)$>paWN=uu6T^ z$n+M|Elg^gCG@hLx;nkReWGX0!$b-BlJZw#Mpf#IhIxWbmA;6!v#O$D)HxN%J(c>% z<%1%&eN|Oeyh6D?*k5}-1$C|uMSAmSX zqCkl)2uG4HRX|oms@L|a%vX)_WAwB>SWOk?c|Ms`zr|Fh&aQ)}Bf2V8IR!R+3oJ)a zD>w5Xg;JBAtJK+z@D1Kj9>Zh_!q~f%(;gdXWqNBm6x}41A|jNu3`L@@%&PY>7gD6a zqW3{NE=zP(?OfEm3LqnNCs*`GBlky^4|uCb4HW5^QkL`ej4xW2P_)5i=6jmf2x7{` zfpfGQ=3_nxnN(TAe2`E2g#pl2@^+Q$m5)BhJu(EXxikHi2Fp@gZ>iL~2M`}@fi1F4 zMic|}ROsFHEValsTuzxJQhLiNKIl27iS6URpfzl017ks?Iue+SznLx=<8;D{GBXL_ zqj%4uZveBwy;Ec_h_dQ~x-Z zq)bJ&)x>Fzdlm_U^vhgCy{du`bKH~ciPU+X_^dsV6YYGQwkO*85ay(sJ(1@t4Qo~7StEFFnanx+iuEYQLQ}0G z#-h7MVo~olU9*nHEXXLc+_9XnWuxc5M}zY7Ap4MEgh4ISLz}I7 zsSKO0ZlF-ir$8~E!Ymp0ET&4U>0aTLW_3-KU|pEBKxcbTCeS>ewM(5-XR!%KYHCeS z=d$2B%SrgKR`(}@CI(Fi3J)4TPH(8FmiU zrL%M;M_Epx^#B2s6O+b+qo zBkLutKB9}dTe2jP>OP58Mk~jdNw6?gW3eviY)kYhnKxX1FLY67yMv&d0?CxFptp|I z=*@))Zi6$7@rkO_<@?#dRimVuo3R=shS~B{6vX;v(FwoB*}f$E{=PSeRW8I}9Tp1_ zK*{(zpwFSD8@P3TtVOqzN!vjV*_S1*X`e?1!yJGV2QGoul|o-nvI@W# z(&ivdw~i(3rNsftoYR<&WYFFgkgN-`6bL!8e0>h~9<;z)2SOrzIXPj`y~S!!?+QO< z{==23(XCQvF^P5smj8I1Cew0IltrrpsVBipbf>^juHJGdNWH59wlEjl1jfI+CozuR zly_rdmVAj4K_EVMQF%dmwC z|8OD3;{No3fr~3hIE!_6$h&6FxHYu$cQZK?Epf(DyX_ z$HI`D&{FlT4Ac`^KpRx17Z%+abH*9aKs0oOBh_;p^;pBtNL4+HEJ&!BJ2B+Ym7=rI z{P41B)jZ))%~n(cBAYc-s>)sqGBQe8X>^}NTa$krsLw&@0W!m$)82oGk57kOoo2YW(Oe&nhZs{Go%6Klc*4Ff%!gZOdvMc@Nf8#9ttckWg-ie<6Ej6%2H};01kNkr3QWZxBIh#JE)>R)RmmdJl1MBNgG_UgN-%b2Vto-+w?(2-L; z`V~sJ7fDgA!a|qEg3dTC|@Hih1QI>U|xMu&Z7H7rm~vwOtyzF zd5-giOop9KOdQ_JCCIYsKB=WU0~;gLuwg)(Y~K4GU3^SG0CcLw;j7gzlOoDPw6b8a zZuJt~>Ma`W18BcKSEXVXNC3>q!J|ZR8qCE@apQT7$BWYT7JNxPK)C-u~ zwi*fMj8E_l*TsTw`!ESJWX@Pext8oSG_1~k8qZQsf?=kW-B1kKM97jeZ{qd&9;HAB znLFwcR=#Z7h;b$*L9)>-=Zh~EWHz43u@X%&?Z-}7vf~}ffrtk4Q@+K!BS;0xg+kLk zqnP&RELS!Ga7^K(TEll*vY(S`^gRvQ+z@N+P-|cWRc*U$}P0Y0y79x4)E1*|DHLO}~{t`^^(elTYvYbNF4&!Onohj1MiVw4x zZ)?nYm=F6NR^7g{&Y|W?^L+A1Rq7Q54x6GH{a-3l!SsO~EphBeCQxFTiM{+S>JA(| zrzHUXj>5evkd16L_o^BA0c$p<^U#4n;1FE-U{DoJqY>~le` zqY0}czx;1NHXc$3)LEO61co71+84|I0BJH3Wj~vSocXWZyF6mczRA`)c(iN;Sv)oORrWlrb_N{ktH>CzA)kvn+?)QWLrx{{~P8ijPmZ}~`=1~%uMm{3Vf z2s6T2WQroCkha$WnV3!7ktUUJI*&A8Eh85A_J(FW=4l1aq%0NP`p5YmLdc4&qvd0= za@?M&mo1l=vohn?tr>0Lv&Vx%y^My2D?ZQjW_e`a)LAA)o)60-*9zwy7}xSqSgJ*x zEGUpo5jk~M7bH8@>Cegqv%Gy&u8FM0+joJIqz zI!!w#8f{H9>@@y>8zbzwAMSwAa51FiG#S*pbnA)ZKE>*64Jd(sDB;8=@IrxStp$F7 zygbCrU}ms|A~(6g zOG3{FFAiNV;D-Xj>hl1q6x0blkM%DAqr>AmH$to{3A1GT<2$J8wA8ba7&_^B5VtHe zf|;1UnP5*P+a8+W)tfZMEos0zK_ zilNBYK%?~5Psz*ZlFiCQVV%w)X<03qAQU5E$<`vNyfZI4|9(Yf>aL)c`ZbLTG0n`T z=(67YDFGxZdWQgpeWcRi7UU3}b*7JGD5;2r#lOqN+DIwF#N3O)Ghgh>@T8po3$F%3 zQ6XFVnr97%c+T5nUnR`hr??lK@RxpN=BNye!$^k16<9z4D{JU2%Mv#>XczIVvMmFh zFP-Ee0^uCb^vNfVs6i|uHJ$&mEZYCj`Pw9+wT_-d77Bb+jqyRt6$tveNO_?cm^qW+ zFlpr|EY5^jB$k*Y?~9J)ctu1!6O|QJO`vU+2I6qu|48SxES`oSAUj7L2yL}xkjZ7| z9J&1CaNb&3q`L)1;S}GZtIz73w#0Uh`yQ-H`l!%b`XaYt%7>>wu>mY=x5`T}h)3LC z>rX*6R;{QnjJhh_PZ7pAr4ubkddu8Eg#4jo2tK+$$4X*M_(3fQifwVEM|{PC-{1*4 zGE75YCJrD6Sv`M3Y?A2>b5Mr{nCH>_gNxn~#L{9~zz!+H%Y@p}p^{j-%1?uRtL`fN zxx(*jS&FgP+-^!E6belU!U)V^+&Ndb;r`VvM0FUSV#J@d*6^$FtqQNyl7i51YN)G- zhV|23Rp(HAfzx^lO^6D`;F4=SQLDGO9n(iq0ChCD=wC<$)mc;V%~Qdjb&OVTbvvlH z`snHGZDv4><&M=<5))*>*q-tETLNIYy{KZjQo)lj5EPopnJB~t#f`PBF zsgw+Ra98v>r`{|E+Yy(ut12JMm8JxaDA&xaen=_OT?PR(3(>>Sl72y*)C*^DoNZJ}aAZhYbb^TZ z-7AnfWLdqj9rcBtR!s z1iNMBQ^77vw108#KLal`2Ih2bL$VN~fa>*J*qx_a)A>D&0jK~Lh9Y&6GxL3CPJ#ou zKw)KIE|-wQ0U_w4#st7*ve{o0#42|l>qsBme+V3`R#}eW#vzmo<6Fcu1QQy&Y)@># zJK+?VlGy&+QBm5Va6jEeb@mqOm?Kv&)WlVW4P#rRD}~yq7VC;^?Gcq;qAQZNP1V;o zbi@~16UiCjicI$y%;X;+1NL2=)smjrc{(g#SSN1zEH|N3mUFg3=rXFAPSsekW=ZOQ zQocf=ZYAy4H6Sd+(WKm-(`0jQ7w4v;T^qBw%65nIc5hO3bTLNJE-jb$SufdoP4^{+ zva-@GJZ2S~*MALw5CL1qV_+9%M5T?;DI0tZe#hNr>R}@`tFAIQBmRbX6B#B+k%&|@UWZxzEL3A z9_;@u;T4w9tB8J-LBFVaq?cGu+DzDevum!U#2Vdd9BwWkMWc{TI!qgGagav#8`epk zLko~O<08IQ>ZSC46zo27Y2CtVWbS{En z?jkjW9GJ<2%uFH_`~}k3q7z=yZ?LSYWgxVxDpdbIs%p=XRP~iil!RA_DSi3AstVnA zRMk3Od^nk^ivEy(I>>M6Jtn`T&JQEM#~E?G!HoF-Tz*Ti3%sxVav;e6sQecH`|>-= zc(}-?x{#k%$WQ143|J|t*55dJ!tSRr-9Cn)IZ03`C;Eb#sF#)EBrxpVPjb>jS`~s}TX7$w)J97uN+E0o2DD^rYC6vf6ZVw&fyFNi#^lDODU41iS5zFC zw}vUjO@|^~F>!