diff --git a/Makefile b/Makefile
index f554053fd..5ba903ef9 100644
--- a/Makefile
+++ b/Makefile
@@ -122,6 +122,8 @@ host-apps: ## Build app
 	${OPTS} go build ${BUILD_OPTS} -o ./apps/helloworld ./cmd/apps/helloworld
 	${OPTS} go build ${BUILD_OPTS} -o ./apps/skysocks ./cmd/apps/skysocks
 	${OPTS} go build ${BUILD_OPTS} -o ./apps/skysocks-client  ./cmd/apps/skysocks-client
+	${OPTS} go build ${BUILD_OPTS} -o ./apps/vpn-server ./cmd/apps/vpn-server
+	${OPTS} go build ${BUILD_OPTS} -o ./apps/vpn-client ./cmd/apps/vpn-client
 
 # Bin 
 bin: ## Build `skywire-visor`, `skywire-cli`, `hypervisor`
@@ -139,6 +141,8 @@ release: ## Build `skywire-visor`, `skywire-cli`, `hypervisor` and apps without
 	${OPTS} go build ${BUILD_OPTS} -o ./apps/helloworld ./cmd/apps/helloworld
 	${OPTS} go build ${BUILD_OPTS} -o ./apps/skysocks ./cmd/apps/skysocks
 	${OPTS} go build ${BUILD_OPTS} -o ./apps/skysocks-client  ./cmd/apps/skysocks-client
+	${OPTS} go build ${BUILD_OPTS} -o ./apps/vpn-server ./cmd/apps/vpn-server
+	${OPTS} go build ${BUILD_OPTS} -o ./apps/vpn-client ./cmd/apps/vpn-client
 
 github-release: ## Create a GitHub release
 	goreleaser --rm-dist
diff --git a/cmd/apps/vpn-client/vpn-client.go b/cmd/apps/vpn-client/vpn-client.go
new file mode 100644
index 000000000..1a512903e
--- /dev/null
+++ b/cmd/apps/vpn-client/vpn-client.go
@@ -0,0 +1,118 @@
+package main
+
+import (
+	"context"
+	"flag"
+	"fmt"
+	"net"
+	"os"
+	"os/signal"
+	"syscall"
+	"time"
+
+	"github.com/SkycoinProject/dmsg/cipher"
+	"github.com/SkycoinProject/dmsg/netutil"
+	"github.com/SkycoinProject/skycoin/src/util/logging"
+
+	"github.com/SkycoinProject/skywire-mainnet/internal/vpn"
+	"github.com/SkycoinProject/skywire-mainnet/pkg/app"
+	"github.com/SkycoinProject/skywire-mainnet/pkg/app/appnet"
+	"github.com/SkycoinProject/skywire-mainnet/pkg/routing"
+	"github.com/SkycoinProject/skywire-mainnet/pkg/skyenv"
+)
+
+const (
+	appName = skyenv.VPNClientName
+	netType = appnet.TypeSkynet
+	vpnPort = routing.Port(skyenv.VPNServerPort)
+)
+
+const (
+	serverDialInitBO = 1 * time.Second
+	serverDialMaxBO  = 10 * time.Second
+)
+
+var (
+	log = app.NewLogger(appName)
+	r   = netutil.NewRetrier(log, serverDialInitBO, serverDialMaxBO, 0, 1)
+)
+
+var serverPKStr = flag.String("srv", "", "PubKey of the server to connect to")
+
+func dialServer(appCl *app.Client, pk cipher.PubKey) (net.Conn, error) {
+	var conn net.Conn
+	err := r.Do(context.Background(), func() error {
+		var err error
+		conn, err = appCl.Dial(appnet.Addr{
+			Net:    netType,
+			PubKey: pk,
+			Port:   vpnPort,
+		})
+		return err
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return conn, nil
+}
+
+func main() {
+	flag.Parse()
+
+	if *serverPKStr == "" {
+		log.Fatalln("VPN server pub key is missing")
+	}
+
+	serverPK := cipher.PubKey{}
+	if err := serverPK.UnmarshalText([]byte(*serverPKStr)); err != nil {
+		log.WithError(err).Fatalln("Invalid VPN server pub key")
+	}
+
+	log.Infof("Connecting to VPN server %s", serverPK.String())
+
+	appCfg, err := app.ClientConfigFromEnv()
+	if err != nil {
+		log.WithError(err).Fatalln("Error getting app client config")
+	}
+
+	appClient, err := app.NewClient(logging.MustGetLogger(fmt.Sprintf("app_%s", appName)), appCfg)
+	if err != nil {
+		log.WithError(err).Fatalln("Error setting up VPN client")
+	}
+	defer func() {
+		appClient.Close()
+	}()
+
+	appConn, err := dialServer(appClient, serverPK)
+	if err != nil {
+		log.WithError(err).Fatalln("Error connecting to VPN server")
+	}
+	defer func() {
+		if err := appConn.Close(); err != nil {
+			log.WithError(err).Errorln("Error closing connection to the VPN server")
+		}
+	}()
+
+	log.Infof("Dialed %s", appConn.RemoteAddr())
+
+	vpnClient, err := vpn.NewClient(log, appConn)
+	if err != nil {
+		log.WithError(err).Fatalln("Error creating VPN client")
+	}
+
+	osSigs := make(chan os.Signal, 2)
+	sigs := []os.Signal{syscall.SIGTERM, syscall.SIGINT}
+	for _, sig := range sigs {
+		signal.Notify(osSigs, sig)
+	}
+
+	go func() {
+		<-osSigs
+		vpnClient.Close()
+	}()
+
+	if err := vpnClient.Serve(); err != nil {
+		log.WithError(err).Fatalln("Error serving VPN")
+	}
+}
diff --git a/cmd/apps/vpn-server/vpn-server.go b/cmd/apps/vpn-server/vpn-server.go
new file mode 100644
index 000000000..c3f492ff9
--- /dev/null
+++ b/cmd/apps/vpn-server/vpn-server.go
@@ -0,0 +1,75 @@
+package main
+
+import (
+	"fmt"
+	"os"
+	"os/signal"
+	"syscall"
+
+	"github.com/SkycoinProject/skycoin/src/util/logging"
+
+	"github.com/SkycoinProject/skywire-mainnet/internal/vpn"
+	"github.com/SkycoinProject/skywire-mainnet/pkg/app"
+	"github.com/SkycoinProject/skywire-mainnet/pkg/app/appnet"
+	"github.com/SkycoinProject/skywire-mainnet/pkg/routing"
+	"github.com/SkycoinProject/skywire-mainnet/pkg/skyenv"
+)
+
+const (
+	appName = skyenv.VPNServerName
+	netType = appnet.TypeSkynet
+	vpnPort = routing.Port(skyenv.VPNServerPort)
+)
+
+var (
+	log = app.NewLogger(appName)
+)
+
+func main() {
+	appCfg, err := app.ClientConfigFromEnv()
+	if err != nil {
+		log.WithError(err).Errorln("Error getting app client config")
+		return
+	}
+
+	appClient, err := app.NewClient(logging.MustGetLogger(fmt.Sprintf("app_%s", appName)), appCfg)
+	if err != nil {
+		log.WithError(err).Errorln("Error setting up VPN client")
+		return
+	}
+	defer func() {
+		appClient.Close()
+	}()
+
+	osSigs := make(chan os.Signal, 2)
+
+	sigs := []os.Signal{syscall.SIGTERM, syscall.SIGINT}
+	for _, sig := range sigs {
+		signal.Notify(osSigs, sig)
+	}
+
+	l, err := appClient.Listen(netType, vpnPort)
+	if err != nil {
+		log.WithError(err).Errorf("Error listening network %v on port %d", netType, vpnPort)
+		return
+	}
+
+	log.Infof("Got app listener, bound to %d", vpnPort)
+
+	srv, err := vpn.NewServer(log)
+	if err != nil {
+		log.WithError(err).Fatalln("Error creating VPN server")
+	}
+	defer func() {
+		if err := srv.Close(); err != nil {
+			log.WithError(err).Errorln("Error closing server")
+		}
+	}()
+	go func() {
+		if err := srv.Serve(l); err != nil {
+			log.WithError(err).Errorln("Error serving")
+		}
+	}()
+
+	<-osSigs
+}
diff --git a/cmd/skywire-cli/commands/visor/gen-config.go b/cmd/skywire-cli/commands/visor/gen-config.go
index eeef0a864..19bc559c8 100644
--- a/cmd/skywire-cli/commands/visor/gen-config.go
+++ b/cmd/skywire-cli/commands/visor/gen-config.go
@@ -132,6 +132,8 @@ func defaultConfig() *visor.Config {
 		defaultSkychatConfig(),
 		defaultSkysocksConfig(""),
 		defaultSkysocksClientConfig(),
+		defaultVPNServerConfig(),
+		defaultVPNClientConfig(),
 	}
 
 	conf.TrustedVisors = []cipher.PubKey{}
@@ -207,3 +209,19 @@ func defaultSkysocksClientConfig() visor.AppConfig {
 		Port:      routing.Port(skyenv.SkysocksClientPort),
 	}
 }
+
+func defaultVPNServerConfig() visor.AppConfig {
+	return visor.AppConfig{
+		App:       skyenv.VPNServerName,
+		AutoStart: true,
+		Port:      routing.Port(skyenv.VPNServerPort),
+	}
+}
+
+func defaultVPNClientConfig() visor.AppConfig {
+	return visor.AppConfig{
+		App:       skyenv.VPNClientName,
+		AutoStart: false,
+		Port:      routing.Port(skyenv.VPNClientPort),
+	}
+}
diff --git a/go.mod b/go.mod
index 9474bfcf4..20c9f2156 100644
--- a/go.mod
+++ b/go.mod
@@ -3,24 +3,29 @@ module github.com/SkycoinProject/skywire-mainnet
 go 1.13
 
 require (
-	github.com/SkycoinProject/dmsg v0.2.0
+	github.com/SkycoinProject/dmsg v0.1.1-0.20200420091742-8c1a3d828a49
 	github.com/SkycoinProject/skycoin v0.27.0
 	github.com/SkycoinProject/yamux v0.0.0-20191213015001-a36efeefbf6a
 	github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5
 	github.com/go-chi/chi v4.0.2+incompatible
 	github.com/google/uuid v1.1.1
 	github.com/gorilla/securecookie v1.1.1
+	github.com/konsorten/go-windows-terminal-sequences v1.0.3 // indirect
 	github.com/mholt/archiver/v3 v3.3.0
 	github.com/pkg/profile v1.3.0
 	github.com/prometheus/client_golang v1.3.0
 	github.com/prometheus/common v0.7.0
 	github.com/rakyll/statik v0.1.7
 	github.com/schollz/progressbar/v2 v2.15.0
-	github.com/sirupsen/logrus v1.4.2
+	github.com/sirupsen/logrus v1.5.0
+	github.com/skycoin/dmsg v0.0.0-20190805065636-70f4c32a994f // indirect
+	github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8
 	github.com/spf13/cobra v0.0.5
 	github.com/stretchr/testify v1.4.0
 	go.etcd.io/bbolt v1.3.4
+	golang.org/x/crypto v0.0.0-20200427165652-729f1e841bcc // indirect
 	golang.org/x/net v0.0.0-20200226121028-0de0cce0169b
+	golang.org/x/sys v0.0.0-20200428200454-593003d681fa // indirect
 )
 
