Merge pull request #70 from marko1777/junk-improvements

Junk improvements

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.20 as awg
+FROM golang:1.24 as awg
 COPY . /awg
 WORKDIR /awg
 RUN go mod download && \
@@ -6,7 +6,7 @@ RUN go mod download && \
     go build -ldflags '-linkmode external -extldflags "-fno-PIC -static"' -v -o /usr/bin
 
 FROM alpine:3.19
-ARG AWGTOOLS_RELEASE="1.0.20240213"
+ARG AWGTOOLS_RELEASE="1.0.20241018"
 RUN apk --no-cache add iproute2 iptables bash && \
     cd /usr/bin/ && \
     wget https://github.com/amnezia-vpn/amneziawg-tools/releases/download/v${AWGTOOLS_RELEASE}/alpine-3.19-amneziawg-tools.zip && \

Makefile

@@ -9,7 +9,7 @@ MAKEFLAGS += --no-print-directory
 
 generate-version-and-build:
 	@export GIT_CEILING_DIRECTORIES="$(realpath $(CURDIR)/..)" && \
-	tag="$$(git describe --dirty 2>/dev/null)" && \
+	tag="$$(git describe --tags --dirty 2>/dev/null)" && \
 	ver="$$(printf 'package main\n\nconst Version = "%s"\n' "$$tag")" && \
 	[ "$$(cat version.go 2>/dev/null)" != "$$ver" ] && \
 	echo "$$ver" > version.go && \

README.md

@@ -21,7 +21,7 @@ To run amneziawg-go without forking to the background, pass `-f` or `--foregroun
 ```
 $ amneziawg-go -f wg0
 ```
-When an interface is running, you may use [`amnezia-wg-tools `](https://github.com/amnezia-vpn/amneziawg-go-tools) to configure it, as well as the usual `ip(8)` and `ifconfig(8)` commands.
+When an interface is running, you may use [`amneziawg-tools `](https://github.com/amnezia-vpn/amneziawg-tools) to configure it, as well as the usual `ip(8)` and `ifconfig(8)` commands.
 
 To run with more logging you may set the environment variable `LOG_LEVEL=debug`.
 
@@ -34,11 +34,11 @@ This will run on Linux; you should run amnezia-wg instead of using default linux
 ### macOS
 
 This runs on macOS using the utun driver. It does not yet support sticky sockets, and won't support fwmarks because of Darwin limitations. Since the utun driver cannot have arbitrary interface names, you must either use `utun[0-9]+` for an explicit interface name or `utun` to have the kernel select one for you. If you choose `utun` as the interface name, and the environment variable `WG_TUN_NAME_FILE` is defined, then the actual name of the interface chosen by the kernel is written to the file specified by that variable.
-This runs on MacOS, you should use it from [awg-apple](https://github.com/amnezia-vpn/awg-apple)
+This runs on MacOS, you should use it from [amneziawg-apple](https://github.com/amnezia-vpn/amneziawg-apple)
 
 ### Windows
 
-This runs on Windows, you should use it from [awg-windows](https://github.com/amnezia-vpn/awg-windows), which uses this as a module.
+This runs on Windows, you should use it from [amneziawg-windows](https://github.com/amnezia-vpn/amneziawg-windows), which uses this as a module.
 
 
 ## Building

conn/bind_std.go

@@ -298,11 +298,6 @@ func (s *StdNetBind) BatchSize() int {
 	return 1
 }
 
-func (s *StdNetBind) GetOffloadInfo() string {
-	return fmt.Sprintf("ipv4TxOffload: %v, ipv4RxOffload: %v\nipv6TxOffload: %v, ipv6RxOffload: %v",
-		s.ipv4TxOffload, s.ipv4RxOffload, s.ipv6TxOffload, s.ipv6RxOffload)
-}
-
 func (s *StdNetBind) Close() error {
 	s.mu.Lock()
 	defer s.mu.Unlock()
@@ -336,7 +331,7 @@ type ErrUDPGSODisabled struct {
 }
 
 func (e ErrUDPGSODisabled) Error() string {
-	return fmt.Sprintf("disabled UDP GSO on %s, NIC(s) may not support checksum offload", e.onLaddr)
+	return fmt.Sprintf("disabled UDP GSO on %s, NIC(s) may not support checksum offload or peer MTU with protocol headers is greater than path MTU", e.onLaddr)
 }
 