(%1P+DAchc4l2A6JUBb7Y0oOqC!GmhgMifSPGD4y$VQ+3K5Sy6K- zhus~>D6=BKO)AMR)IdA)!DpV{au7YtV;9rmF46HdB#o83$Top-Q;Z%92U+Rw3j2y` zDx?K&0UeL!)O)W3@rpUv{}d{7mi^^&SYIala85i=5X%c3`d`6TxJDp!T;ZJJd95Fh^gs8!fEb2Yj-mvA1JHiDYCQ?^BEQ8;duBCDP)pZl$=tSbhJ_c2za_ zBR(WATH>YiR>gU0wftrndmp>M;G;JWI7@?vk2-rezV$f+qFeDpM;oQ;E$;as0NwjC zT??d3+wEWwJ8ZSfX<*8!pyCoI8pQ;2);IHjXQVo_un~t|4+ud5Z@0+3zsN*M>3rDU z9|(^}Rcte7oVS|4!DdQ-VTj0-RU;Z^W>xy zhLU=h`=s1EE;vVh4MVGEG;*ubNT6kQEwv_lBJ*$S0u7L=43^KY$RGY55>@)chh zv0bP>Yxh+w`%Iwrc1sZvs6-!OU27OW^0z&xX*9$~;(_{Y@4xeXUQdUzO8t`JVKhJf zXXP~z1r&{p0ODyvMSx>3LJNrR?|WzrAY)hv5<@ue3M?G@O*;-peG%`o@%m^%pynxdA%Jna>)4(J5nnrh6ewxc9Xml1fWAI~?WAmOI6Kbd;BU zem%zgI`=oR`BKcUB4XXvn)0z3EDCG}R8Lf9w79AMs9kCOO1Tu>7*v zNe`+!hxAitvxYS@AEW`Wgf+87SNWpTZdH0*IVk&SuYwPhq zdd%N{;6Ii6?Z`iHyvxD)=g%!{^N5HkkR$(Ll3>j9nTXXCqv5Zd;8G|XP$&B;(_4p; z*(VyOd^sM*_P>Z%({M61*@i$c zjW@#KLMT%FKr7ErX+9wq!9ypAlcJ8XotPn`2@1=}Z=3;y!#2?tw3Jl|110(Ia((h8 zS_gi#|Hu#7@0mCNm+iNWrZOrON>rPj3$Q8~J4IEEU5T9Rw``=V&1W_~WG_1~+JCT@ zc75e)?dX5_u>Spf_1W#8{XF6SJ%0pq-#lPMJ7^+4>TFVU-`^p`N*g8UE$)4hSLEIa z-^}##KC<=2JfMM8E{k^Zdh39CNMHqv+<$LN70@A)qkMTh1?%Py$mUJ38ihVEdC`3e zFkmInc%L(!I8Kq)H(F2Up=~zeOmT~BtudKxOYs7T{i4J@IEbq9kMWhS#}_sA;QvE22TA)2{GFS!>=P zkxuXW5xLd@vbr*S9$7-+)sjrKDH6)0m@Td{5T%7rkXv`$Q?Hi zSSd=Xv&Nzfnp;fGfvpl-by);*5~CwWWim%)a?}?b4Ujm>$0Z(HErfJLw>VqO=u7rN z)^}T7YJd&xedYtyoZLo?7g6T8kHBi?yxxh@naH=-kN3Yw=-ly?7cTf~d~tN64G}9S zX-f6;H&QOL3!?p?;;O1WfoOxyvE2{ZYnME-qOMQ}rZLPO6=l+mSo%Dmf3}*}TWyS` zB*t=MFWZ)#!<$Wo@P3Jr7)$6iycCAm9laEW!>x&)A(ml2MZ=o8qM@Q;EfDBZ4YyPx ze5j$8Va=plVWKjq;}yIJO8N_75D|GUbPgY^-mSw;P2Pi?daOyD?BI@VC!F2VD`?nd zSDm8iLc0k%J1TeM500-{)}(*(c#}MF1(l1G#8efg;o^Zy7A(fke3f?7`>88fw@Vo{ z`g=rI+USVxs|H7O-+CO;eFp}`UqO7SDz0JTDW)H8+ z{a3`Iak8TOW_VO(uzG*+fU+QS+25emEiMdR95SFxnORI?l`75ntW=& zLf01H5SsGnqNmsbQ)`Gohqx5d5fi8=ydl4wz)S!o?yo@D3IajV^jJo=zdn+wNxHX( z>v}wq_>mJ$Tdd(*EV_4icLgc-#Cajspje1v6~-P{hEN0XY~O!D2q8q;>x4AFRerjTs)(XU_X*YRTd=qgmqerSxH#tp7;tqCIk$}7oG;Bc^@>8C zyCj=vI+PfA|m#rI;vi*=q6^E5HN{ zrSOM;cp$x2q7!!vfR^H(fhRapFSOtrmkQW%VCnB!$H=VVT=97%qi4|X^jNx@am>22 zM2jreZ@jZF|5O3Hm`jEMA!=_jH97TM0jNp}&6EaNSFnN(_kNhz*q7sNhUp|{)*{WS z$1ty}#s(-8v@F44@Uu>$X|dZa(lPFE!H`r&owFU^`)NE8ZaB!)6BQqzAs4;4YRxF!N)WSuw3Nz3@jGeU)M zcj<+!?kEYDSSXsUoUWsBjS?G5X?=^pfGO{DRCEi7>skOGI^Sa2$D%}2;?2^rh1A1(ff^wJNC+{WX6?&xIX+X$1KqOb9sPhDdQS%wZ4 z%WucfOS*%7G@!ty9gnnLipOTPBZpWevg-cba(zrnKq5|OW^h6?eH0!EZyqvE@Re7Z&@780yB1$a-0NX4aP1iPt& zc-@EOO*4*OQVGwu4sJ#v`@x=A!NIr&nR>i^i&$cOb5%W&=;I2ln9-{*1Q4K26|r|T;9rZFZs`7)+bg}B8aFek=*L=baD zM{OmzyHy9UI40OK+*=3%?v^}d<@k4?gFU9-4?@5Zx1i8A8V@gqiKDwA3uA#}_LIdc z)W;oVo=Yuy8GsHjj@crRjae%HM3q>9z_+L3cYV+iiwUn^9d;a%Gh*2|Q@)gs2&#h~ z&@W~MD(_1=^2?dMh%z)^%FKhv#u3}Hc`P%h`_Po(zvLxdx0!-NE3sREXqfruuNhO! zJJ2)6>WR(D1tA7Fyj(e7XH1a*V6g4VIgYB|t-F9XYBAt&4%NGto+AaNE6Bc%WrSkV z?LDU(*GoYJKFFe%XVMpm7w1gWFLgEzEn8_WGW``wY!}&cppuD&mFP{i^u(7qpejC+ zRmgmy7;E?iN{g|qC?p=qq64+;ETkzT^hB0CMc9=7S~CZuUZkr)8<2R04K5Uy(jX*Y zbHt=%lY4xNkBFRcg!^XFl&la6P*J`UyN0#bcLtO^&<$WkI!h&)% zi1Zg)rrtHiT_1H!y??x?r}+{(s51Y7FZ;?*h;&JqhDv!!Si}Z1iB5{&6t8On)dl7lcXz%| zRK5Px3;#y_yB?-~@FLDHSU=c(VCH_*7|)RS7w>OAcqyB6jTyzBtrbQ_XBC;lA_Y$H7Uj@Q%Y)FQX-WyMx_~}yJ{k*CZ(jIcy~MF zF_Cfc#%N7ik|rv}NNlGjMa?j#IkU>sG`!;W(HdUJk){SgOfy1UQ%x}rjoIZGm6SY3 zLqFiHiAhOH(3nzLeu_6E&TZD_^F!Ukl`VQVBNSO2Hp5) z!gPLeaT?=)_*AeRl1i0HE~UdKPvDufj^k4zpbx$4h>s7syfu8n=(yG4lPvIDauxB( zZOLH-4(#cp!O1dxGRfH_*g?RK9Oic7Fd4_z^hw6G--r2>Npw#?m|EM5=jRFdU}`ux zL7YM}n8Ppua|J9BP($7|KA8e?tcLGlJS|MXJRQd?1k}ff27o^=9N zr}+0$N}d(;lR3;ADd0ouM_vf0_X*=r(vM7${-4s1k}?w3@JP;|kATSn#tIlA;3NUV1k?){C}4qr`2yw%xJAHq06en9La49}^P~cMB>=y~w^7?