 // Uncomment for tests with alternate branches of 'dmsg'
diff --git a/go.sum b/go.sum
index 27889888f..d281cfc52 100644
--- a/go.sum
+++ b/go.sum
@@ -1,10 +1,9 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/SkycoinProject/dmsg v0.0.0-20200306152741-acee74fa4514 h1:Ysxe5a/uGJq5eeSPhlIkS0Ft29LzoVv4waaN0VE4JXM=
 github.com/SkycoinProject/dmsg v0.0.0-20200306152741-acee74fa4514/go.mod h1:DzykXMLlx6Fx0fGjZsCIRas/MIvxW8DZpmDA6f2nCRk=
-github.com/SkycoinProject/dmsg v0.2.0 h1:YAalAHTs89Ncu0AbuCz00umX/ITYPAkPRT2w4tp4odE=
-github.com/SkycoinProject/dmsg v0.2.0/go.mod h1:MiX+UG/6fl3g+9rS13/fq7BwUQ2eOlg1yOBOnNf6J6A=
+github.com/SkycoinProject/dmsg v0.1.1-0.20200420091742-8c1a3d828a49 h1:rYqmvSRA+rq6LTne/Ge34T0i4yjSHSwkhk0ER6relWU=
+github.com/SkycoinProject/dmsg v0.1.1-0.20200420091742-8c1a3d828a49/go.mod h1:MiX+UG/6fl3g+9rS13/fq7BwUQ2eOlg1yOBOnNf6J6A=
 github.com/SkycoinProject/skycoin v0.26.0/go.mod h1:xqPLOKh5B6GBZlGA7B5IJfQmCy7mwimD9NlqxR3gMXo=
 github.com/SkycoinProject/skycoin v0.27.0 h1:N3IHxj8ossHOcsxLYOYugT+OaELLncYHJHxbbYLPPmY=
 github.com/SkycoinProject/skycoin v0.27.0/go.mod h1:xqPLOKh5B6GBZlGA7B5IJfQmCy7mwimD9NlqxR3gMXo=
@@ -60,11 +59,8 @@ github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-redis/redis v6.15.6+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee h1:s+21KNqlpePfkah2I+gwHF8xmJWRjooY+5248k6m4A0=
 github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo=
-github.com/gobwas/pool v0.2.0 h1:QEmUOlnSjWtnpRGHF3SauEiOsy82Cup83Vf2LcMlnc8=
 github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
-github.com/gobwas/ws v1.0.2 h1:CoAavW/wd/kulfZmSIBt6p24n4j7tHgNVCjsfHVNUbo=
 github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
@@ -84,7 +80,6 @@ github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
@@ -95,7 +90,6 @@ github.com/gorilla/handlers v1.4.2/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/
 github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
 github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
 github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
-github.com/gorilla/websocket v1.4.1 h1:q7AeDBpnBk8AogcD4DSag/Ukw/KV+YhzLj2bP5HvKCM=
 github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
@@ -118,25 +112,22 @@ github.com/klauspost/compress v1.10.0/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYs
 github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
 github.com/klauspost/pgzip v1.2.1 h1:oIPZROsWuPHpOdMVWLuJZXwgjhrW8r1yEX8UqMyeNHM=
 github.com/klauspost/pgzip v1.2.1/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
-github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/konsorten/go-windows-terminal-sequences v1.0.3 h1:CE8S1cTafDpPvMhIxNJKvHsGVBgn1xWYf1NbHQhywc8=
+github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
-github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.0 h1:s5hAObm+yFO5uHYt5dYjxi2rXrsnmRpJx4OYvIWUaQs=
 github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
-github.com/mattn/go-colorable v0.1.4 h1:snbPLB8fVfU9iwbbo30TPtbLRzwWu6aJS6Xh4eaaviA=
+github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.6 h1:6Su7aK7lXmJ/U79bYtBjLNaha4Fs1Rg9plHpcH+vvnE=
 github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
-github.com/mattn/go-isatty v0.0.8 h1:HLtExJ+uU2HOZ+wI0Tt5DtUDrx8yhUqDcp7fYERX4CE=
 github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
@@ -198,12 +189,16 @@ github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR
 github.com/schollz/progressbar/v2 v2.15.0 h1:dVzHQ8fHRmtPjD3K10jT3Qgn/+H+92jhPrhmxIJfDz8=
 github.com/schollz/progressbar/v2 v2.15.0/go.mod h1:UdPq3prGkfQ7MOzZKlDRpYKcFqEMczbD7YmbPgpzKMI=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
+github.com/sirupsen/logrus v1.5.0 h1:1N5EYkVAPEywqZRJd7cwnRtCb6xJx7NH3T3WUTF980Q=
+github.com/sirupsen/logrus v1.5.0/go.mod h1:+F7Ogzej0PZc/94MaYx/nvG9jOFMD2osvC3s+Squfpo=
+github.com/skycoin/dmsg v0.0.0-20190805065636-70f4c32a994f/go.mod h1:obZYZp8eKR7Xqz+KNhJdUE6Gvp6rEXbDO8YTlW2YXgU=
 github.com/skycoin/skycoin v0.26.0/go.mod h1:78nHjQzd8KG0jJJVL/j0xMmrihXi70ti63fh8vXScJw=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
+github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8 h1:TG/diQgUe0pntT/2D9tmUCz4VNwm9MfrtPr0SU2qSX8=
+github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8/go.mod h1:P5HUIBuIWKbyjl083/loAegFkfbFNx5i2qEP4CNbm7E=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
@@ -241,10 +236,12 @@ go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8=
+golang.org/x/crypto v0.0.0-20190621222207-cc06ce4a13d4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073 h1:xMPOj6Pz6UipU1wXLkrtqpHbR0AVFnyPEQq/wRWz9lM=
 golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200427165652-729f1e841bcc h1:ZGI/fILM2+ueot/UixBSoj9188jCAxVHEZEGhqq67I4=
+golang.org/x/crypto v0.0.0-20200427165652-729f1e841bcc/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -255,7 +252,7 @@ golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191204025024-5ee1b9f4859a h1:+HHJiFUXVOIS9mr1ThqkQD1N8vpFCfCShqADBM12KTc=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191204025024-5ee1b9f4859a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b h1:0mm1VjtFUOIlE1SbDlwjYaDxZVDP2S5ou6y0gSgXHu8=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -263,6 +260,7 @@ golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAG
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -274,27 +272,27 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191220142924-d4481acd189f h1:68K/z8GLUxV76xGSqwTWw2gyk/jwn79LUL43rES2g8o=
 golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5 h1:LfCXLvNmTYH9kEmVgqbnsWfruoXZIrh4YBgqVHtDvw0=
 golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527 h1:uYVVQ9WP/Ds2ROhcaGPeIdVq0RIXVLwsHlnvJ+cT1So=
 golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
+golang.org/x/sys v0.0.0-20200428200454-593003d681fa h1:yMbJOvnfYkO1dSAviTu/ZguZWLBTXx4xE3LYrxUCCiA=
+golang.org/x/sys v0.0.0-20200428200454-593003d681fa/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqGHIWVuyCkGJLwGh9JJFs=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190328211700-ab21143f2384 h1:TFlARGu6Czu1z7q93HTxcP1P+/ZFC/IKythI5RzrnRg=
 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190627182818-9947fec5c3ab/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
@@ -304,7 +302,6 @@ gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQ
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
diff --git a/internal/vpn/client.go b/internal/vpn/client.go
new file mode 100644
index 000000000..3d53c20d5
--- /dev/null
+++ b/internal/vpn/client.go
@@ -0,0 +1,310 @@
+package vpn
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"os"
+	"strconv"
+	"sync"
+
+	"github.com/SkycoinProject/skycoin/src/util/logging"
+	"github.com/songgao/water"
+)
+
+const (
+	ipv4FirstHalfAddr  = "0.0.0.0"
+	ipv4SecondHalfAddr = "128.0.0.0"
+	ipv4HalfRangeMask  = "128.0.0.0"
+)
+
+// Client is a VPN client.
+type Client struct {
+	log            *logging.MasterLogger
+	conn           net.Conn
+	directIPs      []net.IP
+	defaultGateway net.IP
+	closeC         chan struct{}
+	closeOnce      sync.Once
+}
+
+// NewClient creates VPN client instance.
+func NewClient(l *logging.MasterLogger, conn net.Conn) (*Client, error) {
+	dmsgDiscIP, err := dmsgDiscIPFromEnv()
+	if err != nil {
+		return nil, fmt.Errorf("error getting Dmsg discovery IP: %w", err)
+	}
+
+	dmsgSrvAddrs, err := dmsgSrvAddrsFromEnv()
+	if err != nil {
+		return nil, fmt.Errorf("error getting Dmsg server addresses: %w", err)
+	}
+
+	tpIP, err := tpIPFromEnv()
+	if err != nil {
+		return nil, fmt.Errorf("error getting TP IP: %w", err)
+	}
+
+	rfIP, err := rfIPFromEnv()
+	if err != nil {
+		return nil, fmt.Errorf("error getting RF IP: %w", err)
+	}
+
+	stcpEntities, err := stcpEntitiesFromEnv()
+	if err != nil {
+		return nil, fmt.Errorf("error getting STCP entities: %w", err)
+	}
+
+	directIPs := make([]net.IP, 0, 3+len(dmsgSrvAddrs)+len(stcpEntities))
+	directIPs = append(directIPs, dmsgDiscIP, tpIP, rfIP)
+	directIPs = append(directIPs, dmsgSrvAddrs...)
+	directIPs = append(directIPs, stcpEntities...)
+
+	defaultGateway, err := DefaultNetworkGateway()
+	if err != nil {
+		return nil, fmt.Errorf("error getting default network gateway: %w", err)
+	}
+
+	l.Infof("Got default network gateway IP: %s", defaultGateway)
+
+	return &Client{
+		log:            l,
+		conn:           conn,
+		directIPs:      directIPs,
+		defaultGateway: defaultGateway,
+		closeC:         make(chan struct{}),
+	}, nil
+}
+
+// Serve performs handshake with the server, sets up routing and starts handling traffic.
+func (c *Client) Serve() error {
+	tunIP, tunGateway, err := c.shakeHands()
+	if err != nil {
+		return fmt.Errorf("error during client/server handshake: %w", err)
+	}
+
+	c.log.Infof("Performed handshake with %s", c.conn.RemoteAddr())
+	c.log.Infof("Local TUN IP: %s", tunIP.String())
+	c.log.Infof("Local TUN gateway: %s", tunGateway.String())
+
+	tun, err := water.New(water.Config{
+		DeviceType: water.TUN,
+	})
+	if err != nil {
+		return fmt.Errorf("error allocating TUN interace: %w", err)
+	}
+	defer func() {
+		tunName := tun.Name()
+		if err := tun.Close(); err != nil {
+			c.log.WithError(err).Errorf("Error closing TUN %s", tunName)
+		}
+	}()
+
+	c.log.Infof("Allocated TUN %s", tun.Name())
+
+	if err := SetupTUN(tun.Name(), tunIP.String(), TUNNetmask, tunGateway.String(), TUNMTU); err != nil {
+		return fmt.Errorf("error setting up TUN %s: %w", tun.Name(), err)
+	}
+
+	defer c.removeDirectRoutes()
+	if err := c.setupDirectRoutes(); err != nil {
+		return fmt.Errorf("error setting up direct routes: %w", err)
+	}
+
+	defer c.routeTrafficDirectly(tunGateway)
+	c.log.Infof("Routing all traffic through TUN %s", tun.Name())
+	if err := c.routeTrafficThroughTUN(tunGateway); err != nil {
+		return fmt.Errorf("error routing traffic through TUN %s: %w", tun.Name(), err)
+	}
+
+	connToTunDoneCh := make(chan struct{})
+	tunToConnCh := make(chan struct{})
+	// read all system traffic and pass it to the remote VPN server
+	go func() {
+		defer close(connToTunDoneCh)
+
+		if _, err := io.Copy(tun, c.conn); err != nil {
+			c.log.WithError(err).Errorf("Error resending traffic from TUN %s to VPN server", tun.Name())
+		}
+	}()
+	go func() {
+		defer close(tunToConnCh)
+
+		if _, err := io.Copy(c.conn, tun); err != nil {
+			c.log.WithError(err).Errorf("Error resending traffic from VPN server to TUN %s", tun.Name())
+		}
+	}()
+
+	// only one side may fail here, so we wait till at least one fails
+	select {
+	case <-connToTunDoneCh:
+	case <-tunToConnCh:
+	case <-c.closeC:
+	}
+
+	return nil
+}
+
+// Close closes client.
+func (c *Client) Close() {
+	c.closeOnce.Do(func() {
+		close(c.closeC)
+	})
+}
+
+func (c *Client) routeTrafficThroughTUN(tunGateway net.IP) error {
+	// route all traffic through TUN gateway
+	if err := AddRoute(ipv4FirstHalfAddr, tunGateway.String(), ipv4HalfRangeMask); err != nil {
+		return err
+	}
+	if err := AddRoute(ipv4SecondHalfAddr, tunGateway.String(), ipv4HalfRangeMask); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (c *Client) routeTrafficDirectly(tunGateway net.IP) {
+	c.log.Infoln("Routing all traffic through default network gateway")
+
+	// remove main route
+	if err := DeleteRoute(ipv4FirstHalfAddr, tunGateway.String(), ipv4HalfRangeMask); err != nil {
+		c.log.WithError(err).Errorf("Error routing traffic through default network gateway")
+	}
+	if err := DeleteRoute(ipv4SecondHalfAddr, tunGateway.String(), ipv4HalfRangeMask); err != nil {
+		c.log.WithError(err).Errorf("Error routing traffic through default network gateway")
+	}
+}
+
+func (c *Client) setupDirectRoutes() error {
+	for _, ip := range c.directIPs {
+		if !ip.IsLoopback() {
+			c.log.Infof("Adding direct route to %s", ip.String())
+			if err := AddRoute(ip.String(), c.defaultGateway.String(), ""); err != nil {
+				return fmt.Errorf("error adding direct route to %s", ip.String())
+			}
+		}
+	}
+
+	return nil
+}
+
+func (c *Client) removeDirectRoutes() {
+	for _, ip := range c.directIPs {
+		if !ip.IsLoopback() {
+			c.log.Infof("Removing direct route to %s", ip.String())
+			if err := DeleteRoute(ip.String(), c.defaultGateway.String(), ""); err != nil {
+				// shouldn't return, just keep on trying the other IPs
+				c.log.WithError(err).Errorf("Error removing direct route to %s", ip.String())
+			}
+		}
+	}
+}
+
+func dmsgDiscIPFromEnv() (net.IP, error) {
+	return ipFromEnv(DmsgDiscAddrEnvKey)
+}
+
+func dmsgSrvAddrsFromEnv() ([]net.IP, error) {
+	dmsgSrvCountStr := os.Getenv(DmsgAddrsCountEnvKey)
+	if dmsgSrvCountStr == "" {
+		return nil, errors.New("dmsg servers count is not provi")
+	}
+	dmsgSrvCount, err := strconv.Atoi(dmsgSrvCountStr)
+	if err != nil {
+		return nil, fmt.Errorf("invalid Dmsg servers count: %s: %w", dmsgSrvCountStr, err)
+	}
+
+	dmsgSrvAddrs := make([]net.IP, 0, dmsgSrvCount)
+	for i := 0; i < dmsgSrvCount; i++ {
+		dmsgSrvAddr, err := ipFromEnv(DmsgAddrEnvPrefix + strconv.Itoa(i))
+		if err != nil {
+			return nil, fmt.Errorf("error getting Dmsg server address: %w", err)
+		}
+
+		dmsgSrvAddrs = append(dmsgSrvAddrs, dmsgSrvAddr)
+	}
+
+	return dmsgSrvAddrs, nil
+}
+
+func tpIPFromEnv() (net.IP, error) {
+	return ipFromEnv(TPDiscAddrEnvKey)
+}
+
+func rfIPFromEnv() (net.IP, error) {
+	return ipFromEnv(RFAddrEnvKey)
+}
+
+func stcpEntitiesFromEnv() ([]net.IP, error) {
+	var stcpEntities []net.IP
+	stcpTableLenStr := os.Getenv(STCPTableLenEnvKey)
+	if stcpTableLenStr != "" {
+		stcpTableLen, err := strconv.Atoi(stcpTableLenStr)
+		if err != nil {
+			return nil, fmt.Errorf("invalid STCP table len: %s: %w", stcpTableLenStr, err)
+		}
+
+		stcpEntities = make([]net.IP, 0, stcpTableLen)
+		for i := 0; i < stcpTableLen; i++ {
+			stcpKey := os.Getenv(STCPKeyEnvPrefix + strconv.Itoa(i))
+			if stcpKey == "" {
+				return nil, fmt.Errorf("env arg %s is not provided", STCPKeyEnvPrefix+strconv.Itoa(i))
+			}
+
+			stcpAddr, err := ipFromEnv(STCPValueEnvPrefix + stcpKey)
+			if err != nil {
+				return nil, fmt.Errorf("error getting STCP entity IP: %w", err)
+			}
+
+			stcpEntities = append(stcpEntities, stcpAddr)
+		}
+	}
+
+	return stcpEntities, nil
+}
+
+func (c *Client) shakeHands() (TUNIP, TUNGateway net.IP, err error) {
+	unavailableIPs, err := LocalNetworkInterfaceIPs()
+	if err != nil {
+		return nil, nil, fmt.Errorf("error getting unavailable private IPs: %w", err)
+	}
+
+	unavailableIPs = append(unavailableIPs, c.defaultGateway)
+
+	cHello := ClientHello{
+		UnavailablePrivateIPs: unavailableIPs,
+	}
+
+	c.log.Debugf("Sending client hello: %v", cHello)
+
+	if err := WriteJSON(c.conn, &cHello); err != nil {
+		return nil, nil, fmt.Errorf("error sending client hello: %w", err)
+	}
+
+	var sHello ServerHello
+	if err := ReadJSON(c.conn, &sHello); err != nil {
+		return nil, nil, fmt.Errorf("error reading server hello: %w", err)
+	}
+
+	c.log.Debugf("Got server hello: %v", sHello)
+
+	if sHello.Status != HandshakeStatusOK {
+		return nil, nil, fmt.Errorf("got status %d (%s) from the server", sHello.Status, sHello.Status)
+	}
+
+	return sHello.TUNIP, sHello.TUNGateway, nil
+}
+
+func ipFromEnv(key string) (net.IP, error) {
+	ip, ok, err := IPFromEnv(key)
+	if err != nil {
+		return nil, fmt.Errorf("error getting IP from %s: %w", key, err)
+	}
+	if !ok {
+		return nil, fmt.Errorf("env arg %s is not provided", key)
+	}
+
+	return ip, nil
+}
diff --git a/internal/vpn/client_hello.go b/internal/vpn/client_hello.go
new file mode 100644
index 000000000..4d9a52333
--- /dev/null