 func (e ErrUDPGSODisabled) Unwrap() error {

conn/bind_windows.go

@@ -328,10 +328,6 @@ func (bind *WinRingBind) BatchSize() int {
 	return 1
 }
 
-func (bind *WinRingBind) GetOffloadInfo() string {
-	return ""
-}
-
 func (bind *WinRingBind) SetMark(mark uint32) error {
 	return nil
 }

conn/bindtest/bindtest.go

@@ -91,8 +91,6 @@ func (c *ChannelBind) Close() error {
 
 func (c *ChannelBind) BatchSize() int { return 1 }
 
-func (c *ChannelBind) GetOffloadInfo() string { return "" }
-
 func (c *ChannelBind) SetMark(mark uint32) error { return nil }
 
 func (c *ChannelBind) makeReceiveFunc(ch chan []byte) conn.ReceiveFunc {

conn/conn.go

@@ -55,8 +55,6 @@ type Bind interface {
 	// BatchSize is the number of buffers expected to be passed to
 	// the ReceiveFuncs, and the maximum expected to be passed to SendBatch.
 	BatchSize() int
-
-	GetOffloadInfo() string
 }
 
 // BindSocketToInterface is implemented by Bind objects that support being

conn/errors_linux.go

@@ -20,7 +20,9 @@ func errShouldDisableUDPGSO(err error) bool {
 		// See:
 		// https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/tree/man7/udp.7?id=806eabd74910447f21005160e90957bde4db0183#n228
 		// https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/ipv4/udp.c?h=v6.2&id=c9c3395d5e3dcc6daee66c6908354d47bf98cb0c#n942
-		return serr.Err == unix.EIO
+		// If gso_size + udp + ip headers > fragment size EINVAL is returned.
+		// It occurs when the peer mtu + wg headers is greater than path mtu.
+		return serr.Err == unix.EIO || serr.Err == unix.EINVAL
 	}
 	return false
 }

device/device.go

@@ -95,6 +95,7 @@ type Device struct {
 	isASecOn abool.AtomicBool
 	aSecMux  sync.RWMutex
 	aSecCfg  aSecCfgType
+	junkCreator junkCreator
 }
 
 type aSecCfgType struct {
@@ -415,6 +416,8 @@ func (device *Device) Close() {
 
 	device.rate.limiter.Close()
 
+	device.resetProtocol()
+
 	device.log.Verbosef("Device closed")
 	close(device.closed)
 }
@@ -545,7 +548,6 @@ func (device *Device) BindUpdate() error {
 	}
 
 	device.log.Verbosef("UDP bind has been updated")
-	device.log.Verbosef(netc.bind.GetOffloadInfo())
 	return nil
 }
 
@@ -559,14 +561,17 @@ func (device *Device) isAdvancedSecurityOn() bool {
 	return device.isASecOn.IsSet()
 }
 
+func (device *Device) resetProtocol() {
+	// restore default message type values
+	MessageInitiationType = 1
+	MessageResponseType = 2
+	MessageCookieReplyType = 3
+	MessageTransportType = 4
+}
+
 func (device *Device) handlePostConfig(tempASecCfg *aSecCfgType) (err error) {
 
 	if !tempASecCfg.isSet {
-		// restore default values
-		MessageInitiationType = 1
-		MessageResponseType = 2
-		MessageCookieReplyType = 3
-		MessageTransportType = 4
 		return err
 	}
 
@@ -795,6 +800,7 @@ func (device *Device) handlePostConfig(tempASecCfg *aSecCfgType) (err error) {
 	}
 
 	device.isASecOn.SetTo(isASecOn)
+	device.junkCreator, err = NewJunkCreator(device)
 	device.aSecMux.Unlock()
 
 	return err

device/device_test.go

@@ -109,7 +109,7 @@ func genASecurityConfigs(tb testing.TB) (cfgs, endpointCfgs [2]string) {
 		"replace_peers", "true",
 		"jc", "5",
 		"jmin", "500",
-		"jmax", "501",
+		"jmax", "1000",
 		"s1", "30",
 		"s2", "40",
 		"h1", "123456",
@@ -131,7 +131,7 @@ func genASecurityConfigs(tb testing.TB) (cfgs, endpointCfgs [2]string) {
 		"replace_peers", "true",
 		"jc", "5",
 		"jmin", "500",
-		"jmax", "501",
+		"jmax", "1000",
 		"s1", "30",
 		"s2", "40",
 		"h1", "123456",
@@ -274,7 +274,7 @@ func TestTwoDevicePing(t *testing.T) {
 	})
 }
 
