add

.golangci.yml

@@ -0,0 +1,174 @@
+run:
+  timeout: 5m
+  issues-exit-code: 1
+  tests: true
+  build-tags:
+    - integration
+
+output:
+  format: colored-line-number
+  print-issued-lines: true
+  print-linter-name: true
+
+linters-settings:
+  errcheck:
+    check-type-assertions: true
+    check-blank: true
+
+  gocyclo:
+    min-complexity: 15
+
+  gofmt:
+    simplify: true
+
+  goimports:
+    local-prefixes: golang.zx2c4.com/wireguard
+
+  golint:
+    min-confidence: 0.8
+
+  govet:
+    check-shadowing: true
+    enable-all: true
+
+  ineffassign:
+    check-exported: false
+
+  misspell:
+    locale: US
+
+  nakedret:
+    max-func-lines: 30
+
+  prealloc:
+    simple: true
+    range-loops: true
+    for-loops: false
+
+  unparam:
+    check-exported: false
+
+  unused:
+    check-exported: false
+
+  whitespace:
+    multi-if: false
+    multi-func: false
+
+  wsl:
+    strict-append: true
+    allow-assign-and-call: true
+    allow-multiline-assign: true
+    allow-cuddle-declarations: false
+    allow-trailing-comment: false
+    force-case-trailing-whitespace: 0
+
+linters:
+  enable:
+    # Default linters
+    - errcheck
+    - gosimple
+    - govet
+    - ineffassign
+    - staticcheck
+    - typecheck
+    - unused
+    
+    # Additional recommended linters
+    - asciicheck
+    - bodyclose
+    - cyclop
+    - dupl
+    - durationcheck
+    - errorlint
+    - exhaustive
+    - exportloopref
+    - forbidigo
+    - forcetypeassert
+    - gochecknoinits
+    - gocognit
+    - goconst
+    - gocritic
+    - gocyclo
+    - godot
+    - gofmt
+    - gofumpt
+    - goheader
+    - goimports
+    - gomnd
+    - gomoddirectives
+    - gomodguard
+    - goprintffuncname
+    - gosec
+    - grouper
+    - importas
+    - maintidx
+    - makezero
+    - misspell
+    - nakedret
+    - nestif
+    - nilerr
+    - nilnil
+    - noctx
+    - nolintlint
+    - prealloc
+    - predeclared
+    - promlinter
+    - revive
+    - rowserrcheck
+    - sqlclosecheck
+    - stylecheck
+    - tenv
+    - testpackage
+    - tparallel
+    - unconvert
+    - unparam
+    - wastedassign
+    - whitespace
+
+  disable:
+    - gochecknoglobals  # Too restrictive for this codebase
+    - goerr113          # Error wrapping style is project-specific
+    - godox             # TODO comments are fine
+    - lll               # Line length is handled by formatter
+    - paralleltest      # Not all tests need to be parallel
+    - wrapcheck         # Error wrapping style is project-specific
+    - varnamelen        # Variable naming style is project-specific
+
+issues:
+  exclude-rules:
+    # Exclude some linters from running on tests files
+    - path: _test\.go
+      linters:
+        - gocyclo
+        - errcheck
+        - dupl
+        - gosec
+        - funlen
+        - goconst
+        - gocognit
+        - scopelint
+        - lll
+
+    # Exclude known false positives
+    - text: "weak cryptographic primitive"
+      linters:
+        - gosec
+      
+    # Ignore certain GoDoc issues
+    - text: "should have a package comment"
+      linters:
+        - golint
+        - stylecheck
+
+  # Maximum issues count per one linter. Set to 0 to disable
+  max-issues-per-linter: 0
+  
+  # Maximum count of issues with the same text. Set to 0 to disable
+  max-same-issues: 0
+
+  # Show only new issues created after git revision `REV`
+  new: false
+
+  # Fix issues automatically when possible
+  fix: false 