+++ b/internal/vpn/client_hello.go
@@ -0,0 +1,8 @@
+package vpn
+
+import "net"
+
+// ClientHello is a message sent by client during the Client/Server handshake.
+type ClientHello struct {
+	UnavailablePrivateIPs []net.IP `json:"unavailable_private_ips"`
+}
diff --git a/internal/vpn/const.go b/internal/vpn/const.go
new file mode 100644
index 000000000..55d39120a
--- /dev/null
+++ b/internal/vpn/const.go
@@ -0,0 +1,8 @@
+package vpn
+
+const (
+	// TUNNetmask is a general netmask used for all TUN interfaces.
+	TUNNetmask = "255.255.255.248"
+	// TUNMTU is MTU value used for all TUN interfaces.
+	TUNMTU = 1500
+)
diff --git a/internal/vpn/env.go b/internal/vpn/env.go
new file mode 100644
index 000000000..5f0d86d04
--- /dev/null
+++ b/internal/vpn/env.go
@@ -0,0 +1,133 @@
+package vpn
+
+import (
+	"fmt"
+	"net"
+	"net/url"
+	"os"
+	"strconv"
+	"strings"
+
+	"github.com/SkycoinProject/dmsg/cipher"
+)
+
+const (
+	// DmsgAddrsCountEnvKey is env arg holding Dmsg servers count.
+	DmsgAddrsCountEnvKey = "DMSG_SRV_COUNT"
+	// DmsgAddrEnvPrefix is prefix for each env arg holding Dmsg server address.
+	DmsgAddrEnvPrefix = "ADDR_DMSG_SRV_"
+
+	// DmsgDiscAddrEnvKey is env arg holding Dmsg discovery address.
+	DmsgDiscAddrEnvKey = "ADDR_DMSG_DISC"
+	// TPDiscAddrEnvKey is env arg holding TP discovery address.
+	TPDiscAddrEnvKey = "ADDR_TP_DISC"
+	// RFAddrEnvKey is env arg holding RF address.
+	RFAddrEnvKey = "ADDR_RF"
+	// UptimeTrackerAddrEnvKey is env arg holding uptime tracker address.
+	UptimeTrackerAddrEnvKey = "ADDR_UPTIME_TRACKER"
+
+	// STCPTableLenEnvKey is env arg holding Stcp table length.
+	STCPTableLenEnvKey = "STCP_TABLE_LEN"
+	// STCPKeyEnvPrefix is prefix for each env arg holding STCP entity key.
+	STCPKeyEnvPrefix = "STCP_TABLE_KEY_"
+	// STCPValueEnvPrefix is prefix for each env arg holding STCP entity value.
+	STCPValueEnvPrefix = "STCP_TABLE_"
+)
+
+// DirectRoutesEnvConfig contains all the addresses which need to be communicated directly,
+// not through the VPN service.
+type DirectRoutesEnvConfig struct {
+	DmsgDiscovery string
+	DmsgServers   []string
+	TPDiscovery   string
+	RF            string
+	UptimeTracker string
+	STCPTable     map[cipher.PubKey]string
+}
+
+// AppEnvArgs forms env args to pass to the app process.
+func AppEnvArgs(config DirectRoutesEnvConfig) map[string]string {
+	envs := make(map[string]string)
+
+	if config.DmsgDiscovery != "" {
+		envs[DmsgDiscAddrEnvKey] = config.DmsgDiscovery
+	}
+
+	if config.TPDiscovery != "" {
+		envs[TPDiscAddrEnvKey] = config.TPDiscovery
+	}
+
+	if config.RF != "" {
+		envs[RFAddrEnvKey] = config.RF
+	}
+
+	if config.UptimeTracker != "" {
+		envs[UptimeTrackerAddrEnvKey] = config.UptimeTracker
+	}
+
+	if len(config.STCPTable) != 0 {
+		envs[STCPTableLenEnvKey] = strconv.FormatInt(int64(len(config.STCPTable)), 10)
+
+		itemIdx := 0
+		for k, v := range config.STCPTable {
+			envs[STCPKeyEnvPrefix+strconv.FormatInt(int64(itemIdx), 10)] = k.String()
+			envs[STCPValueEnvPrefix+k.String()] = v
+		}
+	}
+
+	if len(config.DmsgServers) != 0 {
+		envs[DmsgAddrsCountEnvKey] = strconv.FormatInt(int64(len(config.DmsgServers)), 10)
+
+		for i := range config.DmsgServers {
+			envs[DmsgAddrEnvPrefix+strconv.FormatInt(int64(i), 10)] = config.DmsgServers[i]
+		}
+	}
+
+	return envs
+}
+
+// IPFromEnv gets IP address from the env arg `key`. Env value may be one of:
+// - full URL with port;
+// - full URL without port;
+// - domain with port;
+// - domain without port;
+// - IP with port;
+// - IP without port.
+func IPFromEnv(key string) (net.IP, bool, error) {
+	addr := os.Getenv(key)
+	if addr == "" {
+		return nil, false, nil
+	}
+
+	// in case whole URL is passed with the scheme
+	if strings.Contains(addr, "://") {
+		url, err := url.Parse(addr)
+		if err == nil {
+			addr = url.Host
+		}
+	}
+
+	// filter out port if it exists
+	if strings.Contains(addr, ":") {
+		addr = strings.Split(addr, ":")[0]
+	}
+
+	ip := net.ParseIP(addr)
+	if ip != nil {
+		return ip, true, nil
+	}
+
+	// got domain instead of IP, need to resolve
+	ips, err := net.LookupIP(addr)
+	if err != nil {
+		return nil, false, err
+	}
+	if len(ips) == 0 {
+		return nil, false, fmt.Errorf("error resolving IPs of %s", addr)
+	}
+
+	// initially take just the first one
+	ip = ips[0]
+
+	return ip, true, nil
+}
diff --git a/internal/vpn/env_test.go b/internal/vpn/env_test.go
new file mode 100644
index 000000000..94c927282
--- /dev/null
+++ b/internal/vpn/env_test.go
@@ -0,0 +1,59 @@
+package vpn
+
+import (
+	"net"
+	"os"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestIPFromEnv(t *testing.T) {
+	const envKey = "KEY"
+
+	want := net.IPv4(172, 104, 191, 38)
+
+	tests := []struct {
+		name   string
+		envVal string
+	}{
+		{
+			name:   "URL with port",
+			envVal: "tcp://dmsg.server02a4.skywire.skycoin.com:30080",
+		},
+		{
+			name:   "URL without port",
+			envVal: "tcp://dmsg.server02a4.skywire.skycoin.com",
+		},
+		{
+			name:   "Domain with port",
+			envVal: "dmsg.server02a4.skywire.skycoin.com:30080",
+		},
+		{
+			name:   "Domain without port",
+			envVal: "dmsg.server02a4.skywire.skycoin.com",
+		},
+		{
+			name:   "IP with port",
+			envVal: "172.104.191.38:30080",
+		},
+		{
+			name:   "IP without port",
+			envVal: "172.104.191.38",
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			os.Clearenv()
+
+			err := os.Setenv(envKey, tc.envVal)
+			require.NoError(t, err)
+
+			ip, ok, err := IPFromEnv(envKey)
+			require.NoError(t, err)
+			require.True(t, ok)
+			require.True(t, ip.Equal(want))
+		})
+	}
+}
diff --git a/internal/vpn/handshake_status.go b/internal/vpn/handshake_status.go
new file mode 100644
index 000000000..043c3464e
--- /dev/null
+++ b/internal/vpn/handshake_status.go
@@ -0,0 +1,30 @@
+package vpn
+
+// HandshakeStatus is a status of Client/Server handshake.
+type HandshakeStatus int
+
+const (
+	// HandshakeStatusOK is returned on successful handshake.
+	HandshakeStatusOK HandshakeStatus = iota
+	// HandshakeStatusBadRequest is returned if Client hello message was malformed.
+	HandshakeStatusBadRequest
+	// HandshakeNoFreeIPs is returned if no free IPs left to assign to TUNs.
+	HandshakeNoFreeIPs
+	// HandshakeStatusInternalError is returned in all other cases when some server error occurred.
+	HandshakeStatusInternalError
+)
+
+func (hs HandshakeStatus) String() string {
+	switch hs {
+	case HandshakeStatusOK:
+		return "OK"
+	case HandshakeStatusBadRequest:
+		return "Request was malformed"
+	case HandshakeNoFreeIPs:
+		return "No free IPs left to serve"
+	case HandshakeStatusInternalError:
+		return "Internal server error"
+	default:
+		return "Unknown code"
+	}
+}
diff --git a/internal/vpn/ip_generator.go b/internal/vpn/ip_generator.go
new file mode 100644
index 000000000..6ec61b7e3
--- /dev/null
+++ b/internal/vpn/ip_generator.go
@@ -0,0 +1,72 @@
+package vpn
+
+import (
+	"errors"
+	"net"
+	"sync"
+)
+
+// IPGenerator is used to generate IPs for TUN interfaces.
+type IPGenerator struct {
+	mx           sync.Mutex
+	currentRange int
+	ranges       []*subnetIPIncrementer
+}
+
+// NewIPGenerator creates IP generator.
+func NewIPGenerator() *IPGenerator {
+	return &IPGenerator{
+		ranges: []*subnetIPIncrementer{
+			newSubnetIPIncrementer([4]uint8{192, 168, 0, 0}, [4]uint8{192, 168, 255, 255}, 8),
+			newSubnetIPIncrementer([4]uint8{172, 16, 0, 0}, [4]uint8{172, 31, 255, 255}, 8),
+			newSubnetIPIncrementer([4]uint8{10, 0, 0, 0}, [4]uint8{10, 255, 255, 255}, 8),
+		},
+	}
+}
+
+// Reserve reserves `ip` so it will be excluded from the IP generation.
+func (g *IPGenerator) Reserve(ip net.IP) error {
+	octets, err := fetchIPv4Octets(ip)
+	if err != nil {
+		return err
+	}
+
+	// of course it's best to reserve it within the range it belongs to.
+	// but it really doesn't matter, we may just reserve it in all incrementing instances,
+	// that is much simpler and works anyway
+	for _, inc := range g.ranges {
+		inc.reserve(octets)
+	}
+
+	return nil
+}
+
+// Next gets next available IP.
+func (g *IPGenerator) Next() (net.IP, error) {
+	g.mx.Lock()
+	defer g.mx.Unlock()
+
+	for i := g.currentRange + 1; i != g.currentRange; i++ {
+		if i >= len(g.ranges) {
+			i = 0
+		}
+
+		ip, err := g.ranges[i].next()
+		if err != nil {
+			continue
+		}
+
+		return ip, nil
+	}
+
+	return nil, errors.New("no free IPs left")
+}
+
+func fetchIPv4Octets(ip net.IP) ([4]uint8, error) {
+	ip = ip.To4()
+	if ip == nil {
+		return [4]uint8{}, errors.New("address is not of v4")
+	}
+
+	return [4]uint8{ip[0], ip[1], ip[2], ip[3]}, nil
+}
diff --git a/internal/vpn/net.go b/internal/vpn/net.go
new file mode 100644
index 000000000..b28ed343a
--- /dev/null
+++ b/internal/vpn/net.go
@@ -0,0 +1,52 @@
+package vpn
+
+import (
+	"encoding/json"
+	"fmt"
+	"net"
+)
+
+// WriteJSON marshals `data` and sends it over the `conn`.
+func WriteJSON(conn net.Conn, data interface{}) error {
+	dataBytes, err := json.Marshal(data)
+	if err != nil {
+		return fmt.Errorf("error marshaling data: %w", err)
+	}
+
+	for n, totalSent := 0, 0; totalSent < len(dataBytes); totalSent += n {
+		n, err = conn.Write(dataBytes[totalSent:])
+		if err != nil {
+			return fmt.Errorf("error sending data: %w", err)
+		}
+
+		totalSent += n
+	}
+
+	return nil
+}
+
+// ReadJSON reads portion of data from the `conn` and unmarshals it into `data`.
+func ReadJSON(conn net.Conn, data interface{}) error {
+	const bufSize = 1024
+
+	var dataBytes []byte
+	buf := make([]byte, bufSize)
+	for {
+		n, err := conn.Read(buf)
+		if err != nil {
+			return fmt.Errorf("error reading data: %w", err)
+		}
+
+		dataBytes = append(dataBytes, buf[:n]...)
+
+		if n < 1024 {
+			break
+		}
+	}
+
+	if err := json.Unmarshal(dataBytes, data); err != nil {
+		return fmt.Errorf("error unmarshaling data: %w", err)
+	}
+
+	return nil
+}
diff --git a/internal/vpn/os.go b/internal/vpn/os.go
new file mode 100644
index 000000000..a163bdfe2
--- /dev/null
+++ b/internal/vpn/os.go
@@ -0,0 +1,204 @@
+package vpn
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"net"
+	"os"
+	"os/exec"
+	"strconv"
+)
+
+// SetupTUN sets the allocated TUN interface up, setting its IP, gateway, netmask and MTU.
+func SetupTUN(ifcName, ip, netmask, gateway string, mtu int) error {
+	return run("ifconfig", ifcName, ip, gateway, "mtu", strconv.Itoa(mtu), "netmask", netmask, "up")
+}
+
+// NetworkInterfaceGateway gets gateway of the network interface with name `ifcName`.
+func NetworkInterfaceGateway(ifcName string) (net.IP, error) {
+	cmd := fmt.Sprintf(gatewayForIfcCMDFmt, ifcName)
+	outBytes, err := exec.Command("sh", "-c", cmd).Output() //nolint:gosec
+	if err != nil {
+		return nil, fmt.Errorf("error running command %s: %w", cmd, err)
+	}
+
+	outBytes = bytes.TrimRight(outBytes, "\n")
+
+	outLines := bytes.Split(outBytes, []byte{'\n'})
+
+	for _, l := range outLines {
+		if bytes.Count(l, []byte{'.'}) != 3 {
+			// initially look for IPv4 address
+			continue
+		}
+
+		ip := net.ParseIP(string(l))
+		if ip != nil {
+			return ip, nil
+		}
+	}
+
+	return nil, fmt.Errorf("couldn't find gateway IP for \"%s\"", ifcName)
+}
+
+// DefaultNetworkGateway fetches system's default network gateway.
+func DefaultNetworkGateway() (net.IP, error) {
+	defaultNetworkIfcName, err := DefaultNetworkInterface()
+	if err != nil {
+		return nil, fmt.Errorf("error getting default network interface name: %w", err)
+	}
+
+	return NetworkInterfaceGateway(defaultNetworkIfcName)
+}
+
+// DefaultNetworkInterface fetches default network interface name.
+func DefaultNetworkInterface() (string, error) {
+	ifaces, err := net.Interfaces()
+	if err != nil {
+		return "", fmt.Errorf("error getting network interfaces: %w", err)
+	}
+
+	for _, iface := range ifaces {
+		if iface.Flags&net.FlagUp == 0 {
+			continue // interface down
+		}
+		if iface.Flags&net.FlagLoopback != 0 {
+			continue // loopback interface
+		}
+		addrs, err := iface.Addrs()
+		if err != nil {
+			return "", fmt.Errorf("error getting addresses for interface %s: %w", iface.Name, err)
+		}
+		for _, addr := range addrs {
+			var ip net.IP
+			switch v := addr.(type) {
+			case *net.IPNet:
+				ip = v.IP
+			case *net.IPAddr:
+				ip = v.IP
+			}
+			if ip == nil || ip.IsLoopback() {
+				continue
+			}
+			ip = ip.To4()
+			if ip == nil {
+				continue // not an ipv4 address
+			}
+
+			return iface.Name, nil
+		}
+	}
+
+	return "", errors.New("no internet connection")
+}
+
+// LocalNetworkInterfaceIPs gets IPs of all local interfaces.
+func LocalNetworkInterfaceIPs() ([]net.IP, error) {
+	ifaces, err := net.Interfaces()
+	if err != nil {
+		return nil, fmt.Errorf("error getting network interfaces: %w", err)
+	}
+
+	var ips []net.IP
+	for _, iface := range ifaces {
+		if iface.Flags&net.FlagUp == 0 {
+			continue // interface down
+		}
+		if iface.Flags&net.FlagLoopback != 0 {
+			continue // loopback interface
+		}
+		addrs, err := iface.Addrs()
+		if err != nil {
+			return nil, fmt.Errorf("error getting addresses for interface %s: %w", iface.Name, err)
+		}
+		for _, addr := range addrs {
+			var ip net.IP
+			switch v := addr.(type) {
+			case *net.IPNet:
+				ip = v.IP
+			case *net.IPAddr:
+				ip = v.IP
+			}
+			if ip == nil || ip.IsLoopback() {
+				continue
+			}
+			ip = ip.To4()
+			if ip == nil {
+				continue // not an ipv4 address
+			}
+
+			ips = append(ips, ip)
+		}
+	}
+
+	return ips, nil
+}
+
+// GetIPv4ForwardingValue gets current value of IPv4 forwarding.
+func GetIPv4ForwardingValue() (string, error) {
+	return getIPForwardingValue(getIPv4ForwardingCMD)
+}
+
+// GetIPv6ForwardingValue gets current value of IPv6 forwarding.
+func GetIPv6ForwardingValue() (string, error) {
+	return getIPForwardingValue(getIPv6ForwardingCMD)
+}
+
+// SetIPv4ForwardingValue sets `val` value of IPv4 forwarding.
+func SetIPv4ForwardingValue(val string) error {
+	cmd := fmt.Sprintf(setIPv4ForwardingCMDFmt, val)
+	if err := exec.Command("sh", "-c", cmd).Run(); err != nil { //nolint:gosec
+		return fmt.Errorf("error running command %s: %w", cmd, err)
+	}
+
+	return nil
+}
+
+// SetIPv6ForwardingValue sets `val` value of IPv6 forwarding.
+func SetIPv6ForwardingValue(val string) error {
+	cmd := fmt.Sprintf(setIPv6ForwardingCMDFmt, val)
+	if err := exec.Command("sh", "-c", cmd).Run(); err != nil { //nolint:gosec
+		return fmt.Errorf("error running command %s: %w", cmd, err)
+	}
+
+	return nil
+}
+
+// EnableIPv4Forwarding enables IPv4 forwarding.
+func EnableIPv4Forwarding() error {
+	return SetIPv4ForwardingValue("1")
+}
+
+// EnableIPv6Forwarding enables IPv6 forwarding.
+func EnableIPv6Forwarding() error {
+	return SetIPv6ForwardingValue("1")
+}
+
+func getIPForwardingValue(cmd string) (string, error) {
+	outBytes, err := exec.Command("sh", "-c", cmd).Output() //nolint:gosec
+	if err != nil {
+		return "", fmt.Errorf("error running command %s: %w", cmd, err)
+	}
+
+	val, err := parseIPForwardingOutput(outBytes)
+	if err != nil {
+		return "", fmt.Errorf("error parsing output of command %s: %w", cmd, err)
+	}
+
+	return val, nil
+}
+
+func run(bin string, args ...string) error {
+	cmd := exec.Command(bin, args...) //nolint:gosec
+
+	cmd.Stderr = os.Stderr
+	cmd.Stdout = os.Stdout
+	cmd.Stdin = os.Stdin
+
+	if err := cmd.Run(); err != nil {
+		return fmt.Errorf("error running command %s: %w", bin, err)
+	}
+
+	return nil
+}
diff --git a/internal/vpn/os_darwin.go b/internal/vpn/os_darwin.go
new file mode 100644
index 000000000..6058e5fd1
--- /dev/null
+++ b/internal/vpn/os_darwin.go
@@ -0,0 +1,56 @@
+//+build darwin
+
+package vpn