-func TestTwoDevicePingASecurity(t *testing.T) {
+func TestASecurityTwoDevicePing(t *testing.T) {
 	goroutineLeakCheck(t)
 	pair := genTestPair(t, true, true)
 	t.Run("ping 1.0.0.1", func(t *testing.T) {

device/junk_creator.go

@@ -0,0 +1,69 @@
+package device
+
+import (
+	"bytes"
+	crand "crypto/rand"
+	"fmt"
+	v2 "math/rand/v2"
+)
+
+type junkCreator struct {
+	device   *Device
+	cha8Rand *v2.ChaCha8
+}
+
+func NewJunkCreator(d *Device) (junkCreator, error) {
+	buf := make([]byte, 32)
+	_, err := crand.Read(buf)
+	if err != nil {
+		return junkCreator{}, err
+	}
+	return junkCreator{device: d, cha8Rand: v2.NewChaCha8([32]byte(buf))}, nil
+}
+
+// Should be called with aSecMux RLocked
+func (jc *junkCreator) createJunkPackets() ([][]byte, error) {
+	if jc.device.aSecCfg.junkPacketCount == 0 {
+		return nil, nil
+	}
+
+	junks := make([][]byte, 0, jc.device.aSecCfg.junkPacketCount)
+	for i := 0; i < jc.device.aSecCfg.junkPacketCount; i++ {
+		packetSize := jc.randomPacketSize()
+		junk, err := jc.randomJunkWithSize(packetSize)
+		if err != nil {
+			return nil, fmt.Errorf("Failed to create junk packet: %v", err)
+		}
+		junks = append(junks, junk)
+	}
+	return junks, nil
+}
+
+// Should be called with aSecMux RLocked
+func (jc *junkCreator) randomPacketSize() int {
+	return int(
+		jc.cha8Rand.Uint64()%uint64(
+			jc.device.aSecCfg.junkPacketMaxSize-jc.device.aSecCfg.junkPacketMinSize,
+		),
+	) + jc.device.aSecCfg.junkPacketMinSize
+}
+
+// Should be called with aSecMux RLocked
+func (jc *junkCreator) appendJunk(writer *bytes.Buffer, size int) error {
+	headerJunk, err := jc.randomJunkWithSize(size)
+	if err != nil {
+		return fmt.Errorf("failed to create header junk: %v", err)
+	}
+	_, err = writer.Write(headerJunk)
+	if err != nil {
+		return fmt.Errorf("failed to write header junk: %v", err)
+	}
+	return nil
+}
+
+// Should be called with aSecMux RLocked
+func (jc *junkCreator) randomJunkWithSize(size int) ([]byte, error) {
+	junk := make([]byte, size)
+	_, err := jc.cha8Rand.Read(junk)
+	return junk, err
+}