dev-setup.md

@@ -0,0 +1,247 @@
+# WireGuard Go Development Environment
+
+This repository includes a comprehensive Nix flake development environment with all the tools needed for efficient Go development.
+
+## 🚀 Quick Start
+
+### Prerequisites
+- [Nix](https://nixos.org/download.html) with flakes enabled
+- [direnv](https://direnv.net/) (optional but recommended)
+
+### Setup
+
+1. **Clone and enter the repository:**
+   ```bash
+   git clone <repo-url>
+   cd wireguard-go
+   ```
+
+2. **Option A: Using direnv (Recommended)**
+   ```bash
+   direnv allow
+   ```
+   This will automatically load the development environment when you enter the directory.
+
+3. **Option B: Manual activation**
+   ```bash
+   nix develop
+   ```
+
+## 🔧 Included Tools
+
+### Core Go Tools
+- **Go 1.23.1** - Matching the project's go.mod
+- **gopls** - Official Go Language Server for LSP support
+
+### Code Quality
+- **golangci-lint** - Comprehensive linter with 30+ linters enabled
+- **staticcheck** - Advanced static analysis
+- **gosec** - Security vulnerability scanner
+- **govulncheck** - Official Go vulnerability scanner
+- **gofumpt** - Stricter version of gofmt
+
+### Development Tools
+- **delve** - Go debugger
+- **air** - Live reload for development
+- **gotests** - Automatic test generation
+- **gomodifytags** - Struct tag manipulation
+- **impl** - Interface implementation generator
+- **gotestsum** - Enhanced test output
+
+### System Tools
+- **wireguard-tools** - WireGuard utilities
+- **iproute2** - Network configuration tools
+- **iptables** - Firewall utilities
+
+## 🎯 Quick Commands
+
+### Development Workflow
+```bash
+# Install/update dependencies
+go mod tidy
+
+# Run comprehensive linting
+golangci-lint run
+
+# Check for security vulnerabilities
+govulncheck ./...
+
+# Run tests with coverage
+go test -race -coverprofile=coverage.out ./...
+
+# Generate tests for a package
+gotests -all -w ./device
+
+# Start live reload development server
+air
+
+# Format code with stricter rules
+gofumpt -w .
+```
+
+### Building and Testing
+```bash
+# Build the project
+go build .
+
+# Run all tests
+go test ./...
+
+# Run tests with race detection
+go test -race ./...
+
+# Benchmark tests
+go test -bench=. ./...
+
+# Generate coverage report
+go test -coverprofile=coverage.out ./... && go tool cover -html=coverage.out
+```
+
+### Debugging
+```bash
+# Start delve debugger
+dlv debug
+
+# Debug a specific test
+dlv test ./device
+```
+
+## 📝 Editor Integration
+
+### VS Code
+A `.vscode/settings.json` is included with optimized settings for Go development:
+- Automatic formatting with gofumpt
+- Integrated linting with golangci-lint
+- Proper LSP configuration
+- Optimized file watching and exclusions
+
+### Other Editors
+For vim/neovim, emacs, or other editors that support LSP:
+- Use `gopls` as the language server
+- Point formatters to use `gofumpt` instead of `gofmt`
+- Configure linting to use `golangci-lint`
+
+## 🔍 Code Quality Configuration
+
+### Linting
+The included `.golangci.yml` enables 30+ linters with sensible defaults:
+- Security checks (gosec, G-prefixed rules)
+- Performance optimizations (prealloc, ineffassign)
+- Style consistency (gofumpt, goimports)
+- Bug prevention (errcheck, staticcheck)
+
+### Pre-commit Hooks (Optional)
+Consider setting up pre-commit hooks:
+```bash
+# Create .git/hooks/pre-commit
+#!/bin/bash
+set -e
+golangci-lint run
+go test ./...
+govulncheck ./...
+```
+
+## 🌍 Environment Variables
+
+The flake automatically sets up:
+- `GOPATH="$PWD/.go"`
+- `GOBIN="$PWD/.go/bin"`
+- `GOCACHE="$PWD/.gocache"`
+- `GO111MODULE=on`
+- `CGO_ENABLED=1`
+- `WG_COLOR_MODE=always`
+
+## 🧪 Testing
+
+### Running Tests
+```bash
+# All tests
+go test ./...
+
+# With race detection
+go test -race ./...
+
+# Verbose output
+go test -v ./...
+
+# Specific package
+go test ./device
+
+# With coverage
+go test -coverprofile=coverage.out ./...
+```
+
+### Test Generation
+```bash
+# Generate tests for all functions in a package
+gotests -all -w ./device
+
+# Generate tests for specific functions
+gotests -only FunctionName -w ./device
+```
+
+## 🔒 Security
+
+### Vulnerability Scanning
+```bash
+# Scan for known vulnerabilities
+govulncheck ./...
+
+# Security-focused linting
+gosec ./...
+```
+
+### WireGuard-Specific Security
+The environment includes networking tools for testing:
+- WireGuard tools for protocol testing
+- Network namespace utilities
+- Traffic analysis tools
+
+## 📦 Building Packages
+
+### Development Build
+```bash
+go build .
+```
+
+### Optimized Build
+```bash
+go build -ldflags="-w -s" .
+```
+
+### Using Nix to Build
+```bash
+# Build using the included Nix package
+nix build
+
+# The binary will be in ./result/bin/
+```
+
+## 🐛 Troubleshooting
+
+### Common Issues
+
+1. **"command not found" errors**
+   - Ensure you're in the flake environment: `nix develop`
+   - Or allow direnv: `direnv allow`
+
+2. **Go module issues**
+   - Clean module cache: `go clean -modcache`
+   - Verify modules: `go mod verify`
+
+3. **LSP not working**
+   - Restart your editor
+   - Check gopls is available: `which gopls`
+   - Verify Go version: `go version`
+
+### Performance Tips
+- Use `.gocache` for faster builds (already configured)
+- Exclude build artifacts from file watchers
+- Use `gotestsum` for faster test feedback
+
+## 📚 Additional Resources
+
+- [Go Documentation](https://golang.org/doc/)
+- [WireGuard Protocol](https://www.wireguard.com/protocol/)
+- [golangci-lint Documentation](https://golangci-lint.run/)
+- [Delve Debugger](https://github.com/go-delve/delve) 