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+)
+
+const (
+	gatewayForIfcCMDFmt     = "netstat -rn | grep default | grep %s | awk '{print $2}'"
+	setIPv4ForwardingCMDFmt = "sysctl -w net.inet.ip.forwarding=%s"
+	setIPv6ForwardingCMDFmt = "sysctl -w net.inet6.ip6.forwarding=%s"
+	getIPv4ForwardingCMD    = "sysctl net.inet.ip.forwarding"
+	getIPv6ForwardingCMD    = "sysctl net.inet6.ip6.forwarding"
+)
+
+// EnableIPMasquerading enables IP masquerading for the interface with name `ifcName`.
+func EnableIPMasquerading(_ string) error {
+	return errors.New("cannot be implemented")
+}
+
+// DisableIPMasquerading disables IP masquerading for the interface with name `ifcName`.
+func DisableIPMasquerading(_ string) error {
+	return errors.New("cannot be implemented")
+}
+
+// AddRoute adds route to `ip` with `netmask` through the `gateway` to the OS routing table.
+func AddRoute(ip, gateway, netmask string) error {
+	if netmask == "" {
+		return run("route", "add", "-net", ip, gateway)
+	}
+
+	return run("route", "add", "-net", ip, gateway, netmask)
+}
+
+// DeleteRoute removes route to `ip` with `netmask` through the `gateway` from the OS routing table.
+func DeleteRoute(ip, gateway, netmask string) error {
+	if netmask == "" {
+		return run("route", "delete", "-net", ip, gateway)
+	}
+
+	return run("route", "delete", "-net", ip, gateway, netmask)
+}
+
+func parseIPForwardingOutput(output []byte) (string, error) {
+	output = bytes.TrimRight(output, "\n")
+
+	outTokens := bytes.Split(output, []byte{':'})
+	if len(outTokens) != 2 {
+		return "", fmt.Errorf("invalid output: %s", output)
+	}
+
+	return string(bytes.Trim(outTokens[1], " ")), nil
+}
diff --git a/internal/vpn/os_linux.go b/internal/vpn/os_linux.go
new file mode 100644
index 000000000..b7189e080
--- /dev/null
+++ b/internal/vpn/os_linux.go
@@ -0,0 +1,68 @@
+//+build linux
+
+package vpn
+
+import (
+	"bytes"
+	"fmt"
+	"os/exec"
+)
+
+const (
+	gatewayForIfcCMDFmt         = "route -n | grep %s | awk '$1 == \"0.0.0.0\" {print $2}'"
+	setIPv4ForwardingCMDFmt     = "sysctl -w net.ipv4.ip_forward=%s"
+	setIPv6ForwardingCMDFmt     = "sysctl -w net.ipv6.conf.all.forwarding=%s"
+	getIPv4ForwardingCMD        = "sysctl net.ipv4.ip_forward"
+	getIPv6ForwardingCMD        = "sysctl net.ipv6.conf.all.forwarding"
+	enableIPMasqueradingCMDFmt  = "iptables -t nat -A POSTROUTING -o %s -j MASQUERADE"
+	disableIPMasqueradingCMDFmt = "iptables -t nat -D POSTROUTING -o %s -j MASQUERADE"
+)
+
+// EnableIPMasquerading enables IP masquerading for the interface with name `ifcName`.
+func EnableIPMasquerading(ifcName string) error {
+	cmd := fmt.Sprintf(enableIPMasqueradingCMDFmt, ifcName)
+	if err := exec.Command("sh", "-c", cmd).Run(); err != nil {
+		return fmt.Errorf("error running command %s: %w", cmd, err)
+	}
+
+	return nil
+}
+
+// DisableIPMasquerading disables IP masquerading for the interface with name `ifcName`.
+func DisableIPMasquerading(ifcName string) error {
+	cmd := fmt.Sprintf(disableIPMasqueradingCMDFmt, ifcName)
+	if err := exec.Command("sh", "-c", cmd).Run(); err != nil {
+		return fmt.Errorf("error running command %s: %w", cmd, err)
+	}
+
+	return nil
+}
+
+// AddRoute adds route to `ip` with `netmask` through the `gateway` to the OS routing table.
+func AddRoute(ip, gateway, netmask string) error {
+	if netmask == "" {
+		netmask = "255.255.255.255"
+	}
+
+	return run("route", "add", "-net", ip, "netmask", netmask, "gw", gateway)
+}
+
+// DeleteRoute removes route to `ip` with `netmask` through the `gateway` from the OS routing table.
+func DeleteRoute(ip, gateway, netmask string) error {
+	if netmask == "" {
+		netmask = "255.255.255.255"
+	}
+
+	return run("route", "delete", "-net", ip, "netmask", netmask, "gw", gateway)
+}
+
+func parseIPForwardingOutput(output []byte) (string, error) {
+	output = bytes.TrimRight(output, "\n")
+
+	outTokens := bytes.Split(output, []byte{'='})
+	if len(outTokens) != 2 {
+		return "", fmt.Errorf("invalid output: %s", output)
+	}
+
+	return string(bytes.Trim(outTokens[1], " ")), nil
+}
diff --git a/internal/vpn/server.go b/internal/vpn/server.go
new file mode 100644
index 000000000..5530660a1
--- /dev/null
+++ b/internal/vpn/server.go
@@ -0,0 +1,256 @@
+package vpn
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"sync"
+
+	"github.com/SkycoinProject/skycoin/src/util/logging"
+	"github.com/songgao/water"
+)
+
+// Server is a VPN server.
+type Server struct {
+	lisMx                   sync.Mutex
+	lis                     net.Listener
+	log                     *logging.MasterLogger
+	serveOnce               sync.Once
+	ipGen                   *IPGenerator
+	defaultNetworkInterface string
+	ipv4ForwardingVal       string
+	ipv6ForwardingVal       string
+}
+
+// NewServer creates VPN server instance.
+func NewServer(l *logging.MasterLogger) (*Server, error) {
+	defaultNetworkIfc, err := DefaultNetworkInterface()
+	if err != nil {
+		return nil, fmt.Errorf("error getting default network interface: %w", err)
+	}
+
+	l.Infof("Got default network interface: %s", defaultNetworkIfc)
+
+	ipv4ForwardingVal, err := GetIPv4ForwardingValue()
+	if err != nil {
+		return nil, fmt.Errorf("error getting IPv4 forwarding value: %w", err)
+	}
+	ipv6ForwardingVal, err := GetIPv6ForwardingValue()
+	if err != nil {
+		return nil, fmt.Errorf("error getting IPv6 forwarding value")
+	}
+
+	l.Infoln("Old IP forwarding values:")
+	l.Infof("IPv4: %s, IPv6: %s", ipv4ForwardingVal, ipv6ForwardingVal)
+
+	return &Server{
+		log:                     l,
+		ipGen:                   NewIPGenerator(),
+		defaultNetworkInterface: defaultNetworkIfc,
+		ipv4ForwardingVal:       ipv4ForwardingVal,
+		ipv6ForwardingVal:       ipv6ForwardingVal,
+	}, nil
+}
+
+// Serve accepts connections from `l` and serves them.
+func (s *Server) Serve(l net.Listener) error {
+	serveErr := errors.New("already serving")
+	s.serveOnce.Do(func() {
+		if err := EnableIPv4Forwarding(); err != nil {
+			serveErr = fmt.Errorf("error enabling IPv4 forwarding: %w", err)
+			return
+		}
+		s.log.Infoln("Set IPv4 forwarding = 1")
+		defer func() {
+			if err := SetIPv4ForwardingValue(s.ipv4ForwardingVal); err != nil {
+				s.log.WithError(err).Errorln("Error reverting IPv4 forwarding")
+			} else {
+				s.log.Infof("Set IPv4 forwarding = %s", s.ipv4ForwardingVal)
+			}
+		}()
+
+		if err := EnableIPv6Forwarding(); err != nil {
+			serveErr = fmt.Errorf("error enabling IPv6 forwarding: %w", err)
+			return
+		}
+		s.log.Infoln("Set IPv6 forwarding = 1")
+		defer func() {
+			if err := SetIPv6ForwardingValue(s.ipv6ForwardingVal); err != nil {
+				s.log.WithError(err).Errorln("Error reverting IPv6 forwarding")
+			} else {
+				s.log.Infof("Set IPv6 forwarding = %s", s.ipv6ForwardingVal)
+			}
+		}()
+
+		if err := EnableIPMasquerading(s.defaultNetworkInterface); err != nil {
+			serveErr = fmt.Errorf("error enabling IP masquerading for %s: %w", s.defaultNetworkInterface, err)
+			return
+		}
+
+		s.log.Infoln("Enabled IP masquerading")
+
+		defer func() {
+			if err := DisableIPMasquerading(s.defaultNetworkInterface); err != nil {
+				s.log.WithError(err).Errorf("Error disabling IP masquerading for %s", s.defaultNetworkInterface)
+			} else {
+				s.log.Infof("Disabled IP masquerading for %s", s.defaultNetworkInterface)
+			}
+		}()
+
+		s.lisMx.Lock()
+		s.lis = l
+		s.lisMx.Unlock()
+
+		for {
+			conn, err := s.lis.Accept()
+			if err != nil {
+				serveErr = fmt.Errorf("failed to accept client connection: %w", err)
+				return
+			}
+
+			go s.serveConn(conn)
+		}
+	})
+
+	return serveErr
+}
+
+// Close shuts server down.
+func (s *Server) Close() error {
+	s.lisMx.Lock()
+	defer s.lisMx.Unlock()
+
+	if s.lis == nil {
+		return nil
+	}
+
+	err := s.lis.Close()
+	s.lis = nil
+
+	return err
+}
+
+func (s *Server) closeConn(conn net.Conn) {
+	if err := conn.Close(); err != nil {
+		s.log.WithError(err).Errorf("Error closing client %s connection", conn.RemoteAddr())
+	}
+}
+
+func (s *Server) serveConn(conn net.Conn) {
+	defer s.closeConn(conn)
+
+	tunIP, tunGateway, err := s.shakeHands(conn)
+	if err != nil {
+		s.log.WithError(err).Errorf("Error negotiating with client %s", conn.RemoteAddr())
+		return
+	}
+
+	tun, err := water.New(water.Config{
+		DeviceType: water.TUN,
+	})
+	if err != nil {
+		s.log.WithError(err).Errorln("Error allocating TUN interface")
+		return
+	}
+	defer func() {
+		tunName := tun.Name()
+		if err := tun.Close(); err != nil {
+			s.log.WithError(err).Errorf("Error closing TUN %s", tunName)
+		}
+	}()
+
+	s.log.Infof("Allocated TUN %s", tun.Name())
+
+	if err := SetupTUN(tun.Name(), tunIP.String(), TUNNetmask, tunGateway.String(), TUNMTU); err != nil {
+		s.log.WithError(err).Errorf("Error setting up TUN %s", tun.Name())
+		return
+	}
+
+	connToTunDoneCh := make(chan struct{})
+	tunToConnCh := make(chan struct{})
+	go func() {
+		defer close(connToTunDoneCh)
+
+		if _, err := io.Copy(tun, conn); err != nil {
+			s.log.WithError(err).Errorf("Error resending traffic from VPN client to TUN %s", tun.Name())
+		}
+	}()
+	go func() {
+		defer close(tunToConnCh)
+
+		if _, err := io.Copy(conn, tun); err != nil {
+			s.log.WithError(err).Errorf("Error resending traffic from TUN %s to VPN client", tun.Name())
+		}
+	}()
+
+	// only one side may fail here, so we wait till at least one fails
+	select {
+	case <-connToTunDoneCh:
+	case <-tunToConnCh:
+	}
+}
+
+func (s *Server) shakeHands(conn net.Conn) (tunIP, tunGateway net.IP, err error) {
+	var cHello ClientHello
+	if err := ReadJSON(conn, &cHello); err != nil {
+		return nil, nil, fmt.Errorf("error reading client hello: %w", err)
+	}
+
+	var sHello ServerHello
+
+	for _, ip := range cHello.UnavailablePrivateIPs {
+		if err := s.ipGen.Reserve(ip); err != nil {
+			// this happens only on malformed IP
+			sHello.Status = HandshakeStatusBadRequest
+			if err := WriteJSON(conn, &sHello); err != nil {
+				s.log.WithError(err).Errorln("Error sending server hello")
+			}
+
+			return nil, nil, fmt.Errorf("error reserving IP %s: %w", ip.String(), err)
+		}
+	}
+
+	subnet, err := s.ipGen.Next()
+	if err != nil {
+		sHello.Status = HandshakeNoFreeIPs
+		if err := WriteJSON(conn, &sHello); err != nil {
+			s.log.WithError(err).Errorln("Error sending server hello")
+		}
+
+		return nil, nil, fmt.Errorf("error getting free subnet IP: %w", err)
+	}
+
+	subnetOctets, err := fetchIPv4Octets(subnet)
+	if err != nil {
+		sHello.Status = HandshakeStatusInternalError
+		if err := WriteJSON(conn, &sHello); err != nil {
+			s.log.WithError(err).Errorln("Error sending server hello")
+		}
+
+		return nil, nil, fmt.Errorf("error breaking IP into octets: %w", err)
+	}
+
+	// basically IP address comprised of `subnetOctets` items is the IP address of the subnet,
+	// we're going to work with. In this subnet we're giving 4 IP addresses: IP and gateway for
+	// the server-side TUN and IP and gateway for the client-side TUN. We do this as follows:
+	// - Server-side TUN gateway = subnet IP + 1
+	// - Server-side TUN IP = subnet IP + 2
+	// - Client-side TUN gateway = subnet IP + 3
+	// - Client-site TUN IP = subnet IP + 4
+
+	sTUNIP := net.IPv4(subnetOctets[0], subnetOctets[1], subnetOctets[2], subnetOctets[3]+2)
+	sTUNGateway := net.IPv4(subnetOctets[0], subnetOctets[1], subnetOctets[2], subnetOctets[3]+1)
+
+	cTUNIP := net.IPv4(subnetOctets[0], subnetOctets[1], subnetOctets[2], subnetOctets[3]+4)
+	cTUNGateway := net.IPv4(subnetOctets[0], subnetOctets[1], subnetOctets[2], subnetOctets[3]+3)
+
+	sHello.TUNIP = cTUNIP
+	sHello.TUNGateway = cTUNGateway
+
+	if err := WriteJSON(conn, &sHello); err != nil {
+		return nil, nil, fmt.Errorf("error finishing hadnshake: error sending server hello: %w", err)
+	}
+
+	return sTUNIP, sTUNGateway, nil
+}
diff --git a/internal/vpn/server_hello.go b/internal/vpn/server_hello.go
new file mode 100644
index 000000000..08a57db77
--- /dev/null
+++ b/internal/vpn/server_hello.go
@@ -0,0 +1,10 @@
+package vpn
+
+import "net"
+
+// ServerHello is a message sent by server during the Client/Server handshake.
+type ServerHello struct {
+	Status     HandshakeStatus `json:"status"`
+	TUNIP      net.IP          `json:"tun_ip"`
+	TUNGateway net.IP          `json:"tun_gateway"`
+}
diff --git a/internal/vpn/subnet_ip_incrementer.go b/internal/vpn/subnet_ip_incrementer.go
new file mode 100644
index 000000000..e5ad64412
--- /dev/null
+++ b/internal/vpn/subnet_ip_incrementer.go
@@ -0,0 +1,123 @@
+package vpn
+
+import (
+	"errors"
+	"net"
+	"sync"
+)
+
+// subnetIPIncrementer is used to increment over the subnet IP address
+// between the specified borders.
+type subnetIPIncrementer struct {
+	mx                sync.Mutex
+	octets            [4]uint8
+	octetLowerBorders [4]uint8
+	octetBorders      [4]uint8
+	step              uint8
+	reserved          map[[4]uint8]struct{}
+}
+
+func newSubnetIPIncrementer(octetLowerBorders, octetBorders [4]uint8, step uint8) *subnetIPIncrementer {
+	return &subnetIPIncrementer{
+		mx:                sync.Mutex{},
+		octets:            octetLowerBorders,
+		octetLowerBorders: octetLowerBorders,
+		octetBorders:      octetBorders,
+		step:              step,
+		reserved:          make(map[[4]uint8]struct{}),
+	}
+}
+
+func (inc *subnetIPIncrementer) next() (net.IP, error) {
+	inc.mx.Lock()
+	defer inc.mx.Unlock()
+
+	var generatedIP [4]uint8
+
+	o1 := inc.octets[0]
+	o2 := inc.octets[1]
+	o3 := inc.octets[2]
+	for {
+		for {
+			for {
+				generatedIP[0] = inc.octets[0]
+				generatedIP[1] = inc.octets[1]
+				generatedIP[2] = inc.octets[2]
+
+				for o4 := inc.octets[3] + inc.step; o4 != inc.octets[3]; o4 += inc.step {
+					if o4 >= inc.octetBorders[3] {
+						o4 = inc.octetLowerBorders[3]
+						continue
+					}
+
+					generatedIP[3] = o4
+
+					var isReserved bool
+					// need to check all of the IPs within the generated subnet.
+					// since we're excluding some of the IPs from generation, these
+					// may be within some of the generated ranges.
+					for i := o4; i < o4+inc.step; i++ {
+						generatedIP[3] = i
+
+						if _, ok := inc.reserved[generatedIP]; ok {
+							isReserved = true
+							break
+						}
+					}
+
+					if !isReserved {
+						generatedIP[3] = o4
+						inc.octets[3] = o4
+						inc.reserved[generatedIP] = struct{}{}
+
+						return net.IPv4(generatedIP[0], generatedIP[1], generatedIP[2], generatedIP[3]), nil
+					}
+				}
+
+				inc.octets[3] = inc.octetLowerBorders[3]
+
+				if inc.octets[2] == inc.octetBorders[2] {
+					inc.octets[2] = inc.octetLowerBorders[2]
+				} else {
+					inc.octets[2]++
+				}
+
+				if inc.octets[2] == o3 {
+					inc.octets[2] = inc.octetLowerBorders[2]
+					break
+				}
+			}
+
+			if inc.octets[1] == inc.octetBorders[1] {
+				inc.octets[1] = inc.octetLowerBorders[1]
+			} else {
+				inc.octets[1]++
+			}
+
+			if inc.octets[1] == o2 {
+				inc.octets[1] = inc.octetLowerBorders[1]
+				break
+			}
+		}
+
+		if inc.octets[0] == inc.octetBorders[0] {
+			inc.octets[0] = inc.octetLowerBorders[0]
+		} else {
+			inc.octets[0]++
+		}
+
+		if inc.octets[0] == o1 {
+			inc.octets[0] = inc.octetLowerBorders[0]
+			break
+		}
+	}
+
+	return nil, errors.New("no free IPs left")
+}
+
+func (inc *subnetIPIncrementer) reserve(octets [4]uint8) {
+	inc.mx.Lock()
+	defer inc.mx.Unlock()
+
+	inc.reserved[octets] = struct{}{}
+}
diff --git a/pkg/app/appnet/mock_networker.go b/pkg/app/appnet/mock_networker.go
index 2258fc855..39178d034 100644
--- a/pkg/app/appnet/mock_networker.go
+++ b/pkg/app/appnet/mock_networker.go
@@ -2,12 +2,9 @@
 