#g^Y)~8*#LoOiupQS;M%^N zex<<6L|pEWz)M6t?l*xa_v7@fJbC?rWO(oyE$}>HKj`frHDr)0#($H9M|1i^f?m~w z<39*oiVu3%5&VnzU=M*yapw?$OYvxj~BQ~;IRUi&I?`?cwjIuzg*zb`N3v^OXmo5nV9uo)OSYU()q$K0@sN8 z?n(JWc>VR%ynLQm?>Z6gu2QXv=lS^A6jr}BkmJt^TskjF61a3;vPj_4xyf3AOXn&d z3tT!+`9h)(;`M(g@Ceb~4Jm&x&#wiCgZe9--!v9@peWywaM)-~6sPYi;Zr$2THvZk zjvFOBg5wzi&lLGqfolc+CgHHr1)}~6*&Dv4afGDEATA}e3t_MLV;gV z;J+yF+X`HTb<44RZw1~|fwxuQ{tA4c0w1Zs!xi{c1)i+HUsB+!75Ik={D1;4Rp3_@ z_+15FyNR< zR^UG>@Ja>l)zn#jjTQKl3S1MRQoVyMQkZ~~1dJ81SilkiO9dUIS1ZNMnNb%1XHt_OS@`m+J> zWG@Z}4dyUu7>5T0Y=!+J(ajeyaJWjf5%^~8s|Yq71z!*F8O+ar0oL>7Fl8i%wL>`k zY8;2twJOzS(4FQhfrr5jepO;VRXqfW0PixCrI;17D1K z4gj`A`vlj6zXHGt@JH|~;DvxaKu7SWP!5j+9t55XcnI+2u^jq!SE&vI-;H#Fsqkk$ z1FT(-!$ktttgEBxIS%{`ye41(7>o8U0WJ`*RKRGo{{zxr0AB?CP>x_zz{`M}(cd2dzY#DJ z{1Lt!{1F_9daeNO6Yw$2x1WHA4`;7Wbqhql%Yly@!eW-)IzOpW{Q|r)M5Ve4*dFuz zSHLcfRH|!$KOz4*;E1O<+ylL@0RA5Ih+tkf4!;%9AN5drI`s1fU|+zSfWJY1e*+8w z-7Ua?@hnE#ZNwP-Y%uVr0Pg@6A-xi?3VhxLOom<%{HQI5B?9I^K9t@8`F{Yq04I1B z{Qe0T0DcK>Mn4H^R0hMdz3JXEu9!}rPS~hEk*2gH1Kq+L;;RemotDO)6<^( zUUU;QYDTqme|u_=gt$b}if?azf7(E|fDJQEMw79pF(El^PPOtw{O-%eLonDgA#!?B z3hP-71rH9Z#-yYPYe5GENlrmism=iO0YDdQZ;D9pOl*(||Ns~fM^jWrA&J31(MNYJ?PhM?f!u`H`sTw)w<=(A_^bQ(SMKyiY; zez*i~NR2h6MJLTpGWMQ3gDwzV1{d@V(Z&Q*I=)k* z1P6+`sbI7*UMg5)xh=bNpibj@8)}k~eX={ZC!0p)bobTL1Te7I zAarqYabf<@5vHu8?nBD^6_*ee^$^6fQ!s6GabZ17aY=EUVTHYMQs3z~bY=RhB=Tik zrW)h%q72v!oAn?*{i2iDv^LPo9{bio4Ff5_8@nI5e_V9D@xFZ5u-;T_&}qUwP@^4Y z+yga~Rw@1hpRAwvQBV8wQ;jYAyse%kd#=^9{e z=MLJFoqH&!%U!gmNID^>$m(xTk+j~PB1(;);Iu&?o{{A2=!rzdQYTWYO(UKzjR42w zW>p4x=czJCE2P6d!ZFdojdx6zw+_yUaG{+O_)6rM#=T$16t=)RCL|^$CEIs3)pBZV zo0Vako@(^mk~t<`#XAk<)5OqMaYfnAQ-2iL(;`3{mNk zhGbKU(J(76CCwBWuc9RpZwq5}#^YRLN|H+KQmMD{a|+%(o`w48O>JcIU3HQ zf)cyRgvitxL_!-(=|y1~7yXj9pS+ij7~e+Xm0_s}+r3FhOnl@t#uimh0+m?BPA`@5 zPZ?wr1!GR>vC%2<#zd(u_RhM5#K*IalQa!e=cF0sMiSCY5=|m@WYTjA_9Bs~GD@1^ z#2Y0zH%BSF6{!wNai~5uDJBj3A1(}X!(r|b14y7jjgz@nWU!&i;w znb{NlzJPcXvSZ1d3;7X~#QrRXlO2@R$@8u`YkV@bQB@7q= z{(A$WtUcLY(4LkOH7hPgqD(PjcZq4nTB4DRN;M@IlJS!gNht{wDv~l-*Dw!hQb=j` z+EJ1?vuD})G$uqPBqIYb87mPWhyle2Bt|CUw+o_@5~EWMh!#gqO-+i&+xTg5q@=Wq zH{fRuR0c8z2K;6~bP@!K{UUyMA}Iywc;uFXxl0V^>lhvrlT+Z5qN~jPXWL!zEUYj~ zr!Qg%ri1kdFp+V}>m{uazqJ9Y%8ZgBIVnCaY7U8APD(Mx7-6@fz%+scU^kVx#v?ax zf+xh#zx6IqsoLVGMO6!b^g(1@<%-kabh=Q0$4;Oje7wpPfPa<(_~Vbtc;Q5~qLGWr zn`g0aT~ty+cQUeRaro5zzRbQ~WzF*M+Q^Zm4f3%YxvUQUyf zgQp(eqx!j9<{aHO>w}G1>)Zd_X;b*^zRSLzH21B-X|vxl7rv2Hx5=sQyWhO7>HF6? z&3V_+Hz8A!ZXW&!k{lZ$4M6o4{wU1@e^cYC%&Ukm$XhTBKieCo0;*l}hpt zJyAY=kqV<9(7nd^;~MZuFKSB zy1KadsO?HkyBKS^xw^Qk9EnhB-GcgQ+68WI+6Asx*VS@$adq`;wZKKKLb{jh0v8vRW!7kq$!`W-+tjv;>qf)*)IkM3^Q>83gFM>J-@J0rFQe}~tm+l~9oJNEn`KZCk# z?EJu=_iyuzUOD;b6L0;Pd92m+;1=-%59f7g)$-~K+o!CXK493plN$IA(#-0V(6U9| z!BLOJb+CSZuH>-=M@Ok|Oh_yF%5!8)`iA$mZN79mLURTce3hf8B8M;)|=+`;^_=|5CTEH-Bh4UaO|;hAu8uZtmJz0NPfR(AKS)wn=8A zE+uipR?MpN_pKQ@-2?x1XISWb&nepOM9|8uqqe=a?Yh?MS}kfBo0gW`_vxpjQsTQu zlKyqaOnf>8YSbM`+WJJVrWV|w)Qhw}9`X!x^>A~AHajafhSEhfxKG-Q^%sx4v#j@1 zOLw&N3jSne*ZH43lfNzU&)T`K`0Y7!pkHBFpXtGA8?H`nmHgw@Z$`$qXgjl;;nZiZ z?!UHrNwRUlnkGLy;nUR8ZOa#bd8bbr?%ipAk87&A&3De)w(H}4qrcnId`Q7#vi|Lil z`lp$GdHK6_S}p(j$zfr?xc@q3PFA;HdTp2(g8%0BxaHfsBjaz^ey@$z)z)laWmugr z=Lc_q`GvK!_!#h1u{P&5E_tgJtN{e%!5BRw6`?u8fRj<_juyvE}X=nS_`+91V z_cqRaW!Sjz!tGB7?Wp|ohvYA=Yz)!OYZWph?6n}v;k2oBeHI42)MJVHL+zxi&${_7 zjoq=V<+sMvs%cY&X&#`UvT9PP$u`U01^uzj->Q_Z9L zn#iaqV{#fV6N55F`b*SM8(8b6Vl~8`B{3RdS`8vh2`G>ljh}2wjK=Y3QevtmDTaPu ztgBN)+)?C|a{IJuCe!b6v0viC28r#BQoAdrCNp2p^?DPbfiHJG^I>j-(*3tmS6@3Ft^Rz@X#dg;1Mj9+%_y#YHKWf$ z>p0Dq0f#?4@aAZ*8C6~GJ+s-p&WlY0Cp`9K+LybnZTk(|cs8lsrC(0%PX11<`@Z9` z8wu&Z{`7Ivrduw~Yt!