device/junk_creator_test.go

@@ -0,0 +1,124 @@
+package device
+
+import (
+	"bytes"
+	"fmt"
+	"testing"
+
+	"github.com/amnezia-vpn/amneziawg-go/conn/bindtest"
+	"github.com/amnezia-vpn/amneziawg-go/tun/tuntest"
+)
+
+func setUpJunkCreator(t *testing.T) (junkCreator, error) {
+	cfg, _ := genASecurityConfigs(t)
+	tun := tuntest.NewChannelTUN()
+	binds := bindtest.NewChannelBinds()
+	level := LogLevelVerbose
+	dev := NewDevice(
+		tun.TUN(),
+		binds[0],
+		NewLogger(level, ""),
+	)
+
+	if err := dev.IpcSet(cfg[0]); err != nil {
+		t.Errorf("failed to configure device %v", err)
+		dev.Close()
+		return junkCreator{}, err
+	}
+
+	jc, err := NewJunkCreator(dev)
+
+	if err != nil {
+		t.Errorf("failed to create junk creator %v", err)
+		dev.Close()
+		return junkCreator{}, err
+	}
+
+	return jc, nil
+}
+
+func Test_junkCreator_createJunkPackets(t *testing.T) {
+	jc, err := setUpJunkCreator(t)
+	if err != nil {
+		return
+	}
+	t.Run("", func(t *testing.T) {
+		got, err := jc.createJunkPackets()
+		if err != nil {
+			t.Errorf(
+				"junkCreator.createJunkPackets() = %v; failed",
+				err,
+			)
+			return
+		}
+		seen := make(map[string]bool)
+		for _, junk := range got {
+			key := string(junk)
+			if seen[key] {
+				t.Errorf(
+					"junkCreator.createJunkPackets() = %v, duplicate key: %v",
+					got,
+					junk,
+				)
+				return
+			}
+			seen[key] = true
+		}
+	})
+}
+
+func Test_junkCreator_randomJunkWithSize(t *testing.T) {
+	t.Run("", func(t *testing.T) {
+		jc, err := setUpJunkCreator(t)
+		if err != nil {
+			return
+		}
+		r1, _ := jc.randomJunkWithSize(10)
+		r2, _ := jc.randomJunkWithSize(10)
+		fmt.Printf("%v\n%v\n", r1, r2)
+		if bytes.Equal(r1, r2) {
+			t.Errorf("same junks %v", err)
+			jc.device.Close()
+			return
+		}
+	})
+}
+
+func Test_junkCreator_randomPacketSize(t *testing.T) {
+	jc, err := setUpJunkCreator(t)
+	if err != nil {
+		return
+	}
+	for range [30]struct{}{} {
+		t.Run("", func(t *testing.T) {
+			if got := jc.randomPacketSize(); jc.device.aSecCfg.junkPacketMinSize > got ||
+				got > jc.device.aSecCfg.junkPacketMaxSize {
+				t.Errorf(
+					"junkCreator.randomPacketSize() = %v, not between range [%v,%v]",
+					got,
+					jc.device.aSecCfg.junkPacketMinSize,
+					jc.device.aSecCfg.junkPacketMaxSize,
+				)
+			}
+		})
+	}
+}
+
+func Test_junkCreator_appendJunk(t *testing.T) {
+	jc, err := setUpJunkCreator(t)
+	if err != nil {
+		return
+	}
+	t.Run("", func(t *testing.T) {
+		s := "apple"
+		buffer := bytes.NewBuffer([]byte(s))
+		err := jc.appendJunk(buffer, 30)
+		if err != nil &&
+			buffer.Len() != len(s)+30 {
+			t.Errorf("appendWithJunk() size don't match")
+		}
+		read := make([]byte, 50)
+		buffer.Read(read)
+		fmt.Println(string(read))
+	})
+}

device/send.go

@@ -9,7 +9,6 @@ import (
 	"bytes"
 	"encoding/binary"
 	"errors"
-	"math/rand"
 	"net"
 	"os"
 	"sync"
@@ -129,7 +128,7 @@ func (peer *Peer) SendHandshakeInitiation(isRetry bool) error {
 	var junkedHeader []byte
 	if peer.device.isAdvancedSecurityOn() {
 		peer.device.aSecMux.RLock()
-		junks, err := peer.createJunkPackets()
+		junks, err := peer.device.junkCreator.createJunkPackets()
 		peer.device.aSecMux.RUnlock()
 
 		if err != nil {
@@ -150,7 +149,7 @@ func (peer *Peer) SendHandshakeInitiation(isRetry bool) error {
 		if peer.device.aSecCfg.initPacketJunkSize != 0 {
 			buf := make([]byte, 0, peer.device.aSecCfg.initPacketJunkSize)
 			writer := bytes.NewBuffer(buf[:0])
-			err = appendJunk(writer, peer.device.aSecCfg.initPacketJunkSize)
+			err = peer.device.junkCreator.appendJunk(writer, peer.device.aSecCfg.initPacketJunkSize)
 			if err != nil {
 				peer.device.log.Errorf("%v - %v", peer, err)
 				peer.device.aSecMux.RUnlock()
@@ -200,7 +199,7 @@ func (peer *Peer) SendHandshakeResponse() error {
 		if peer.device.aSecCfg.responsePacketJunkSize != 0 {
 			buf := make([]byte, 0, peer.device.aSecCfg.responsePacketJunkSize)
 			writer := bytes.NewBuffer(buf[:0])
-			err = appendJunk(writer, peer.device.aSecCfg.responsePacketJunkSize)
+			err = peer.device.junkCreator.appendJunk(writer, peer.device.aSecCfg.responsePacketJunkSize)
 			if err != nil {
 				peer.device.aSecMux.RUnlock()
 				peer.device.log.Errorf("%v - %v", peer, err)
@@ -469,31 +468,6 @@ top:
 	}
 }
 