 package appnet
 
-import (
-	context "context"
-	net "net"
-
-	mock "github.com/stretchr/testify/mock"
-)
+import context "context"
+import mock "github.com/stretchr/testify/mock"
+import net "net"
 
 // MockNetworker is an autogenerated mock type for the Networker type
 type MockNetworker struct {
diff --git a/pkg/app/appserver/mock_proc_manager.go b/pkg/app/appserver/mock_proc_manager.go
index 483cde0e9..66fc0edc1 100644
--- a/pkg/app/appserver/mock_proc_manager.go
+++ b/pkg/app/appserver/mock_proc_manager.go
@@ -2,15 +2,10 @@
 
 package appserver
 
-import (
-	io "io"
-
-	appcommon "github.com/SkycoinProject/skywire-mainnet/pkg/app/appcommon"
-
-	logging "github.com/SkycoinProject/skycoin/src/util/logging"
-
-	mock "github.com/stretchr/testify/mock"
-)
+import appcommon "github.com/SkycoinProject/skywire-mainnet/pkg/app/appcommon"
+import io "io"
+import logging "github.com/SkycoinProject/skycoin/src/util/logging"
+import mock "github.com/stretchr/testify/mock"
 
 // MockProcManager is an autogenerated mock type for the ProcManager type
 type MockProcManager struct {
@@ -36,20 +31,20 @@ func (_m *MockProcManager) Range(next func(string, *Proc) bool) {
 	_m.Called(next)
 }
 
-// Start provides a mock function with given fields: log, c, args, stdout, stderr
-func (_m *MockProcManager) Start(log *logging.Logger, c appcommon.Config, args []string, stdout io.Writer, stderr io.Writer) (appcommon.ProcID, error) {
-	ret := _m.Called(log, c, args, stdout, stderr)
+// Start provides a mock function with given fields: log, c, args, envs, stdout, stderr
+func (_m *MockProcManager) Start(log *logging.Logger, c appcommon.Config, args []string, envs map[string]string, stdout io.Writer, stderr io.Writer) (appcommon.ProcID, error) {
+	ret := _m.Called(log, c, args, envs, stdout, stderr)
 
 	var r0 appcommon.ProcID
-	if rf, ok := ret.Get(0).(func(*logging.Logger, appcommon.Config, []string, io.Writer, io.Writer) appcommon.ProcID); ok {
-		r0 = rf(log, c, args, stdout, stderr)
+	if rf, ok := ret.Get(0).(func(*logging.Logger, appcommon.Config, []string, map[string]string, io.Writer, io.Writer) appcommon.ProcID); ok {
+		r0 = rf(log, c, args, envs, stdout, stderr)
 	} else {
 		r0 = ret.Get(0).(appcommon.ProcID)
 	}
 
 	var r1 error
-	if rf, ok := ret.Get(1).(func(*logging.Logger, appcommon.Config, []string, io.Writer, io.Writer) error); ok {
-		r1 = rf(log, c, args, stdout, stderr)
+	if rf, ok := ret.Get(1).(func(*logging.Logger, appcommon.Config, []string, map[string]string, io.Writer, io.Writer) error); ok {
+		r1 = rf(log, c, args, envs, stdout, stderr)
 	} else {
 		r1 = ret.Error(1)
 	}
diff --git a/pkg/app/appserver/proc.go b/pkg/app/appserver/proc.go
index 4e68b7e7f..e4d9ccf59 100644
--- a/pkg/app/appserver/proc.go
+++ b/pkg/app/appserver/proc.go
@@ -36,7 +36,8 @@ type Proc struct {
 }
 
 // NewProc constructs `Proc`.
-func NewProc(log *logging.Logger, disc appdisc.Updater, c appcommon.Config, args []string, stdout, stderr io.Writer) (*Proc, error) {
+func NewProc(log *logging.Logger, disc appdisc.Updater, c appcommon.Config, args []string,
+	envs map[string]string, stdout, stderr io.Writer) (*Proc, error) {
 	key := appcommon.GenerateAppKey()
 
 	binaryPath := getBinaryPath(c.BinaryDir, c.Name)
@@ -45,12 +46,16 @@ func NewProc(log *logging.Logger, disc appdisc.Updater, c appcommon.Config, args
 		appKeyEnvFormat     = appcommon.EnvAppKey + "=%s"
 		serverAddrEnvFormat = appcommon.EnvServerAddr + "=%s"
 		visorPKEnvFormat    = appcommon.EnvVisorPK + "=%s"
+		customEnvFormat     = "%s=%s"
 	)
 
-	env := make([]string, 0, 4)
+	env := make([]string, 0, 3+len(envs))
 	env = append(env, fmt.Sprintf(appKeyEnvFormat, key))
 	env = append(env, fmt.Sprintf(serverAddrEnvFormat, c.ServerAddr))
 	env = append(env, fmt.Sprintf(visorPKEnvFormat, c.VisorPK))
+	for k, v := range envs {
+		env = append(env, fmt.Sprintf(customEnvFormat, k, v))
+	}
 
 	cmd := exec.Command(binaryPath, args...) // nolint:gosec
 
diff --git a/pkg/app/appserver/proc_manager.go b/pkg/app/appserver/proc_manager.go
index f2062c937..c5f46455e 100644
--- a/pkg/app/appserver/proc_manager.go
+++ b/pkg/app/appserver/proc_manager.go
@@ -24,7 +24,8 @@ var (
 
 // ProcManager allows to manage skywire applications.
 type ProcManager interface {
-	Start(log *logging.Logger, c appcommon.Config, args []string, stdout, stderr io.Writer) (appcommon.ProcID, error)
+	Start(log *logging.Logger, c appcommon.Config, args []string, envs map[string]string,
+		stdout, stderr io.Writer) (appcommon.ProcID, error)
 	Exists(name string) bool
 	Stop(name string) error
 	Wait(name string) error
@@ -53,7 +54,7 @@ func NewProcManager(log *logging.Logger, discF *appdisc.Factory, rpcServer *Serv
 }
 
 // Start start the application according to its config and additional args.
-func (m *procManager) Start(log *logging.Logger, c appcommon.Config, args []string,
+func (m *procManager) Start(log *logging.Logger, c appcommon.Config, args []string, envs map[string]string,
 	stdout, stderr io.Writer) (appcommon.ProcID, error) {
 	if m.Exists(c.Name) {
 		return 0, ErrAppAlreadyStarted
@@ -65,7 +66,7 @@ func (m *procManager) Start(log *logging.Logger, c appcommon.Config, args []stri
 			Debug("No app discovery associated with app.")
 	}
 
-	p, err := NewProc(log, disc, c, args, stdout, stderr)
+	p, err := NewProc(log, disc, c, args, envs, stdout, stderr)
 	if err != nil {
 		return 0, err
 	}
diff --git a/pkg/app/appserver/rpc_gateway.go b/pkg/app/appserver/rpc_gateway.go
index 815c5177e..ed7752c78 100644
--- a/pkg/app/appserver/rpc_gateway.go
+++ b/pkg/app/appserver/rpc_gateway.go
@@ -249,8 +249,6 @@ func (r *RPCGateway) Read(req *ReadReq, resp *ReadResp) error {
 		copy(resp.B, buf[:resp.N])
 	}
 
-	fmt.Printf("ERROR READING FROM APP CONN SERVER SIDE: %v\n", err)
-
 	resp.Err = ioErrToRPCIOErr(err)
 
 	// avoid error in RPC pipeline, error is included in response body
diff --git a/pkg/app/mock_rpc_client.go b/pkg/app/mock_rpc_client.go
index f3c62f323..636cbb2f5 100644
--- a/pkg/app/mock_rpc_client.go
+++ b/pkg/app/mock_rpc_client.go
@@ -2,15 +2,10 @@
 
 package app
 
-import (
-	mock "github.com/stretchr/testify/mock"
-
-	appnet "github.com/SkycoinProject/skywire-mainnet/pkg/app/appnet"
-
-	routing "github.com/SkycoinProject/skywire-mainnet/pkg/routing"
-
-	time "time"
-)
+import appnet "github.com/SkycoinProject/skywire-mainnet/pkg/app/appnet"
+import mock "github.com/stretchr/testify/mock"
+import routing "github.com/SkycoinProject/skywire-mainnet/pkg/routing"
+import time "time"
 
 // MockRPCClient is an autogenerated mock type for the RPCClient type
 type MockRPCClient struct {
diff --git a/pkg/router/mock_router.go b/pkg/router/mock_router.go
index c9246630f..c6f59ab06 100644
--- a/pkg/router/mock_router.go
+++ b/pkg/router/mock_router.go
@@ -2,15 +2,10 @@
 
 package router
 
-import (
-	context "context"
-
-	cipher "github.com/SkycoinProject/dmsg/cipher"
-
-	mock "github.com/stretchr/testify/mock"
-
-	routing "github.com/SkycoinProject/skywire-mainnet/pkg/routing"
-)
+import cipher "github.com/SkycoinProject/dmsg/cipher"
+import context "context"
+import mock "github.com/stretchr/testify/mock"
+import routing "github.com/SkycoinProject/skywire-mainnet/pkg/routing"
 
 // MockRouter is an autogenerated mock type for the Router type
 type MockRouter struct {
diff --git a/pkg/router/route_group.go b/pkg/router/route_group.go
index 48ca5b09f..ece1812c3 100644
--- a/pkg/router/route_group.go
+++ b/pkg/router/route_group.go
@@ -457,6 +457,9 @@ func (rg *RouteGroup) close(code routing.CloseCode) error {
 func (rg *RouteGroup) handlePacket(packet routing.Packet) error {
 	switch packet.Type() {
 	case routing.ClosePacket:
+		rg.mu.Lock()
+		defer rg.mu.Unlock()
+
 		return rg.handleClosePacket(routing.CloseCode(packet.Payload()[0]))
 	case routing.DataPacket:
 		return rg.handleDataPacket(packet)
@@ -537,6 +540,16 @@ func (rg *RouteGroup) isClosed() bool {
 	return chanClosed(rg.closed)
 }
 
+func (rg *RouteGroup) appendRules(forward, reverse routing.Rule, tp *transport.ManagedTransport) {
+	rg.mu.Lock()
+	defer rg.mu.Unlock()
+
+	rg.fwd = append(rg.fwd, forward)
+	rg.rvs = append(rg.rvs, reverse)
+
+	rg.tps = append(rg.tps, tp)
+}
+
 func chanClosed(ch chan struct{}) bool {
 	select {
 	case <-ch:
diff --git a/pkg/router/route_group_test.go b/pkg/router/route_group_test.go
index 7991e8edb..594c0aa20 100644
--- a/pkg/router/route_group_test.go
+++ b/pkg/router/route_group_test.go
@@ -152,26 +152,34 @@ func testWrite(t *testing.T, rg1, rg2 *RouteGroup, m1, m2 *transport.Manager) {
 	require.NoError(t, err)
 	require.Equal(t, msg1, recv.Payload())
 
+	rg1.mu.Lock()
 	tpBackup := rg1.tps[0]
 	rg1.tps[0] = nil
+	rg1.mu.Unlock()
 	_, err = rg1.Write(msg1)
 	require.Equal(t, ErrBadTransport, err)
 
+	rg1.mu.Lock()
 	rg1.tps[0] = tpBackup
 
 	tpsBackup := rg1.tps
 	rg1.tps = nil
+	rg1.mu.Unlock()
 	_, err = rg1.Write(msg1)
 	require.Equal(t, ErrNoTransports, err)
 
+	rg1.mu.Lock()
 	rg1.tps = tpsBackup
 
 	fwdBackup := rg1.fwd
 	rg1.fwd = nil
+	rg1.mu.Unlock()
 	_, err = rg1.Write(msg1)
 	require.Equal(t, ErrNoRules, err)
 
+	rg1.mu.Lock()
 	rg1.fwd = fwdBackup
+	rg1.mu.Unlock()
 }
 
 func TestRouteGroup_ReadWrite(t *testing.T) {
@@ -654,14 +662,18 @@ func setupEnv(t *testing.T) (rg1, rg2 *RouteGroup, m1, m2 *transport.Manager, te
 	require.NoError(t, err)
 
 	r1FwdRtDesc := r1FwdRule.RouteDescriptor()
+	rg1.mu.Lock()
 	rg1.desc = r1FwdRtDesc.Invert()
 	rg1.tps = append(rg1.tps, tp1)
 	rg1.fwd = append(rg1.fwd, r1FwdRule)
+	rg1.mu.Unlock()
 
 	r2FwdRtDesc := r2FwdRule.RouteDescriptor()
+	rg2.mu.Lock()
 	rg2.desc = r2FwdRtDesc.Invert()
 	rg2.tps = append(rg2.tps, tp2)
 	rg2.fwd = append(rg2.fwd, r2FwdRule)
+	rg2.mu.Unlock()
 
 	teardown = func() {
 		nEnv.Teardown()
diff --git a/pkg/router/router.go b/pkg/router/router.go
index 8a94c59ec..6adcb94ff 100644
--- a/pkg/router/router.go
+++ b/pkg/router/router.go
@@ -362,11 +362,7 @@ func (r *router) saveRouteGroupRules(rules routing.EdgeRules) *RouteGroup {
 	rg = NewRouteGroup(DefaultRouteGroupConfig(), r.rt, rules.Desc)
 	r.rgs[rules.Desc] = rg
 
-	rg.fwd = append(rg.fwd, rules.Forward)
-	rg.rvs = append(rg.rvs, rules.Reverse)
-
-	tp := r.tm.Transport(rules.Forward.NextTransportID())
-	rg.tps = append(rg.tps, tp)
+	rg.appendRules(rules.Forward, rules.Reverse, r.tm.Transport(rules.Forward.NextTransportID()))
 
 	return rg
 }
diff --git a/pkg/router/router_test.go b/pkg/router/router_test.go
index 8e294f7d0..1ab0316df 100644
--- a/pkg/router/router_test.go
+++ b/pkg/router/router_test.go
@@ -142,10 +142,12 @@ func Test_router_Introduce_AcceptRoutes(t *testing.T) {
 	rg, err := r0.AcceptRoutes(context.Background())
 	require.NoError(t, err)
 	require.NotNil(t, rg)
+	rg.mu.Lock()
 	require.Equal(t, desc, rg.desc)
 	require.Equal(t, []routing.Rule{fwdRule}, rg.fwd)
 	require.Equal(t, []routing.Rule{cnsmRule}, rg.rvs)
 	require.Len(t, rg.tps, 1)
+	rg.mu.Unlock()
 
 	allRules := rg.rt.AllRules()
 	require.Len(t, allRules, 2)
diff --git a/pkg/skyenv/values.go b/pkg/skyenv/values.go
index ee9d35a87..3b8036866 100644
--- a/pkg/skyenv/values.go
+++ b/pkg/skyenv/values.go
@@ -53,6 +53,13 @@ const (
 	SkysocksClientName = "skysocks-client"
 	SkysocksClientPort = uint16(13)
 	SkysocksClientAddr = ":1080"
+
+	VPNServerName = "vpn-server"
+	VPNServerPort = uint16(44)
+
+	VPNClientName = "vpn-client"
+	// TODO: this one's not needed for the app to run but lack of it causes errors
+	VPNClientPort = uint16(43)
 )
 
 // RPC constants.
diff --git a/pkg/visor/rpc_test.go b/pkg/visor/rpc_test.go
index dd2b73542..a33cffb82 100644
--- a/pkg/visor/rpc_test.go
+++ b/pkg/visor/rpc_test.go
@@ -186,7 +186,7 @@ func TestStartStopApp(t *testing.T) {
 	appPID1 := appcommon.ProcID(10)
 
 	pm := &appserver.MockProcManager{}
-	pm.On("Start", mock.Anything, appCfg1, appArgs1, mock.Anything, mock.Anything).
+	pm.On("Start", mock.Anything, appCfg1, appArgs1, mock.Anything, mock.Anything, mock.Anything).
 		Return(appPID1, testhelpers.NoErr)
 	pm.On("Wait", app).Return(testhelpers.NoErr)
 	pm.On("Stop", app).Return(testhelpers.NoErr)
diff --git a/pkg/visor/visor.go b/pkg/visor/visor.go
index 1dab9eb9d..ea7f64311 100644
--- a/pkg/visor/visor.go
+++ b/pkg/visor/visor.go
@@ -17,14 +17,14 @@ import (
 	"syscall"
 	"time"
 
-	"github.com/SkycoinProject/skywire-mainnet/pkg/app/appdisc"
-
 	"github.com/SkycoinProject/dmsg"
 	"github.com/SkycoinProject/dmsg/cipher"
 	"github.com/SkycoinProject/dmsg/dmsgpty"
 	"github.com/SkycoinProject/skycoin/src/util/logging"
 
+	"github.com/SkycoinProject/skywire-mainnet/internal/vpn"
 	"github.com/SkycoinProject/skywire-mainnet/pkg/app/appcommon"
+	"github.com/SkycoinProject/skywire-mainnet/pkg/app/appdisc"
 	"github.com/SkycoinProject/skywire-mainnet/pkg/app/appnet"
 	"github.com/SkycoinProject/skywire-mainnet/pkg/app/appserver"
 	"github.com/SkycoinProject/skywire-mainnet/pkg/restart"
@@ -593,7 +593,35 @@ func (visor *Visor) SpawnApp(config *AppConfig, startCh chan<- struct{}) (err er
 	appLogger := logging.MustGetLogger(fmt.Sprintf("app_%s", config.App))
 	appArgs := append([]string{filepath.Join(visor.dir(), config.App)}, config.Args...)
 