>s`?FuE&&@cqp?B4BOf z+XFgG(=6#R{Z73FC%^q=+npU7% z^CsUXw9P!c>b%my^6Jg5(Jn6DUUo;%SEn6QOs{)s=HId|dEuR~snzIJHp(8r!wa^5W=cKfo#-G^OAcwO$; z=t_%;XTJBSeMlHcR}XmAuG&D!-nh89`C~29O1Rc#Q9I$rBt@krI~XfMwf@}@t%{3= zzSu43h>zB|H(YdmN~6KgCO>w<7}Wm5F4MK%WFDD2<*HRV`BF7{UkhAlsF^)&h@n*D zudb6l{Y%?ZViESVvtZHLoI03D+}z?`z0$OL|KDj^oqWgInc5~Kt@h+gdTYHT!PKgy zZD{u?UFuObxs{HI4Wz^xe9e(@zeGI$`lnr0&6c>;Sw6LO_?1}WPaP(wt(cx{I-OY3 z{QD6f*1whZ;)k<6e_xh5eQbxoCHDfqu6t%_^S3q}kJQYWIJ)upFFoDPjk)y7@DHYJ z{P@`9v96~|%U#Z{sY)!FooyL+@3($EA4^TO-QKxx&-9kf_cthe{fXs=Zm#b-aJF$l z*L@z=FAADIx2fA8kNAwUkN23b-Y{gX_kg#T4F6_(-@LG2+HE~B;_L0RCibhmoBBo* zxACv6s`?!n{8QteR=A~XTC^qU7p_i)Ji`?Xe?Dzpn4T*Veu zYtH^J8f8~c$A!XSqr5H-rdZkl*QwgiSq`iIi_0k4|{_Z&Z@n;gAiT?27Ya55( z?eE$Cm&7i|JO=dldoy)+=S5!)>~(9R_pv?CdoG)B@y9OtKSuQSDxPw^s?KlM%ZKIf zxTJdSZnqm}=Iz~gFSyRvD0U$I&Z!0y}~1^vaRW8z2~Mh{B(BJlxw5^ zSbAXJk%?0cRagGH?h-X*+W2pp`+JrDlDB`}u{ZbJ`6gj(qAIxI`7viRkGmEai=G&~ zyM6=xxu*&;LORSp;vU%)tS--%iM7zM}xJO+Pf~e!;THkkp4>l-1yJhhr%(1{{ z3zFV(b-@TBJmKD@el6E0FcDvHDCy$1F5YdrHWtd};r>)DH+K&hRp+pXo2I>&+m*A^ zJCB|-cy;%(vo5^V?6o^Rcdp7>iNHu?{z=0YpP9wY)bz`H@__q2tHmDE z#kG!Vuh#}$(v6SSu3JzK%)7f{Gxf9ZMqY^i`|2AzU5gxtn!J%0eYI?Ji&ecNE#yYc zctkVdJtidoFT^y+Awfs5-}3Vd@T1)pP(R;Z0@Vijw$wH!zo3?PBRgN?;-=xQnI>fP zD9M-b`k#kQY^~gmUkleX-{Cb&-BaCfO4Yi% zIR2Aq%a)X^hGCixm8Ukn@vV00qQ!kT=V`~fy!Ti370)^wmY($T_I@Gb^5%ULi>j6u zW<0&bbfI?i(22pnes`+NYTpxi4S!o(`Q(M)QafkvJvU%O=dG5L-_}~u?(y>Ng~m$5 zzpnX@b9rUpcRjvnpfkU-HtdJhYkkZqtyVnex_#BmhO6uR+FDBTcd5zbt6nif za?fP-TzOCJ6<_u8fx}OooblPz`3b*y?>qeGxW_!^1st2!d(E(x$NxHfZH#-~jpFV} zack-~bo=0|%(1%NQ-9bPr}N+cV_|m38)vF!OPi@eEW@8Vtn}kM`AI*+LNE4B|36vVd(c|m%B`#RDQ%~99oDs5)JAmLIgUgp3TzHm4<_B$A@Ed8 zZMG*{^V*p!hZ>)$XuQ35*FU~}X49O&xy{?=Ja6?Z)%u+;XzcyL;a~Gh#=WBHRP@p= z@9wVe8<*AHI=b71*R8iM{#|dbr~1muFNc=>)h1!os5d{@yzBG6@4er@%k-Y}drWTe z)mz!eH+6jP@(Z~OwT;#;oL{gYvB8+VbtY`NqJ49G>gBJy{q>Eu=d!IE@3eWpxcdssdwQQq%+m;EV4?S1%W6Gb`FV6b= z`m0N_4u9YKg>JM_qP)x z;-cN(7+Q9r=V4>BCyzAQ*dTIe_uCbgdP^@3_}$}V(xUbubq+Q!uAja*r?5@_-qsCQ zAG@|>?Kdw>uG(0BYNL7H-&I$Z4!_*b>#ongQhMy`dU(XMDPDcT(!S}GIL9z=^Oi;@ zC+wIIzp1?9@CSE)*1X)Ts8iY{&rnN;!E>hk9`S>2()vHg44?AKh|oRP&!m2Q!R>_~ z#=iae#>b!EHe*%%+Dli{x&;p`iyT;6H_zYHVO8L2)7oO~uOko4UdGL&GP+!&)%)*8 zm+Rawy4>sZ?Qds}t9`U>Y5Hp8C%>JYT%JF_dE255CwIQvsl4)=GPMfTUo`381=Swe6pWgSIU&d$r+Gxga=LWu7oG^F1;pUK+eM)9M zw_4@ha@4W@U;J_9&cT5xyYs)b`EPB!?t|y1ZSmf=`bp!CAJp2x{^cKh>GI{~Zw9BD zUK}$d`^^ZSiyw46J!9I@9=fEXtDao<=KRpdUj06<>gq_{Z=;U2sXy_2o7z9N+4)lW zTVLuvPaO2)%lY?)o_+3U-h1wS6MA>rxMip@DSUnG;-AM3JbLTQl|Kf(bGbw2$9-p< zJM`mSKXb9)2L1Ohdu)9C@{Z5@jr^|cc>RyIuR68xQFNIfasAUwe-vG&bEHSnQofph! z7Y2GPw?;SIocZ3UR%rnKzJatsv+t%n`y>GZo`+Q2B xR#X1C^mY5rb>7`I(W?JxiRQzm^S57}{nF^pUyM(kdHKU7;y%YC@L!U^{{v?2psfG^ literal 0 HcmV?d00001 diff --git a/ext/bin/tap-mac/com.zerotier.tap.kext/Contents/_CodeSignature/CodeResources b/ext/bin/tap-mac/com.zerotier.tap.kext/Contents/_CodeSignature/CodeResources new file mode 100644 index 000000000..0710b4008 --- /dev/null +++ b/ext/bin/tap-mac/com.zerotier.tap.kext/Contents/_CodeSignature/CodeResources @@ -0,0 +1,105 @@ + + + + + files + + files2 + + rules + + ^Resources/ + + ^Resources/.*\.lproj/ + + optional + + weight + 1000 + + ^Resources/.*\.lproj/locversion.plist$ + + omit + + weight + 1100 + + ^version.plist$ + + + rules2 + + .*\.dSYM($|/) + + weight + 11 + + ^(.*/)?\.DS_Store$ + + omit + + weight + 2000 + + ^(Frameworks|SharedFrameworks|PlugIns|Plug-ins|XPCServices|Helpers|MacOS|Library/(Automator|Spotlight|LoginItems))/ + + nested + + weight + 10 + + ^.* + + ^Info\.plist$ + + omit + + weight + 20 + + ^PkgInfo$ + + omit + + weight + 20 + + ^Resources/ + + weight + 20 + + ^Resources/.*\.lproj/ + + optional + + weight + 1000 + + ^Resources/.