device/multipath.go

@@ -8,7 +8,6 @@ package device
 import (
 	"fmt"
 	"net"
-	"runtime"
 
 	"golang.zx2c4.com/wireguard/conn"
 	"golang.zx2c4.com/wireguard/tun"
@@ -152,7 +151,6 @@ func ExampleMultiPathUsage(logger *Logger) {
 
 	// Example: Create multi-path device using specific interface names
 	// This would send each packet through both eth0 and wlan0
-	interfaceNames := []string{"eth0", "wlan0"}
 	
 	// Note: You would need to create/configure your TUN device
 	// tunDevice, err := tun.CreateTUN("wg0", 1420)

flake.lock

@@ -0,0 +1,61 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1753432016,
+        "narHash": "sha256-cnL5WWn/xkZoyH/03NNUS7QgW5vI7D1i74g48qplCvg=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "6027c30c8e9810896b92429f0092f624f7b1aace",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": "nixpkgs"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -23,16 +23,14 @@
           gopls
           
           # Formatting and imports
-          gofmt
-          goimports
+          # gofmt
+          # goimports
           gofumpt  # Stricter gofmt
           
           # Linting and static analysis
           golangci-lint
-          staticcheck
           gosec      # Security checker
           ineffassign
-          misspell
           
           # Debugging
           delve
@@ -51,13 +49,13 @@
           gotestsum     # Pretty test output
           
           # Documentation
-          godoc
+          # godoc
         ];
         
         # System tools
         systemTools = with pkgs; [
           git
-          make
+          gnumake
           direnv
           nix-direnv