-	pid, err := visor.procManager.Start(appLogger, appCfg, appArgs, logger, errLogger)
+	appEnvs := make(map[string]string)
+	if appCfg.Name == skyenv.VPNClientName {
+		var envCfg vpn.DirectRoutesEnvConfig
+
+		if visor.conf.Dmsg != nil {
+			envCfg.DmsgDiscovery = visor.conf.Dmsg.Discovery
+			envCfg.DmsgServers = visor.n.Dmsg().ConnectedServers()
+		}
+		if visor.conf.Transport != nil {
+			envCfg.TPDiscovery = visor.conf.Transport.Discovery
+		}
+		if visor.conf.Routing != nil {
+			envCfg.RF = visor.conf.Routing.RouteFinder
+		}
+		if visor.conf.UptimeTracker != nil {
+			envCfg.UptimeTracker = visor.conf.UptimeTracker.Addr
+		}
+		if visor.conf.STCP != nil && len(visor.conf.STCP.PubKeyTable) != 0 {
+			envCfg.STCPTable = visor.conf.STCP.PubKeyTable
+		}
+
+		appEnvs = vpn.AppEnvArgs(envCfg)
+	}
+
+	if appCfg.Name == skyenv.VPNClientName || appCfg.Name == skyenv.VPNServerName {
+		appEnvs["PATH"] = os.Getenv("PATH")
+	}
+
+	pid, err := visor.procManager.Start(appLogger, appCfg, appArgs, appEnvs, logger, errLogger)
 	if err != nil {
 		return fmt.Errorf("error running app %s: %v", config.App, err)
 	}
diff --git a/pkg/visor/visor_test.go b/pkg/visor/visor_test.go
index d14b690e2..647aa0bf3 100644
--- a/pkg/visor/visor_test.go
+++ b/pkg/visor/visor_test.go
@@ -128,7 +128,7 @@ func TestVisorStartClose(t *testing.T) {
 	}
 	appArgs1 := append([]string{filepath.Join(visor.dir(), apps["skychat"].App)}, apps["skychat"].Args...)
 	appPID1 := appcommon.ProcID(10)
-	pm.On("Start", mock.Anything, appCfg1, appArgs1, mock.Anything, mock.Anything).
+	pm.On("Start", mock.Anything, appCfg1, appArgs1, mock.Anything, mock.Anything, mock.Anything).
 		Return(appPID1, testhelpers.NoErr)
 	pm.On("Wait", apps["skychat"].App).Return(testhelpers.NoErr)
 
@@ -211,7 +211,7 @@ func TestVisorSpawnApp(t *testing.T) {
 
 	pm := &appserver.MockProcManager{}
 	pm.On("Wait", app.App).Return(testhelpers.NoErr)
-	pm.On("Start", mock.Anything, appCfg, appArgs, mock.Anything, mock.Anything).
+	pm.On("Start", mock.Anything, appCfg, appArgs, mock.Anything, mock.Anything, mock.Anything).
 		Return(appPID, testhelpers.NoErr)
 	pm.On("Exists", app.App).Return(true)
 	pm.On("Stop", app.App).Return(testhelpers.NoErr)
@@ -270,7 +270,7 @@ func TestVisorSpawnAppValidations(t *testing.T) {
 		appPID := appcommon.ProcID(10)
 
 		pm := &appserver.MockProcManager{}
-		pm.On("Run", mock.Anything, appCfg, appArgs, mock.Anything, mock.Anything).
+		pm.On("Start", mock.Anything, appCfg, appArgs, mock.Anything, mock.Anything, mock.Anything).
 			Return(appPID, testhelpers.NoErr)
 		pm.On("Exists", app.App).Return(false)
 
@@ -308,7 +308,7 @@ func TestVisorSpawnAppValidations(t *testing.T) {
 		appArgs := append([]string{filepath.Join(visor.dir(), app.App)}, app.Args...)
 
 		appPID := appcommon.ProcID(10)
-		pm.On("Start", mock.Anything, appCfg, appArgs, mock.Anything, mock.Anything).
+		pm.On("Start", mock.Anything, appCfg, appArgs, mock.Anything, mock.Anything, mock.Anything).
 			Return(appPID, appserver.ErrAppAlreadyStarted)
 		pm.On("Exists", app.App).Return(true)
 
diff --git a/vendor/github.com/SkycoinProject/dmsg/client.go b/vendor/github.com/SkycoinProject/dmsg/client.go
index 083b0a298..50816efda 100644
--- a/vendor/github.com/SkycoinProject/dmsg/client.go
+++ b/vendor/github.com/SkycoinProject/dmsg/client.go
@@ -53,6 +53,9 @@ type Client struct {
 	once  sync.Once
 
 	sesMx sync.Mutex
+
+	connectedServersMx sync.Mutex
+	connectedServers   map[string]struct{}
 }
 
 // NewClient creates a dmsg client entity.
@@ -86,6 +89,8 @@ func NewClient(pk cipher.PubKey, sk cipher.SecKey, dc disc.APIClient, conf *Conf
 	c.errCh = make(chan error, 10)
 	c.done = make(chan struct{})
 
+	c.connectedServers = make(map[string]struct{})
+
 	return c
 }
 
@@ -249,6 +254,19 @@ func (ce *Client) AllSessions() []ClientSession {
 	return ce.allClientSessions(ce.porter)
 }
 
+// ConnectedServers obtains all the servers client is connected to.
+func (ce *Client) ConnectedServers() []string {
+	ce.connectedServersMx.Lock()
+	defer ce.connectedServersMx.Unlock()
+
+	addrs := make([]string, 0, len(ce.connectedServers))
+	for addr := range ce.connectedServers {
+		addrs = append(addrs, addr)
+	}
+
+	return addrs
+}
+
 // EnsureAndObtainSession attempts to obtain a session.
 // If the session does not exist, we will attempt to establish one.
 // It returns an error if the session does not exist AND cannot be established.
@@ -303,6 +321,9 @@ func (ce *Client) dialSession(ctx context.Context, entry *disc.Entry) (ClientSes
 		_ = dSes.Close() //nolint:errcheck
 		return ClientSession{}, errors.New("session already exists")
 	}
+	ce.connectedServersMx.Lock()
+	ce.connectedServers[entry.Server.Address] = struct{}{}
+	ce.connectedServersMx.Unlock()
 	go func() {
 		ce.log.WithField("remote_pk", dSes.RemotePK()).Info("Serving session.")
 		if err := dSes.serve(); !isClosed(ce.done) {
diff --git a/vendor/github.com/SkycoinProject/dmsg/client_session.go b/vendor/github.com/SkycoinProject/dmsg/client_session.go
index 12f9ee4a8..f842e059a 100644
--- a/vendor/github.com/SkycoinProject/dmsg/client_session.go
+++ b/vendor/github.com/SkycoinProject/dmsg/client_session.go
@@ -26,6 +26,10 @@ func makeClientSession(entity *EntityCommon, porter *netutil.Porter, conn net.Co
 
 // DialStream attempts to dial a stream to a remote client via the dmsg server that this session is connected to.
 func (cs *ClientSession) DialStream(dst Addr) (dStr *Stream, err error) {
+	log := cs.log.
+		WithField("func", "ClientSession.DialStream").
+		WithField("dst_addr", dst)
+
 	if dStr, err = newInitiatingStream(cs); err != nil {
 		return nil, err
 	}
@@ -33,8 +37,9 @@ func (cs *ClientSession) DialStream(dst Addr) (dStr *Stream, err error) {
 	// Close stream on failure.
 	defer func() {
 		if err != nil {
-			cs.log.WithError(dStr.Close()).
-				Debug("Stream closed on DialStream() failure.")
+			log.WithError(err).
+				WithField("close_error", dStr.Close()).
+				Debug("Stream closed on failure.")
 		}
 	}()
 
@@ -74,7 +79,7 @@ func (cs *ClientSession) serve() error {
 			if netErr, ok := err.(net.Error); ok && netErr.Temporary() {
 				cs.log.
 					WithError(err).
-					Info("ClientSession.acceptStream() temporary error, continuing...")
+					Info("Failed to accept stream.")
 				continue
 			}
 			cs.log.WithError(err).Warn("Stopped accepting streams.")
diff --git a/vendor/github.com/SkycoinProject/dmsg/server_session.go b/vendor/github.com/SkycoinProject/dmsg/server_session.go
index 297dbff6f..5b0bf456e 100644
--- a/vendor/github.com/SkycoinProject/dmsg/server_session.go
+++ b/vendor/github.com/SkycoinProject/dmsg/server_session.go
@@ -5,6 +5,7 @@ import (
 	"net"
 
 	"github.com/SkycoinProject/yamux"
+	"github.com/sirupsen/logrus"
 
 	"github.com/SkycoinProject/dmsg/netutil"
 	"github.com/SkycoinProject/dmsg/noise"
@@ -52,15 +53,19 @@ func (ss *ServerSession) Serve() {
 			return
 		}
 
-		ss.log.Info("Serving stream.")
+		var log logrus.FieldLogger = ss.log.
+			WithField("yamux_id", yStr.StreamID())
+
+		log.Info("Initiating stream.")
+
 		go func(yStr *yamux.Stream) {
-			err := ss.serveStream(yStr)
-			ss.log.WithError(err).Info("Stopped stream.")
+			err := ss.serveStream(log, yStr)
+			log.WithError(err).Info("Stopped stream.")
 		}(yStr)
 	}
 }
 
-func (ss *ServerSession) serveStream(yStr *yamux.Stream) error {
+func (ss *ServerSession) serveStream(log logrus.FieldLogger, yStr *yamux.Stream) error {
 	readRequest := func() (StreamRequest, error) {
 		obj, err := ss.readObject(yStr)
 		if err != nil {
@@ -86,24 +91,34 @@ func (ss *ServerSession) serveStream(yStr *yamux.Stream) error {
 		return err
 	}
 
+	log = log.
+		WithField("src_addr", req.SrcAddr).
+		WithField("dst_addr", req.DstAddr)
+
+	log.Debug("Read stream request from initiating side.")
+
 	// Obtain next session.
 	ss2, ok := ss.entity.serverSession(req.DstAddr.PK)
 	if !ok {
 		return ErrReqNoNextSession
 	}
+	log.Debug("Obtained next session.")
 
 	// Forward request and obtain/check response.
 	yStr2, resp, err := ss2.forwardRequest(req)
 	if err != nil {
 		return err
 	}
+	log.Debug("Forwarded stream request.")
 
 	// Forward response.
 	if err := ss.writeObject(yStr, resp); err != nil {
 		return err
 	}
+	log.Debug("Forwarded stream response.")
 
 	// Serve stream.
+	log.Info("Serving stream.")
 	return netutil.CopyReadWriteCloser(yStr, yStr2)
 }
 
diff --git a/vendor/github.com/konsorten/go-windows-terminal-sequences/README.md b/vendor/github.com/konsorten/go-windows-terminal-sequences/README.md
index 195333e51..09a4a35c9 100644
--- a/vendor/github.com/konsorten/go-windows-terminal-sequences/README.md
+++ b/vendor/github.com/konsorten/go-windows-terminal-sequences/README.md
@@ -27,6 +27,7 @@ We thank all the authors who provided code to this library:
 
 * Felix Kollmann
 * Nicolas Perraut
+* @dirty49374
 
 ## License
 
diff --git a/vendor/github.com/konsorten/go-windows-terminal-sequences/sequences.go b/vendor/github.com/konsorten/go-windows-terminal-sequences/sequences.go
index ef18d8f97..57f530ae8 100644
--- a/vendor/github.com/konsorten/go-windows-terminal-sequences/sequences.go
+++ b/vendor/github.com/konsorten/go-windows-terminal-sequences/sequences.go
@@ -4,7 +4,6 @@ package sequences
 
 import (
 	"syscall"
-	"unsafe"
 )
 
 var (
@@ -27,7 +26,7 @@ func EnableVirtualTerminalProcessing(stream syscall.Handle, enable bool) error {
 		mode &^= ENABLE_VIRTUAL_TERMINAL_PROCESSING
 	}
 
-	ret, _, err := setConsoleMode.Call(uintptr(unsafe.Pointer(stream)), uintptr(mode))
+	ret, _, err := setConsoleMode.Call(uintptr(stream), uintptr(mode))
 	if ret == 0 {
 		return err
 	}
diff --git a/vendor/github.com/sirupsen/logrus/.golangci.yml b/vendor/github.com/sirupsen/logrus/.golangci.yml
new file mode 100644
index 000000000..65dc28503
--- /dev/null
+++ b/vendor/github.com/sirupsen/logrus/.golangci.yml
@@ -0,0 +1,40 @@
+run:
+  # do not run on test files yet
+  tests: false
+
+# all available settings of specific linters
+linters-settings:
+  errcheck:
+    # report about not checking of errors in type assetions: `a := b.(MyStruct)`;
+    # default is false: such cases aren't reported by default.
+    check-type-assertions: false
+
+    # report about assignment of errors to blank identifier: `num, _ := strconv.Atoi(numStr)`;
+    # default is false: such cases aren't reported by default.
+    check-blank: false
+
+  lll:
+    line-length: 100
+    tab-width: 4
+
+  prealloc:
+    simple: false
+    range-loops: false
+    for-loops: false
+
+  whitespace:
+    multi-if: false   # Enforces newlines (or comments) after every multi-line if statement
+    multi-func: false # Enforces newlines (or comments) after every multi-line function signature
+
+linters:
+  enable:
+    - megacheck
+    - govet
+  disable:
+    - maligned
+    - prealloc
+  disable-all: false
+  presets:
+    - bugs
+    - unused
+  fast: false
diff --git a/vendor/github.com/sirupsen/logrus/.travis.yml b/vendor/github.com/sirupsen/logrus/.travis.yml
index 848938a6d..5e20aa414 100644
--- a/vendor/github.com/sirupsen/logrus/.travis.yml
+++ b/vendor/github.com/sirupsen/logrus/.travis.yml
@@ -4,21 +4,13 @@ git:
   depth: 1
 env:
   - GO111MODULE=on
-  - GO111MODULE=off
-go: [ 1.11.x, 1.12.x ]
-os: [ linux, osx ]
-matrix:
-  exclude:
-    - go: 1.12.x
-      env: GO111MODULE=off
-    - go: 1.11.x
-      os: osx
+go: [1.13.x, 1.14.x]
+os: [linux, osx]
 install:
   - ./travis/install.sh
-  - if [[ "$GO111MODULE" ==  "on" ]]; then go mod download; fi
-  - if [[ "$GO111MODULE" == "off" ]]; then go get github.com/stretchr/testify/assert golang.org/x/sys/unix github.com/konsorten/go-windows-terminal-sequences; fi
 script:
   - ./travis/cross_build.sh
+  - ./travis/lint.sh
   - export GOMAXPROCS=4
   - export GORACE=halt_on_error=1
   - go test -race -v ./...
diff --git a/vendor/github.com/sirupsen/logrus/README.md b/vendor/github.com/sirupsen/logrus/README.md
index a4796eb07..5796706db 100644
--- a/vendor/github.com/sirupsen/logrus/README.md
+++ b/vendor/github.com/sirupsen/logrus/README.md
@@ -1,8 +1,28 @@
-# Logrus <img src="http://i.imgur.com/hTeVwmJ.png" width="40" height="40" alt=":walrus:" class="emoji" title=":walrus:"/>&nbsp;[![Build Status](https://travis-ci.org/sirupsen/logrus.svg?branch=master)](https://travis-ci.org/sirupsen/logrus)&nbsp;[![GoDoc](https://godoc.org/github.com/sirupsen/logrus?status.svg)](https://godoc.org/github.com/sirupsen/logrus)
+# Logrus <img src="http://i.imgur.com/hTeVwmJ.png" width="40" height="40" alt=":walrus:" class="emoji" title=":walrus:"/> [![Build Status](https://travis-ci.org/sirupsen/logrus.svg?branch=master)](https://travis-ci.org/sirupsen/logrus) [![GoDoc](https://godoc.org/github.com/sirupsen/logrus?status.svg)](https://godoc.org/github.com/sirupsen/logrus)
 
 Logrus is a structured logger for Go (golang), completely API compatible with
 the standard library logger.
 
+**Logrus is in maintenance-mode.** We will not be introducing new features. It's
+simply too hard to do in a way that won't break many people's projects, which is
+the last thing you want from your Logging library (again...).
+
+This does not mean Logrus is dead. Logrus will continue to be maintained for
+security, (backwards compatible) bug fixes, and performance (where we are
+limited by the interface). 
+
+I believe Logrus' biggest contribution is to have played a part in today's
+widespread use of structured logging in Golang. There doesn't seem to be a
+reason to do a major, breaking iteration into Logrus V2, since the fantastic Go
+community has built those independently. Many fantastic alternatives have sprung
+up. Logrus would look like those, had it been re-designed with what we know
+about structured logging in Go today. Check out, for example,
+[Zerolog][zerolog], [Zap][zap], and [Apex][apex].
+
+[zerolog]: https://github.com/rs/zerolog
+[zap]: https://github.com/uber-go/zap
+[apex]: https://github.com/apex/log
+
 **Seeing weird case-sensitive problems?** It's in the past been possible to
 import Logrus as both upper- and lower-case. Due to the Go package environment,
 this caused issues in the community and we needed a standard. Some environments
@@ -15,11 +35,6 @@ comments](https://github.com/sirupsen/logrus/issues/553#issuecomment-306591437).
 For an in-depth explanation of the casing issue, see [this
 comment](https://github.com/sirupsen/logrus/issues/570#issuecomment-313933276).
 