*\.lproj/locversion.plist$ + + omit + + weight + 1100 + + ^[^/]+$ + + nested + + weight + 10 + + ^embedded\.provisionprofile$ + + weight + 20 + + ^version\.plist$ + + weight + 20 + + + + diff --git a/ext/tap-mac/tuntap/Makefile b/ext/tap-mac/tuntap/Makefile index 8d79577ee..53ab1a9d7 100644 --- a/ext/tap-mac/tuntap/Makefile +++ b/ext/tap-mac/tuntap/Makefile @@ -1,12 +1,95 @@ -TUNTAP_VERSION = 20131028 +# Lets have a version, at last! +TUNTAP_VERSION = 20150118 + +# BASE install directory BASE= all: tap.kext +keysetup: + -security delete-keychain net.sf.tuntaposx.tmp + security create-keychain -p $$(head -c 32 /dev/urandom | hexdump -e '"%02x"') \ + net.sf.tuntaposx.tmp + security set-keychain-settings -lut 60 net.sf.tuntaposx.tmp + security import identity.p12 -k net.sf.tuntaposx.tmp -f pkcs12 \ + -P $$(read -sp 'identity passphrase: ' pw && echo "$$pw") -A + security find-identity -v net.sf.tuntaposx.tmp | \ + awk -F \" '$$2 ~ /^Developer ID Application:/ { print $$2 }' > .signing_identity + security find-identity -v net.sf.tuntaposx.tmp | \ + awk -F \" '$$2 ~ /^Developer ID Installer:/ { print $$2 }' > .installer_identity + +pkgbuild/%.pkg: %.kext + mkdir -p pkgbuild/$*_root/Library/Extensions + cp -pR $*.kext pkgbuild/$*_root/Library/Extensions + mkdir -p pkgbuild/$*_root/Library/LaunchDaemons + cp pkg/launchd/net.sf.tuntaposx.$*.plist pkgbuild/$*_root/Library/LaunchDaemons + pkgbuild --root pkgbuild/$*_root \ + --component-plist pkg/components/$*.plist \ + --scripts pkg/scripts/$* pkgbuild/$*.pkg + +tuntap_$(TUNTAP_VERSION).pkg: pkgbuild/tap.pkg pkgbuild/tun.pkg + productbuild --distribution pkg/distribution.xml --package-path pkgbuild \ + --resources pkg/res.dummy \ + tuntap_$(TUNTAP_VERSION).pkg ; \ + pkgutil --expand tuntap_$(TUNTAP_VERSION).pkg pkgbuild/tuntap_pkg.d + cp -pR pkg/res/ pkgbuild/tuntap_pkg.d/Resources + pkgutil --flatten pkgbuild/tuntap_pkg.d tuntap_$(TUNTAP_VERSION).pkg + if test -s ".installer_identity"; then \ + productsign --sign "$$(cat .installer_identity)" --keychain net.sf.tuntaposx.tmp \ + tuntap_$(TUNTAP_VERSION).pkg tuntap_$(TUNTAP_VERSION).pkg.signed ; \ + mv tuntap_$(TUNTAP_VERSION).pkg.signed tuntap_$(TUNTAP_VERSION).pkg ; \ + fi + +pkg: tuntap_$(TUNTAP_VERSION).pkg + tar czf tuntap_$(TUNTAP_VERSION).tar.gz \ + README.installer README tuntap_$(TUNTAP_VERSION).pkg + +# Install targets +# They are provided for the gentoo ebuild, but should work just fine for other people as well. +install_%_kext: %.kext + mkdir -p $(BASE)/Library/Extensions + cp -pR $*.kext $(BASE)/Library/Extensions/ + chown -R root:wheel $(BASE)/Library/Extensions/$*.kext + mkdir -p $(BASE)/Library/LaunchDaemons + cp pkg/launchd/net.sf.tuntaposx.$*.plist $(BASE)/Library/LaunchDaemons + chown -R root:wheel $(BASE)/Library/LaunchDaemons/net.sf.tuntaposx.$*.plist + +install: install_tap_kext install_tun_kext + +tarball: clean + touch tuntap_$(TUNTAP_VERSION)_src.tar.gz + tar czf tuntap_$(TUNTAP_VERSION)_src.tar.gz \ + -C .. \ + --exclude "tuntap/identity.p12" \ + --exclude "tuntap/tuntap_$(TUNTAP_VERSION)_src.tar.gz" \ + --exclude "tuntap/tuntap_$(TUNTAP_VERSION).tar.gz" \ + --exclude "tuntap/tuntap_$(TUNTAP_VERSION).pkg" \ + --exclude "*/.*" \ + tuntap + clean: cd src/tap && make -f Makefile clean + cd src/tun && make -f Makefile clean + -rm -rf pkgbuild + -rm -rf tuntap_$(TUNTAP_VERSION).pkg + -rm -f tuntap_$(TUNTAP_VERSION).tar.gz + -rm -f tuntap_$(TUNTAP_VERSION)_src.tar.gz -tap.kext: - cd src/tap && make TUNTAP_VERSION=$(TUNTAP_VERSION) -f Makefile all +%.kext: + cd src/$* && make TUNTAP_VERSION=$(TUNTAP_VERSION) -f Makefile all + if test -s ".signing_identity"; then \ + codesign -fv --keychain net.sf.tuntaposx.tmp -s "$$(cat .signing_identity)" \ + $*.kext ; \ + fi + +test: + # configd messes with interface