-func (peer *Peer) createJunkPackets() ([][]byte, error) {
-	if peer.device.aSecCfg.junkPacketCount == 0 {
-		return nil, nil
-	}
-
-	junks := make([][]byte, 0, peer.device.aSecCfg.junkPacketCount)
-	for i := 0; i < peer.device.aSecCfg.junkPacketCount; i++ {
-		packetSize := rand.Intn(
-			peer.device.aSecCfg.junkPacketMaxSize-peer.device.aSecCfg.junkPacketMinSize,
-		) + peer.device.aSecCfg.junkPacketMinSize
-
-		junk, err := randomJunkWithSize(packetSize)
-		if err != nil {
-			peer.device.log.Errorf(
-				"%v - Failed to create junk packet: %v",
-				peer,
-				err,
-			)
-			return nil, err
-		}
-		junks = append(junks, junk)
-	}
-	return junks, nil
-}
-
 func (peer *Peer) FlushStagedPackets() {
 	for {
 		select {

device/util.go

@@ -1,25 +0,0 @@
-package device
-
-import (
-	"bytes"
-	crand "crypto/rand"
-	"fmt"
-)
-
-func appendJunk(writer *bytes.Buffer, size int) error {
-	headerJunk, err := randomJunkWithSize(size)
-	if err != nil {
-		return fmt.Errorf("failed to create header junk: %v", err)
-	}
-	_, err = writer.Write(headerJunk)
-	if err != nil {
-		return fmt.Errorf("failed to write header junk: %v", err)
-	}
-	return nil
-}
-
-func randomJunkWithSize(size int) ([]byte, error) {
-	junk := make([]byte, size)
-	_, err := crand.Read(junk)
-	return junk, err
-}

device/util_test.go

@@ -1,27 +0,0 @@
-package device
-
-import (
-	"bytes"
-	"fmt"
-	"testing"
-)
-
-func Test_randomJunktWithSize(t *testing.T) {
-	junk, err := randomJunkWithSize(30)
-	fmt.Println(string(junk), len(junk), err)
-}
-
-func Test_appendJunk(t *testing.T) {
-	t.Run("", func(t *testing.T) {
-		s := "apple"
-		buffer := bytes.NewBuffer([]byte(s))
-		err := appendJunk(buffer, 30)
-		if err != nil &&
-			buffer.Len() != len(s)+30 {
-			t.Errorf("appendWithJunk() size don't match")
-		}
-		read := make([]byte, 50)
-		buffer.Read(read)
-		fmt.Println(string(read))
-	})
-}

go.mod

@@ -1,17 +1,17 @@
 module github.com/amnezia-vpn/amneziawg-go
 
-go 1.20
+go 1.24
 
 require (
 	github.com/tevino/abool/v2 v2.1.0
-	golang.org/x/crypto v0.19.0
+	golang.org/x/crypto v0.36.0
-	golang.org/x/net v0.21.0
+	golang.org/x/net v0.37.0
-	golang.org/x/sys v0.17.0
+	golang.org/x/sys v0.31.0
 	golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2
-	gvisor.dev/gvisor v0.0.0-20230927004350-cbd86285d259
+	gvisor.dev/gvisor v0.0.0-20250130013005-04f9204697c6
 )
 
 require (
-	github.com/google/btree v1.0.1 // indirect
+	github.com/google/btree v1.1.3 // indirect
-	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
+	golang.org/x/time v0.9.0 // indirect
 )

go.sum

@@ -1,16 +1,20 @@
-github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
+github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
-github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
+github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/tevino/abool/v2 v2.1.0 h1:7w+Vf9f/5gmKT4m4qkayb33/92M+Um45F2BkHOR+L/c=
 github.com/tevino/abool/v2 v2.1.0/go.mod h1:+Lmlqk6bHDWHqN1cbxqhwEAwMPXgc8I1SDEamtseuXY=
-golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo=
+golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
-golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
+golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
-golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4=
+golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0=
-golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
+golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
-golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
+golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c=
-golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
-golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0kGgGLxUOYcY4U/2Vjg44=
+golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
-golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY=
+golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 h1:B82qJJgjvYKsXS9jeunTOisW56dUokqW/FOteYJJ/yg=
 golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI=
-gvisor.dev/gvisor v0.0.0-20230927004350-cbd86285d259 h1:TbRPT0HtzFP3Cno1zZo7yPzEEnfu8EjLfl6IU9VfqkQ=
+gvisor.dev/gvisor v0.0.0-20250130013005-04f9204697c6 h1:6B7MdW3OEbJqOMr7cEYU9bkzvCjUBX/JlXk12xcANuQ=
-gvisor.dev/gvisor v0.0.0-20230927004350-cbd86285d259/go.mod h1:AVgIgHMwK63XvmAzWG9vLQ41YnVHN0du0tEC46fI7yY=
+gvisor.dev/gvisor v0.0.0-20250130013005-04f9204697c6/go.mod h1:5DMfjtclAbTIjbXqO1qCe2K5GKKxWz2JHvCChuTcJEM=