-**Are you interested in assisting in maintaining Logrus?** Currently I have a
-lot of obligations, and I am unable to provide Logrus with the maintainership it
-needs. If you'd like to help, please reach out to me at `simon at author's
-username dot com`.
-
 Nicely color-coded in development (when a TTY is attached, otherwise just
 plain text):
 
@@ -187,7 +202,7 @@ func main() {
   log.Out = os.Stdout
 
   // You could set this to any `io.Writer` such as a file
-  // file, err := os.OpenFile("logrus.log", os.O_CREATE|os.O_WRONLY, 0666)
+  // file, err := os.OpenFile("logrus.log", os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0666)
   // if err == nil {
   //  log.Out = file
   // } else {
@@ -272,7 +287,7 @@ func init() {
 ```
 Note: Syslog hook also support connecting to local syslog (Ex. "/dev/log" or "/var/run/syslog" or "/var/run/log"). For the detail, please check the [syslog hook README](hooks/syslog/README.md).
 
-A list of currently known of service hook can be found in this wiki [page](https://github.com/sirupsen/logrus/wiki/Hooks)
+A list of currently known service hooks can be found in this wiki [page](https://github.com/sirupsen/logrus/wiki/Hooks)
 
 
 #### Level logging
@@ -354,6 +369,7 @@ The built-in logging formatters are:
     [github.com/mattn/go-colorable](https://github.com/mattn/go-colorable).
   * When colors are enabled, levels are truncated to 4 characters by default. To disable
     truncation set the `DisableLevelTruncation` field to `true`.
+  * When outputting to a TTY, it's often helpful to visually scan down a column where all the levels are the same width. Setting the `PadLevelText` field to `true` enables this behavior, by adding padding to the level text.
   * All options are listed in the [generated docs](https://godoc.org/github.com/sirupsen/logrus#TextFormatter).
 * `logrus.JSONFormatter`. Logs fields as JSON.
   * All options are listed in the [generated docs](https://godoc.org/github.com/sirupsen/logrus#JSONFormatter).
@@ -364,8 +380,10 @@ Third party logging formatters:
 * [`GELF`](https://github.com/fabienm/go-logrus-formatters). Formats entries so they comply to Graylog's [GELF 1.1 specification](http://docs.graylog.org/en/2.4/pages/gelf.html).
 * [`logstash`](https://github.com/bshuster-repo/logrus-logstash-hook). Logs fields as [Logstash](http://logstash.net) Events.
 * [`prefixed`](https://github.com/x-cray/logrus-prefixed-formatter). Displays log entry source along with alternative layout.
-* [`zalgo`](https://github.com/aybabtme/logzalgo). Invoking the P͉̫o̳̼̊w̖͈̰͎e̬͔̭͂r͚̼̹̲ ̫͓͉̳͈ō̠͕͖̚f̝͍̠ ͕̲̞͖͑Z̖̫̤̫ͪa͉̬͈̗l͖͎g̳̥o̰̥̅!̣͔̲̻͊̄ ̙̘̦̹̦.
+* [`zalgo`](https://github.com/aybabtme/logzalgo). Invoking the Power of Zalgo.
 * [`nested-logrus-formatter`](https://github.com/antonfisher/nested-logrus-formatter). Converts logrus fields to a nested structure.
+* [`powerful-logrus-formatter`](https://github.com/zput/zxcTool). get fileName, log's line number and the latest function's name when print log; Sava log to files.
+* [`caption-json-formatter`](https://github.com/nolleh/caption_json_formatter). logrus's message json formatter with human-readable caption added.
 
 You can define your formatter by implementing the `Formatter` interface,
 requiring a `Format` method. `Format` takes an `*Entry`. `entry.Data` is a
@@ -430,14 +448,14 @@ entries. It should not be a feature of the application-level logger.
 
 | Tool | Description |
 | ---- | ----------- |
-|[Logrus Mate](https://github.com/gogap/logrus_mate)|Logrus mate is a tool for Logrus to manage loggers, you can initial logger's level, hook and formatter by config file, the logger will generated with different config at different environment.|
+|[Logrus Mate](https://github.com/gogap/logrus_mate)|Logrus mate is a tool for Logrus to manage loggers, you can initial logger's level, hook and formatter by config file, the logger will be generated with different configs in different environments.|
 |[Logrus Viper Helper](https://github.com/heirko/go-contrib/tree/master/logrusHelper)|An Helper around Logrus to wrap with spf13/Viper to load configuration with fangs! And to simplify Logrus configuration use some behavior of [Logrus Mate](https://github.com/gogap/logrus_mate). [sample](https://github.com/heirko/iris-contrib/blob/master/middleware/logrus-logger/example) |
 
 #### Testing
 
 Logrus has a built in facility for asserting the presence of log messages. This is implemented through the `test` hook and provides:
 
-* decorators for existing logger (`test.NewLocal` and `test.NewGlobal`) which basically just add the `test` hook
+* decorators for existing logger (`test.NewLocal` and `test.NewGlobal`) which basically just adds the `test` hook
 * a test logger (`test.NewNullLogger`) that just records log messages (and does not output any):
 