flags, issuing SIOCSIFFLAGS ioctls upon receiving kernel + # events indicating protocols have been attached and detached. Unfortunately, configd does + # this asynchronously, making the SIOCSIFFLAGS changes totally unpredictable when we bring + # our interfaces up and down in rapid succession during our tests. I haven't found a good + # way to suppress or handle this mess other than disabling configd temporarily. + killall -STOP configd + -PYTHONPATH=test python test/tuntap/tuntap_tests.py --tests='$(TESTS)' + killall -CONT configd .PHONY: test diff --git a/ext/tap-mac/tuntap/src/lock.cc b/ext/tap-mac/tuntap/src/lock.cc index 0da48be22..9c78783a5 100644 --- a/ext/tap-mac/tuntap/src/lock.cc +++ b/ext/tap-mac/tuntap/src/lock.cc @@ -31,6 +31,8 @@ extern "C" { +#include + #include #include @@ -120,10 +122,13 @@ tt_mutex::sleep(void *cond) } void -tt_mutex::sleep(void *cond, uint64_t timeout) +tt_mutex::sleep(void *cond, uint64_t nanoseconds) { - if (lck != NULL) - lck_rw_sleep_deadline(lck, LCK_SLEEP_DEFAULT, cond, THREAD_INTERRUPTIBLE, timeout); + if (lck != NULL) { + uint64_t abstime; + nanoseconds_to_absolutetime(nanoseconds, &abstime); + lck_rw_sleep_deadline(lck, LCK_SLEEP_DEFAULT, cond, THREAD_INTERRUPTIBLE, abstime); + } } void @@ -188,9 +193,9 @@ tt_gate::sleep(void* cond) } void -tt_gate::sleep(void* cond, uint64_t timeout) +tt_gate::sleep(void* cond, uint64_t nanoseconds) { - slock.sleep(cond, timeout); + slock.sleep(cond, nanoseconds); } void diff --git a/ext/tap-mac/tuntap/src/tap/Makefile b/ext/tap-mac/tuntap/src/tap/Makefile index ee1f5457f..306a86d7f 100644 --- a/ext/tap-mac/tuntap/src/tap/Makefile +++ b/ext/tap-mac/tuntap/src/tap/Makefile @@ -19,18 +19,18 @@ BUNDLE_SIGNATURE = ???? BUNDLE_PACKAGETYPE = KEXT BUNDLE_VERSION = $(TAP_KEXT_VERSION) -INCLUDE = -I.. -I/System/Library/Frameworks/Kernel.framework/Headers -I/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.8.sdk/System/Library/Frameworks/Kernel.framework/Headers -CFLAGS = -Wall -mkernel -force_cpusubtype_ALL \ - -fno-builtin -fno-stack-protector -arch i386 -arch x86_64 \ - -DKERNEL -D__APPLE__ -DKERNEL_PRIVATE -DTUNTAP_VERSION=\"$(TUNTAP_VERSION)\" \ +INCLUDE = -I.. -I/System/Library/Frameworks/Kernel.framework/Headers +CFLAGS = -Wall -Werror -mkernel -force_cpusubtype_ALL \ + -nostdinc -fno-builtin -fno-stack-protector -msoft-float -fno-common \ + -arch x86_64 \ + -DKERNEL -DAPPLE -DKERNEL_PRIVATE -DTUNTAP_VERSION=\"$(TUNTAP_VERSION)\" \ -DTAP_KEXT_VERSION=\"$(TAP_KEXT_VERSION)\" CCFLAGS = $(CFLAGS) -LDFLAGS = -Wall -mkernel -nostdlib -r -lcc_kext -arch i386 -arch x86_64 -Xlinker -kext +LDFLAGS = -Wall -Werror -arch x86_64 -Xlinker -kext -nostdlib -lkmodc++ -lkmod -lcc_kext -#CCP = g++ -#CC = gcc -CCP = ../../../../llvm-g++-Xcode4.6.2/bin/llvm-g++ -CC = ../../../../llvm-g++-Xcode4.6.2/bin/llvm-gcc +CCP = clang -x c++ +CC = clang -x c +LD = clang all: $(KMOD_BIN) bundle @@ -40,7 +40,7 @@ all: $(KMOD_BIN) bundle $(CCP) $(CCFLAGS) $(INCLUDE) -c $< -o $@ $(KMOD_BIN): $(OBJS) - $(CCP) $(LDFLAGS) -o $(KMOD_BIN) $(OBJS) + $(LD) $(LDFLAGS) -o $(KMOD_BIN) $(OBJS) bundle: $(KMOD_BIN) rm -rf $(BUNDLE_DIR)/$(BUNDLE_NAME) diff --git a/ext/tap-mac/tuntap/src/tap/tap.cc b/ext/tap-mac/tuntap/src/tap/tap.cc index 149f1e719..b348a85e8 100644 --- a/ext/tap-mac/tuntap/src/tap/tap.cc +++ b/ext/tap-mac/tuntap/src/tap/tap.cc @@ -38,6 +38,8 @@ extern "C" { #include #include +#include + #include #include #include @@ -89,10 +91,25 @@ struct ifmediareq32 { #define SIOCGIFMEDIA32 _IOWR('i', 56, struct ifmediareq32) /* get net media */ #define SIOCGIFMEDIA64 _IOWR('i', 56, struct ifmediareq64) /* get net media (64-bit) */ +/* thread_policy_set is exported in Mach.kext, but