ipc/uapi_windows.go

@@ -62,7 +62,7 @@ func init() {
 func UAPIListen(name string) (net.Listener, error) {
 	listener, err := (&namedpipe.ListenConfig{
 		SecurityDescriptor: UAPISecurityDescriptor,
-	}).Listen(`\\.\pipe\ProtectedPrefix\Administrators\WireGuard\` + name)
+	}).Listen(`\\.\pipe\ProtectedPrefix\Administrators\AmneziaWG\` + name)
 	if err != nil {
 		return nil, err
 	}

main.go

@@ -46,20 +46,20 @@ func warning() {
 		return
 	}
 
-	fmt.Fprintln(os.Stderr, "┌──────────────────────────────────────────────────────┐")
+	fmt.Fprintln(os.Stderr, "┌──────────────────────────────────────────────────────────────┐")
-	fmt.Fprintln(os.Stderr, "│                                                      │")
+	fmt.Fprintln(os.Stderr, "│                                                              │")
-	fmt.Fprintln(os.Stderr, "│   Running wireguard-go is not required because this  │")
+	fmt.Fprintln(os.Stderr, "│       Running amneziawg-go is not required because this      │")
-	fmt.Fprintln(os.Stderr, "│   kernel has first class support for WireGuard. For  │")
+	fmt.Fprintln(os.Stderr, "│       kernel has first class support for AmneziaWG. For      │")
-	fmt.Fprintln(os.Stderr, "│   information on installing the kernel module,       │")
+	fmt.Fprintln(os.Stderr, "│       information on installing the kernel module,           │")
-	fmt.Fprintln(os.Stderr, "│   please visit:                                      │")
+	fmt.Fprintln(os.Stderr, "│       please visit:                                          │")
-	fmt.Fprintln(os.Stderr, "│         https://www.wireguard.com/install/           │")
+	fmt.Fprintln(os.Stderr, "| https://github.com/amnezia-vpn/amneziawg-linux-kernel-module │")
-	fmt.Fprintln(os.Stderr, "│                                                      │")
+	fmt.Fprintln(os.Stderr, "│                                                              │")
-	fmt.Fprintln(os.Stderr, "└──────────────────────────────────────────────────────┘")
+	fmt.Fprintln(os.Stderr, "└──────────────────────────────────────────────────────────────┘")
 }
 
 func main() {
 	if len(os.Args) == 2 && os.Args[1] == "--version" {
-		fmt.Printf("wireguard-go v%s\n\nUserspace WireGuard daemon for %s-%s.\nInformation available at https://www.wireguard.com.\nCopyright (C) Jason A. Donenfeld <Jason@zx2c4.com>.\n", Version, runtime.GOOS, runtime.GOARCH)
+		fmt.Printf("amneziawg-go %s\n\nUserspace AmneziaWG daemon for %s-%s.\nInformation available at https://amnezia.org\n", Version, runtime.GOOS, runtime.GOARCH)
 		return
 	}
 
@@ -145,7 +145,7 @@ func main() {
 		fmt.Sprintf("(%s) ", interfaceName),
 	)
 
-	logger.Verbosef("Starting wireguard-go version %s", Version)
+	logger.Verbosef("Starting amneziawg-go version %s", Version)
 
 	if err != nil {
 		logger.Errorf("Failed to create TUN device: %v", err)

main_windows.go

@@ -30,13 +30,13 @@ func main() {
 	}
 	interfaceName := os.Args[1]
 
-	fmt.Fprintln(os.Stderr, "Warning: this is a test program for Windows, mainly used for debugging this Go package. For a real WireGuard for Windows client, the repo you want is <https://git.zx2c4.com/wireguard-windows/>, which includes this code as a module.")
+	fmt.Fprintln(os.Stderr, "Warning: this is a test program for Windows, mainly used for debugging this Go package. For a real AmneziaWG for Windows client, please visit: https://amnezia.org")
 
 	logger := device.NewLogger(
 		device.LogLevelVerbose,
 		fmt.Sprintf("(%s) ", interfaceName),
 	)
-	logger.Verbosef("Starting wireguard-go version %s", Version)
+	logger.Verbosef("Starting amneziawg-go version %s", Version)
 
 	tun, err := tun.CreateTUN(interfaceName, 0)
 	if err == nil {