commented in mach/thread_policy.h in the + * Kernel.Framework headers (why?). Add a local declaration to work around that. + */ +extern "C" { +kern_return_t thread_policy_set( + thread_t thread, + thread_policy_flavor_t flavor, + thread_policy_t policy_info, + mach_msg_type_number_t count); +} static unsigned char ETHER_BROADCAST_ADDR[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; /* members */ +tap_interface::tap_interface() { + bzero(attached_protos, sizeof(attached_protos)); + input_thread = THREAD_NULL; +} + bool tap_interface::initialize(unsigned short major, unsigned short unit) { @@ -166,6 +183,30 @@ tap_interface::initialize_interface() */ bpfattach(ifp, DLT_EN10MB, ifnet_hdrlen(ifp)); + /* Inject an empty packet to trigger the input thread calling demux(), which will unblock + * thread_sync_lock. This is part of a hack to avoid a kernel crash on re-attaching + * interfaces, see comment in shutdown_interface for more information. + */ + mbuf_t empty_mbuf; + mbuf_gethdr(MBUF_WAITOK, MBUF_TYPE_DATA, &empty_mbuf); + if (empty_mbuf != NULL) { + mbuf_pkthdr_setrcvif(empty_mbuf, ifp); + mbuf_pkthdr_setlen(empty_mbuf, 0); + mbuf_pkthdr_setheader(empty_mbuf, mbuf_data(empty_mbuf)); + mbuf_set_csum_performed(empty_mbuf, 0, 0); + if (ifnet_input(ifp, empty_mbuf, NULL) == 0) { + auto_lock l(&thread_sync_lock); + for (int i = 0; i < 100 && input_thread == THREAD_NULL; ++i) { + dprintf("input thread not found, waiting...\n"); + thread_sync_lock.sleep(&input_thread, 10000000); + } + } else { + mbuf_freem(empty_mbuf); + } + } + if (input_thread == THREAD_NULL) + dprintf("Failed to determine input thread!\n"); + return 0; } @@ -186,6 +227,36 @@ tap_interface::shutdown_interface() cleanup_interface(); unregister_interface(); + + /* There's a race condition in the kernel that may cause crashes when quickly re-attaching + * interfaces. The crash happens when the interface gets re-attached before the input thread + * for the interface managed to terminate, in which case an assert on the input_waiting flag + * to be clear triggers in ifnet_attach. The bug is really that there's no synchronization + * for terminating the input thread. To work around this, the following code does add the + * missing synchronization to wait for the input thread to terminate. Of course, threading + * primitives available to kexts are few, and I'm not aware of a way to wait for a thread to + * terminate. Hence, the code calls thread_policy_set (passing bogus parameters) in a loop, + * until it returns KERN_TERMINATED. Since this is all rather fragile, there's an upper + * limit on the loop iteratations we're willing to make, so this terminates eventually even + * if things change on the kernel side eventually. + */ + if (input_thread != THREAD_NULL) { + dprintf("Waiting for input thread...\n"); + kern_return_t result = 0; + for (int i = 0; i < 100; ++i) { + result = thread_policy_set(input_thread, -1, NULL, 0); + dprintf("thread_policy_set result: %d\n", result); + if (result == KERN_TERMINATED) { + dprintf("Input thread terminated.\n"); + thread_deallocate(input_thread); + input_thread = THREAD_NULL; + break; + } + + auto_lock l(&thread_sync_lock); + thread_sync_lock.sleep(&input_thread, 10000000); + } + } } errno_t @@ -263,6 +334,16 @@ tap_interface::if_demux(mbuf_t m, char *header, protocol_family_t *proto) dprintf("tap: if_demux\n"); + /* Make note of what input thread this interface is running on. This is part of a hack to + * avoid a crash on re-attaching interfaces, see comment in shutdown_interface for details. + */ + if (input_thread == THREAD_NULL) { + auto_lock l(&thread_sync_lock); + input_thread = current_thread(); + thread_reference(input_thread); + thread_sync_lock.wakeup(&input_thread); + } + /* size check */ if (mbuf_len(m) < sizeof(struct ether_header)) return ENOENT; diff --git a/ext/tap-mac/tuntap/src/tap/tap.h b/ext/tap-mac/tuntap/src/tap/tap.h index 72339a95c..a5164d4a1 100644 --- a/ext/tap-mac/tuntap/src/tap/tap.h +++ b/ext/tap-mac/tuntap/src/tap/tap.h @@ -30,12 +30,15 @@ #include "tuntap.h" +extern "C" { + +#include + +} + #define TAP_FAMILY_NAME ((char *) "zt") - #define TAP_IF_COUNT 32 /* max number of tap interfaces */ - #define TAP_MTU 2800 - #define TAP_LLADDR tap_lladdr /* the mac address of our interfaces. note that the last byte will be replaced by the unit number */ @@ -52,6 +55,8 @@ class tap_manager : public tuntap_manager { /* the tap network interface */ class tap_interface : public tuntap_interface { + public: + tap_interface(); protected: /* maximum number of protocols that can be attached */ @@ -67,6 +72,9 @@ class tap_interface : public tuntap_interface { protocol_family_t proto; } attached_protos[MAX_ATTACHED_PROTOS]; + /* The input thread for the network interface. */ + thread_t input_thread; + /* initializes the interface */ virtual bool initialize(unsigned short major, unsigned short unit); diff --git a/ext/tap-mac/tuntap/src/tuntap.cc b/ext/tap-mac/tuntap/src/tuntap.cc index 7fdbb7959..d0f89018b 100644 --- a/ext/tap-mac/tuntap/src/tuntap.cc +++ b/ext/tap-mac/tuntap/src/tuntap.cc @@ -384,10 +384,10 @@ tuntap_interface::unregister_interface() dprintf("interface detaching\n"); /* Wait until the interface has completely been detached. */ - detach_lock.lock(); + thread_sync_lock.lock(); while (!interface_detached) - detach_lock.sleep(&interface_detached); - detach_lock.unlock(); + thread_sync_lock.sleep(&interface_detached); + thread_sync_lock.unlock(); dprintf("interface detached\n"); @@ -642,15 +642,14 @@ tuntap_interface::cdev_write(uio_t uio, int ioflag) unsigned int mlen = mbuf_maxlen(first); unsigned int chunk_len; unsigned int copied = 0; + unsigned int max_data_len = ifnet_mtu(ifp) + ifnet_hdrlen(ifp); int error; /* stuff the data into the mbuf(s) */ mb = first; while (uio_resid(uio) > 0) { /* copy a chunk. enforce mtu (don't know if this is correct behaviour) */ - // ... evidently not :) -- Adam Ierymenko - //chunk_len = min(ifnet_mtu(ifp), min(uio_resid(uio), mlen)); - chunk_len = min(uio_resid(uio),mlen); + chunk_len = min(max_data_len - copied, min(uio_resid(uio), mlen)); error = uiomove((caddr_t) mbuf_data(mb), chunk_len, uio); if (error) { log(LOG_ERR, "tuntap: could not copy data from userspace: %d\n", error); @@ -666,9 +665,7 @@ tuntap_interface::cdev_write(uio_t uio, int ioflag) copied += chunk_len; /* if done, break the loop */ - //if (uio_resid(uio) <= 0 || copied >= ifnet_mtu(ifp)) - // break; - if (uio_resid(uio) <= 0) + if (uio_resid(uio) <= 0 || copied >= max_data_len) break; /* allocate a new mbuf if the current is filled */ @@ -956,10 +953,10 @@ tuntap_interface::if_detached() dprintf("tuntap: if_detached\n"); /* wake unregister_interface() */ - detach_lock.lock(); + thread_sync_lock.lock(); interface_detached = true; - detach_lock.wakeup(&interface_detached); - detach_lock.unlock(); + thread_sync_lock.wakeup(&interface_detached); + thread_sync_lock.unlock(); dprintf("if_detached done\n"); } diff --git a/ext/tap-mac/tuntap/src/tuntap.h b/ext/tap-mac/tuntap/src/tuntap.h index f10d4a067..d5f398d01 100644 --- a/ext/tap-mac/tuntap/src/tuntap.h +++ b/ext/tap-mac/tuntap/src/tuntap.h @@ -197,7 +197,7 @@ class tuntap_interface { /* synchronization */ tt_mutex lock; tt_mutex bpf_lock; - tt_mutex detach_lock; + tt_mutex thread_sync_lock; /* the interface structure registered */ ifnet_t ifp;