 ```go
@@ -465,7 +483,7 @@ func TestSomething(t*testing.T){
 
 Logrus can register one or more functions that will be called when any `fatal`
 level message is logged. The registered handlers will be executed before
-logrus performs a `os.Exit(1)`. This behavior may be helpful if callers need
+logrus performs an `os.Exit(1)`. This behavior may be helpful if callers need
 to gracefully shutdown. Unlike a `panic("Something went wrong...")` call which can be intercepted with a deferred `recover` a call to `os.Exit(1)` can not be intercepted.
 
 ```
@@ -490,6 +508,6 @@ Situation when locking is not needed includes:
 
   1) logger.Out is protected by locks.
 
-  2) logger.Out is a os.File handler opened with `O_APPEND` flag, and every write is smaller than 4k. (This allow multi-thread/multi-process writing)
+  2) logger.Out is an os.File handler opened with `O_APPEND` flag, and every write is smaller than 4k. (This allows multi-thread/multi-process writing)
 
      (Refer to http://www.notthewizard.com/2014/06/17/are-files-appends-really-atomic/)
diff --git a/vendor/github.com/sirupsen/logrus/entry.go b/vendor/github.com/sirupsen/logrus/entry.go
index 63e25583c..27b14bfb1 100644
--- a/vendor/github.com/sirupsen/logrus/entry.go
+++ b/vendor/github.com/sirupsen/logrus/entry.go
@@ -85,10 +85,15 @@ func NewEntry(logger *Logger) *Entry {
 	}
 }
 
+// Returns the bytes representation of this entry from the formatter.
+func (entry *Entry) Bytes() ([]byte, error) {
+	return entry.Logger.Formatter.Format(entry)
+}
+
 // Returns the string representation from the reader and ultimately the
 // formatter.
 func (entry *Entry) String() (string, error) {
-	serialized, err := entry.Logger.Formatter.Format(entry)
+	serialized, err := entry.Bytes()
 	if err != nil {
 		return "", err
 	}
@@ -103,7 +108,11 @@ func (entry *Entry) WithError(err error) *Entry {
 
 // Add a context to the Entry.
 func (entry *Entry) WithContext(ctx context.Context) *Entry {
-	return &Entry{Logger: entry.Logger, Data: entry.Data, Time: entry.Time, err: entry.err, Context: ctx}
+	dataCopy := make(Fields, len(entry.Data))
+	for k, v := range entry.Data {
+		dataCopy[k] = v
+	}
+	return &Entry{Logger: entry.Logger, Data: dataCopy, Time: entry.Time, err: entry.err, Context: ctx}
 }
 
 // Add a single field to the Entry.
@@ -113,6 +122,8 @@ func (entry *Entry) WithField(key string, value interface{}) *Entry {
 
 // Add a map of fields to the Entry.
 func (entry *Entry) WithFields(fields Fields) *Entry {
+	entry.Logger.mu.Lock()
+	defer entry.Logger.mu.Unlock()
 	data := make(Fields, len(entry.Data)+len(fields))
 	for k, v := range entry.Data {
 		data[k] = v
@@ -144,7 +155,11 @@ func (entry *Entry) WithFields(fields Fields) *Entry {
 
 // Overrides the time of the Entry.
 func (entry *Entry) WithTime(t time.Time) *Entry {
-	return &Entry{Logger: entry.Logger, Data: entry.Data, Time: t, err: entry.err, Context: entry.Context}
+	dataCopy := make(Fields, len(entry.Data))
+	for k, v := range entry.Data {
+		dataCopy[k] = v
+	}
+	return &Entry{Logger: entry.Logger, Data: dataCopy, Time: t, err: entry.err, Context: entry.Context}
 }
 
 // getPackageName reduces a fully qualified function name to the package name
@@ -165,15 +180,20 @@ func getPackageName(f string) string {
 
 // getCaller retrieves the name of the first non-logrus calling function
 func getCaller() *runtime.Frame {
-
 	// cache this package's fully-qualified name
 	callerInitOnce.Do(func() {
-		pcs := make([]uintptr, 2)
+		pcs := make([]uintptr, maximumCallerDepth)
 		_ = runtime.Callers(0, pcs)
-		logrusPackage = getPackageName(runtime.FuncForPC(pcs[1]).Name())
 
-		// now that we have the cache, we can skip a minimum count of known-logrus functions
-		// XXX this is dubious, the number of frames may vary
+		// dynamic get the package name and the minimum caller depth
+		for i := 0; i < maximumCallerDepth; i++ {
+			funcName := runtime.FuncForPC(pcs[i]).Name()
+			if strings.Contains(funcName, "getCaller") {
+				logrusPackage = getPackageName(funcName)
+				break
+			}
+		}
+
 		minimumCallerDepth = knownLogrusFrames
 	})
 
@@ -187,7 +207,7 @@ func getCaller() *runtime.Frame {
 
 		// If the caller isn't part of this package, we're done
 		if pkg != logrusPackage {
-			return &f
+			return &f //nolint:scopelint
 		}
 	}
 
@@ -217,9 +237,11 @@ func (entry Entry) log(level Level, msg string) {
 
 	entry.Level = level
 	entry.Message = msg
+	entry.Logger.mu.Lock()
 	if entry.Logger.ReportCaller {
 		entry.Caller = getCaller()
 	}
+	entry.Logger.mu.Unlock()
 
 	entry.fireHooks()
 
@@ -255,11 +277,10 @@ func (entry *Entry) write() {
 	serialized, err := entry.Logger.Formatter.Format(entry)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "Failed to obtain reader, %v\n", err)
-	} else {
-		_, err = entry.Logger.Out.Write(serialized)
-		if err != nil {
-			fmt.Fprintf(os.Stderr, "Failed to write to log, %v\n", err)
-		}
+		return
+	}
+	if _, err = entry.Logger.Out.Write(serialized); err != nil {
+		fmt.Fprintf(os.Stderr, "Failed to write to log, %v\n", err)
 	}
 }
 
diff --git a/vendor/github.com/sirupsen/logrus/exported.go b/vendor/github.com/sirupsen/logrus/exported.go
index 62fc2f219..42b04f6c8 100644
--- a/vendor/github.com/sirupsen/logrus/exported.go
+++ b/vendor/github.com/sirupsen/logrus/exported.go
@@ -80,7 +80,7 @@ func WithFields(fields Fields) *Entry {
 	return std.WithFields(fields)
 }
 
-// WithTime creats an entry from the standard logger and overrides the time of
+// WithTime creates an entry from the standard logger and overrides the time of
 // logs generated with it.
 //
 // Note that it doesn't log until you call Debug, Print, Info, Warn, Fatal
diff --git a/vendor/github.com/sirupsen/logrus/go.mod b/vendor/github.com/sirupsen/logrus/go.mod
index 12fdf9898..9ea6e841b 100644
--- a/vendor/github.com/sirupsen/logrus/go.mod
+++ b/vendor/github.com/sirupsen/logrus/go.mod
@@ -4,7 +4,8 @@ require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/konsorten/go-windows-terminal-sequences v1.0.1
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/stretchr/objx v0.1.1 // indirect
 	github.com/stretchr/testify v1.2.2
 	golang.org/x/sys v0.0.0-20190422165155-953cdadca894
 )
+
+go 1.13
diff --git a/vendor/github.com/sirupsen/logrus/go.sum b/vendor/github.com/sirupsen/logrus/go.sum
index 596c318b9..95a3f07de 100644
--- a/vendor/github.com/sirupsen/logrus/go.sum
+++ b/vendor/github.com/sirupsen/logrus/go.sum
@@ -1,16 +1,10 @@
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/konsorten/go-windows-terminal-sequences v0.0.0-20180402223658-b729f2633dfe h1:CHRGQ8V7OlCYtwaKPJi3iA7J+YdNKdo8j7nG5IgDhjs=
-github.com/konsorten/go-windows-terminal-sequences v0.0.0-20180402223658-b729f2633dfe/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/stretchr/objx v0.1.1 h1:2vfRuCMp5sSVIDSqO8oNnWJq7mPa6KVP3iPIwFBuy8A=
-github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33 h1:I6FyU15t786LL7oL/hn43zqTuEGr4PN7F4XJ1p4E3Y8=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894 h1:Cz4ceDQGXuKRnVBDTS23GTn/pU5OE2C0WrNTOYK1Uuc=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
diff --git a/vendor/github.com/sirupsen/logrus/json_formatter.go b/vendor/github.com/sirupsen/logrus/json_formatter.go
index 098a21a06..ba7f23711 100644
--- a/vendor/github.com/sirupsen/logrus/json_formatter.go
+++ b/vendor/github.com/sirupsen/logrus/json_formatter.go
@@ -28,6 +28,9 @@ type JSONFormatter struct {
 	// DisableTimestamp allows disabling automatic timestamps in output
 	DisableTimestamp bool
 
+	// DisableHTMLEscape allows disabling html escaping in output
+	DisableHTMLEscape bool
+
 	// DataKey allows users to put all the log entry parameters into a nested dictionary at a given key.
 	DataKey string
 
@@ -110,6 +113,7 @@ func (f *JSONFormatter) Format(entry *Entry) ([]byte, error) {
 	}
 
 	encoder := json.NewEncoder(b)
+	encoder.SetEscapeHTML(!f.DisableHTMLEscape)
 	if f.PrettyPrint {
 		encoder.SetIndent("", "  ")
 	}
diff --git a/vendor/github.com/sirupsen/logrus/logger.go b/vendor/github.com/sirupsen/logrus/logger.go
index c0c0b1e55..6fdda748e 100644
--- a/vendor/github.com/sirupsen/logrus/logger.go
+++ b/vendor/github.com/sirupsen/logrus/logger.go
@@ -68,10 +68,10 @@ func (mw *MutexWrap) Disable() {
 // `Out` and `Hooks` directly on the default logger instance. You can also just
 // instantiate your own:
 //
-//    var log = &Logger{
+//    var log = &logrus.Logger{
 //      Out: os.Stderr,
-//      Formatter: new(JSONFormatter),
-//      Hooks: make(LevelHooks),
+//      Formatter: new(logrus.JSONFormatter),
+//      Hooks: make(logrus.LevelHooks),
 //      Level: logrus.DebugLevel,
 //    }
 //
@@ -100,8 +100,9 @@ func (logger *Logger) releaseEntry(entry *Entry) {
 	logger.entryPool.Put(entry)
 }
 
-// Adds a field to the log entry, note that it doesn't log until you call
-// Debug, Print, Info, Warn, Error, Fatal or Panic. It only creates a log entry.
+// WithField allocates a new entry and adds a field to it.
+// Debug, Print, Info, Warn, Error, Fatal or Panic must be then applied to
+// this new returned entry.
 // If you want multiple fields, use `WithFields`.
 func (logger *Logger) WithField(key string, value interface{}) *Entry {
 	entry := logger.newEntry()
diff --git a/vendor/github.com/sirupsen/logrus/logrus.go b/vendor/github.com/sirupsen/logrus/logrus.go
index 8644761f7..2f16224cb 100644
--- a/vendor/github.com/sirupsen/logrus/logrus.go
+++ b/vendor/github.com/sirupsen/logrus/logrus.go
@@ -51,7 +51,7 @@ func (level *Level) UnmarshalText(text []byte) error {
 		return err
 	}
 
-	*level = Level(l)
+	*level = l
 
 	return nil
 }
diff --git a/vendor/github.com/sirupsen/logrus/terminal_check_bsd.go b/vendor/github.com/sirupsen/logrus/terminal_check_bsd.go
index 3c4f43f91..499789984 100644
--- a/vendor/github.com/sirupsen/logrus/terminal_check_bsd.go
+++ b/vendor/github.com/sirupsen/logrus/terminal_check_bsd.go
@@ -1,4 +1,5 @@
 // +build darwin dragonfly freebsd netbsd openbsd
+// +build !js
 
 package logrus
 
@@ -10,4 +11,3 @@ func isTerminal(fd int) bool {
 	_, err := unix.IoctlGetTermios(fd, ioctlReadTermios)
 	return err == nil
 }
-
diff --git a/vendor/github.com/sirupsen/logrus/terminal_check_js.go b/vendor/github.com/sirupsen/logrus/terminal_check_js.go
new file mode 100644
index 000000000..ebdae3ec6
--- /dev/null
+++ b/vendor/github.com/sirupsen/logrus/terminal_check_js.go
@@ -0,0 +1,7 @@
+// +build js
+
+package logrus
+
+func isTerminal(fd int) bool {
+	return false
+}
diff --git a/vendor/github.com/sirupsen/logrus/terminal_check_unix.go b/vendor/github.com/sirupsen/logrus/terminal_check_unix.go
index 355dc966f..cc4fe6e31 100644
--- a/vendor/github.com/sirupsen/logrus/terminal_check_unix.go
+++ b/vendor/github.com/sirupsen/logrus/terminal_check_unix.go
@@ -1,4 +1,5 @@
 // +build linux aix
+// +build !js
 
 package logrus
 
@@ -10,4 +11,3 @@ func isTerminal(fd int) bool {
 	_, err := unix.IoctlGetTermios(fd, ioctlReadTermios)
 	return err == nil
 }
-
diff --git a/vendor/github.com/sirupsen/logrus/text_formatter.go b/vendor/github.com/sirupsen/logrus/text_formatter.go
index e01587c43..2d15a239f 100644
--- a/vendor/github.com/sirupsen/logrus/text_formatter.go
+++ b/vendor/github.com/sirupsen/logrus/text_formatter.go
@@ -6,9 +6,11 @@ import (
 	"os"
 	"runtime"
 	"sort"
+	"strconv"
 	"strings"
 	"sync"
 	"time"
+	"unicode/utf8"
 )
 
 const (
@@ -32,6 +34,9 @@ type TextFormatter struct {
 	// Force disabling colors.
 	DisableColors bool
 
+	// Force quoting of all values
+	ForceQuote bool
+
 	// Override coloring based on CLICOLOR and CLICOLOR_FORCE. - https://bixense.com/clicolors/
 	EnvironmentOverrideColors bool
 
@@ -57,6 +62,10 @@ type TextFormatter struct {
 	// Disables the truncation of the level text to 4 characters.
 	DisableLevelTruncation bool
 
+	// PadLevelText Adds padding the level text so that all the levels output at the same length
+	// PadLevelText is a superset of the DisableLevelTruncation option
+	PadLevelText bool
+
 	// QuoteEmptyFields will wrap empty fields in quotes if true
 	QuoteEmptyFields bool
 
@@ -79,23 +88,32 @@ type TextFormatter struct {
 	CallerPrettyfier func(*runtime.Frame) (function string, file string)
 
 	terminalInitOnce sync.Once
+
+	// The max length of the level text, generated dynamically on init
+	levelTextMaxLength int
 }
 
 func (f *TextFormatter) init(entry *Entry) {
 	if entry.Logger != nil {
 		f.isTerminal = checkIfTerminal(entry.Logger.Out)
 	}
+	// Get the max length of the level text
+	for _, level := range AllLevels {
+		levelTextLength := utf8.RuneCount([]byte(level.String()))
+		if levelTextLength > f.levelTextMaxLength {
+			f.levelTextMaxLength = levelTextLength
+		}
+	}
 }
 
 func (f *TextFormatter) isColored() bool {
 	isColored := f.ForceColors || (f.isTerminal && (runtime.GOOS != "windows"))
 
 	if f.EnvironmentOverrideColors {
-		if force, ok := os.LookupEnv("CLICOLOR_FORCE"); ok && force != "0" {
+		switch force, ok := os.LookupEnv("CLICOLOR_FORCE"); {
+		case ok && force != "0":
 			isColored = true
-		} else if ok && force == "0" {
-			isColored = false
-		} else if os.Getenv("CLICOLOR") == "0" {
+		case ok && force == "0", os.Getenv("CLICOLOR") == "0":
 			isColored = false
 		}
 	}
@@ -217,9 +235,18 @@ func (f *TextFormatter) printColored(b *bytes.Buffer, entry *Entry, keys []strin
 	}
 
 	levelText := strings.ToUpper(entry.Level.String())
-	if !f.DisableLevelTruncation {
+	if !f.DisableLevelTruncation && !f.PadLevelText {
 		levelText = levelText[0:4]
 	}
+	if f.PadLevelText {
+		// Generates the format string used in the next line, for example "%-6s" or "%-7s".
+		// Based on the max level text length.
+		formatString := "%-" + strconv.Itoa(f.levelTextMaxLength) + "s"
+		// Formats the level text by appending spaces up to the max length, for example:
+		// 	- "INFO   "
+		//	- "WARNING"
+		levelText = fmt.Sprintf(formatString, levelText)
+	}
 
 	// Remove a single newline if it already exists in the message to keep
 	// the behavior of logrus text_formatter the same as the stdlib log package
@@ -243,11 +270,12 @@ func (f *TextFormatter) printColored(b *bytes.Buffer, entry *Entry, keys []strin
 		}
 	}
 
-	if f.DisableTimestamp {
+	switch {
+	case f.DisableTimestamp:
 		fmt.Fprintf(b, "\x1b[%dm%s\x1b[0m%s %-44s ", levelColor, levelText, caller, entry.Message)
-	} else if !f.FullTimestamp {
+	case !f.FullTimestamp:
 		fmt.Fprintf(b, "\x1b[%dm%s\x1b[0m[%04d]%s %-44s ", levelColor, levelText, int(entry.Time.Sub(baseTimestamp)/time.Second), caller, entry.Message)
-	} else {
+	default:
 		fmt.Fprintf(b, "\x1b[%dm%s\x1b[0m[%s]%s %-44s ", levelColor, levelText, entry.Time.Format(timestampFormat), caller, entry.Message)
 	}
 	for _, k := range keys {
@@ -258,6 +286,9 @@ func (f *TextFormatter) printColored(b *bytes.Buffer, entry *Entry, keys []strin
 }
 
 func (f *TextFormatter) needsQuoting(text string) bool {
+	if f.ForceQuote {
+		return true
+	}
 	if f.QuoteEmptyFields && len(text) == 0 {
 		return true
 	}
diff --git a/vendor/github.com/sirupsen/logrus/writer.go b/vendor/github.com/sirupsen/logrus/writer.go
index 9e1f75135..72e8e3a1b 100644
--- a/vendor/github.com/sirupsen/logrus/writer.go
+++ b/vendor/github.com/sirupsen/logrus/writer.go
@@ -6,10 +6,16 @@ import (
 	"runtime"
 )
 
+// Writer at INFO level. See WriterLevel for details.
 func (logger *Logger) Writer() *io.PipeWriter {
 	return logger.WriterLevel(InfoLevel)
 }
 
+// WriterLevel returns an io.Writer that can be used to write arbitrary text to
+// the logger at the given log level. Each line written to the writer will be
+// printed in the usual way using formatters and hooks. The writer is part of an
+// io.Pipe and it is the callers responsibility to close the writer when done.
+// This can be used to override the standard library logger easily.
 func (logger *Logger) WriterLevel(level Level) *io.PipeWriter {
 	return NewEntry(logger).WriterLevel(level)
 }
diff --git a/vendor/github.com/songgao/water/.gitignore b/vendor/github.com/songgao/water/.gitignore
new file mode 100644
index 000000000..22268fefd
--- /dev/null
+++ b/vendor/github.com/songgao/water/.gitignore
@@ -0,0 +1,2 @@
+water.test
+water.test.exe
diff --git a/vendor/github.com/songgao/water/.travis.yml b/vendor/github.com/songgao/water/.travis.yml
new file mode 100644
index 000000000..45eabe8aa
--- /dev/null
+++ b/vendor/github.com/songgao/water/.travis.yml
@@ -0,0 +1,13 @@
+language: go
+go:
+  - "1.12.1"
+  - "1.10.8"
+go_import_path: github.com/songgao/water
+install: go get -u golang.org/x/lint/golint
+script: make ci
+
+matrix:
+  include:
+    - os: linux
+      dist: xenial
+    - os: osx
diff --git a/vendor/github.com/songgao/water/CONTRIBUTORS b/vendor/github.com/songgao/water/CONTRIBUTORS
new file mode 100644
index 000000000..ccae9920a
--- /dev/null
+++ b/vendor/github.com/songgao/water/CONTRIBUTORS
@@ -0,0 +1,15 @@
+Song Gao <song@gao.io>
+Harshal Sheth <hsheth2@gmail.com>
+KOJIMA Takanori <tkojima@accense.com>
+Sean Purser-Haskell <sean.purserhaskell@gmail.com>
+daregod <daregod@yandex.ru>
+Lucus Lee <lixin9311@gmail.com>
+Arroyo Networks, LLC <open.source@arroyonetworks.com>
+Tony Lu <tonyluj@gmail.com>
+ajee cai <ajee.cai@gmail.com>
+yinheli <hi@yinheli.com>
+Paul Querna <pquerna@apache.org>
+Cuong Manh Le <cuong.manhle.vn@gmail.com>
+Neil Alexander <neilalexander@users.noreply.github.com>
+Dmitry Shihovtsev <soffokulus@gmail.com>
+Yifan Gu [https://github.com/gyf304]
diff --git a/vendor/github.com/songgao/water/LICENSE b/vendor/github.com/songgao/water/LICENSE
new file mode 100644
index 000000000..65deac8b0
--- /dev/null
+++ b/vendor/github.com/songgao/water/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2016, Song Gao <song@gao.io>
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+
+* Neither the name of water nor the names of its contributors may be used to
+  endorse or promote products derived from this software without specific prior
+  written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/songgao/water/Makefile b/vendor/github.com/songgao/water/Makefile
new file mode 100644
index 000000000..70d55bddd
--- /dev/null
+++ b/vendor/github.com/songgao/water/Makefile
@@ -0,0 +1,23 @@
+.phony: default ci test lint vet gofmt
+
+
+default:
+	echo 'This make file is for CI.'
+	exit 1
+
+ci: test lint vet gofmt
+
+test: water.test
+	sudo ./water.test -test.v
+
+lint:
+	golint -set_exit_status
+
+vet:
+	go vet .
+
+gofmt:
+	gofmt -s -e -l .
+
+water.test: *.go
+	go test -c
diff --git a/vendor/github.com/songgao/water/README.md b/vendor/github.com/songgao/water/README.md
new file mode 100644
index 000000000..00969a5e8
--- /dev/null
+++ b/vendor/github.com/songgao/water/README.md
@@ -0,0 +1,242 @@
+# water
+
+`water` is a native Go library for [TUN/TAP](http://en.wikipedia.org/wiki/TUN/TAP) interfaces.
+
+`water` is designed to be simple and efficient. It
+
+* wraps almost only syscalls and uses only Go standard types;
+* exposes standard interfaces; plays well with standard packages like `io`, `bufio`, etc..
+* does not handle memory management (allocating/destructing slice). It's up to user to decide whether/how to reuse buffers.
+
+~~`water/waterutil` has some useful functions to interpret MAC frame headers and IP packet headers. It also contains some constants such as protocol numbers and ethernet frame types.~~
+
+See https://github.com/songgao/packets for functions for parsing various packets.
+
+## Supported Platforms
+
+* Linux
+* Windows (experimental; APIs might change)
+* macOS (point-to-point TUN only)
+
+## Installation
+```
+go get -u github.com/songgao/water
+go get -u github.com/songgao/water/waterutil
+```
+
+## Documentation
+[http://godoc.org/github.com/songgao/water](http://godoc.org/github.com/songgao/water)
+
+## Example
+
+### TAP on Linux:
+
+```go
+package main
+
+import (
+	"log"
+
+	"github.com/songgao/packets/ethernet"
+	"github.com/songgao/water"
+)
+
+func main() {
+	config := water.Config{
+		DeviceType: water.TAP,
+	}
+	config.Name = "O_O"
+
+	ifce, err := water.New(config)
+	if err != nil {
+		log.Fatal(err)
+	}
+	var frame ethernet.Frame
+
+	for {
+		frame.Resize(1500)
+		n, err := ifce.Read([]byte(frame))
+		if err != nil {
+			log.Fatal(err)
+		}
+		frame = frame[:n]
+		log.Printf("Dst: %s\n", frame.Destination())
+		log.Printf("Src: %s\n", frame.Source())
+		log.Printf("Ethertype: % x\n", frame.Ethertype())
+		log.Printf("Payload: % x\n", frame.Payload())
+	}
+}
+```
+
+This piece of code creates a `TAP` interface, and prints some header information for every frame. After pull up the `main.go`, you'll need to bring up the interface and assign an IP address. All of these need root permission.
+
+```bash
+sudo go run main.go
+```
+
+In a new terminal:
+
+```bash
+sudo ip addr add 10.1.0.10/24 dev O_O
+sudo ip link set dev O_O up
+```
+
+Wait until the output `main.go` terminal, try sending some ICMP broadcast message:
+```bash
+ping -c1 -b 10.1.0.255
+```
+
+You'll see output containing the IPv4 ICMP frame:
+```
+2016/10/24 03:18:16 Dst: ff:ff:ff:ff:ff:ff
+2016/10/24 03:18:16 Src: 72:3c:fc:29:1c:6f
+2016/10/24 03:18:16 Ethertype: 08 00
+2016/10/24 03:18:16 Payload: 45 00 00 54 00 00 40 00 40 01 25 9f 0a 01 00 0a 0a 01 00 ff 08 00 01 c1 08 49 00 01 78 7d 0d 58 00 00 00 00 a2 4c 07 00 00 00 00 00 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37
+```
+
+### TUN on macOS
+
+```go
+package main
+
+import (
+	"log"
+
+	"github.com/songgao/water"
+)
+
+func main() {
+	ifce, err := water.New(water.Config{
+		DeviceType: water.TUN,
+	})
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	log.Printf("Interface Name: %s\n", ifce.Name())
+
+	packet := make([]byte, 2000)
+	for {
+		n, err := ifce.Read(packet)
+		if err != nil {
+			log.Fatal(err)
+		}
+		log.Printf("Packet Received: % x\n", packet[:n])
+	}
+}
+```
+
+Run it!
+
+```bash
+$ sudo go run main.go
+```
+
+This is a point-to-point only interface. Use `ifconfig` to see its attributes. You need to bring it up and assign IP addresses (apparently replace `utun2` if needed):
+
+```bash
+$ sudo ifconfig utun2 10.1.0.10 10.1.0.20 up
+```
+
+Now send some ICMP packets to the interface:
+
+```bash
+$ ping 10.1.0.20
+```
+
+You'd see the ICMP packets printed out:
+
+```
+2017/03/20 21:17:30 Interface Name: utun2
+2017/03/20 21:17:40 Packet Received: 45 00 00 54 e9 1d 00 00 40 01 7d 6c 0a 01 00 0a 0a 01 00 14 08 00 ee 04 21 15 00 00 58 d0 a9 64 00 08 fb a5 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37
+```
+
+#### Caveats
+
+1. Only Point-to-Point user TUN devices are supported. TAP devices are *not* supported natively by macOS.
+2. Custom interface names are not supported by macOS. Interface names are automatically generated serially, using the `utun<#>` naming convention.
+
+### TAP on Windows:
+
+To use it with windows, you will need to install a [tap driver](https://github.com/OpenVPN/tap-windows6), or [OpenVPN client](https://github.com/OpenVPN/openvpn) for windows.
+
+It's compatible with the Linux code.
+
+```go
+package main
+
+import (
+	"log"
+
+	"github.com/songgao/packets/ethernet"
+	"github.com/songgao/water"
+)
+
+func main() {
+	ifce, err := water.New(water.Config{
+		DeviceType: water.TAP,
+	})
+	if err != nil {
+		log.Fatal(err)
+	}
+	var frame ethernet.Frame
+
+	for {
+		frame.Resize(1500)
+		n, err := ifce.Read([]byte(frame))
+		if err != nil {
+			log.Fatal(err)
+		}
+		frame = frame[:n]
+		log.Printf("Dst: %s\n", frame.Destination())
+		log.Printf("Src: %s\n", frame.Source())
+		log.Printf("Ethertype: % x\n", frame.Ethertype())
+		log.Printf("Payload: % x\n", frame.Payload())
+	}
+}
+```
+
+Same as Linux version, but you don't need to bring up the device by hand, the only thing you need is to assign an IP address to it.
+
+```dos
+go run main.go
+```
+
+It will output a lot of lines because of some windows services and dhcp.
+You will need admin right to assign IP.
+
+In a new cmd (admin right):
+
+```dos
+# Replace with your device name, it can be achieved by ifce.Name().
+netsh interface ip set address name="Ehternet 2" source=static addr=10.1.0.10 mask=255.255.255.0 gateway=none
+```
+
+The `main.go` terminal should be silenced after IP assignment, try sending some ICMP broadcast message:
+
+```dos
+ping 10.1.0.255
+```
+
+You'll see output containing the IPv4 ICMP frame same as the Linux version.
+
+#### Specifying interface name
+
+If you are going to use multiple TAP devices on the Windows, there is a way to specify an interface name to select the exact device that you need:
+
+```go
+	ifce, err := water.New(water.Config{
+		DeviceType: water.TAP,
+		PlatformSpecificParams: water.PlatformSpecificParams{
+			ComponentID:   "tap0901",
+			InterfaceName: "Ethernet 3",
+			Network:       "192.168.1.10/24",
+		},
+	})
+```
+
+## TODO
+* tuntaposx for TAP on Darwin
+
+## Alternatives
+`tuntap`: [https://code.google.com/p/tuntap/](https://code.google.com/p/tuntap/)
diff --git a/vendor/github.com/songgao/water/doc.go b/vendor/github.com/songgao/water/doc.go
new file mode 100644
index 000000000..287412bf1
--- /dev/null
+++ b/vendor/github.com/songgao/water/doc.go
@@ -0,0 +1,4 @@
+// Package water is a simple TUN/TAP interface library that efficiently works
+// with standard packages like io, bufio, etc.. Use waterutil with it to work
+// with TUN/TAP packets/frames.
+package water
diff --git a/vendor/github.com/songgao/water/if.go b/vendor/github.com/songgao/water/if.go
new file mode 100644
index 000000000..4023a1a08
--- /dev/null
+++ b/vendor/github.com/songgao/water/if.go
@@ -0,0 +1,80 @@
+package water
+
+import (
+	"errors"
+	"io"
+)
+
+// Interface is a TUN/TAP interface.
+//
+// MultiQueue(Linux kernel > 3.8): With MultiQueue enabled, user should hold multiple
+// interfaces to send/receive packet in parallel.
+// Kernel document about MultiQueue: https://www.kernel.org/doc/Documentation/networking/tuntap.txt
+type Interface struct {
+	isTAP bool
+	io.ReadWriteCloser
+	name string
+}
+
+// DeviceType is the type for specifying device types.
+type DeviceType int
+
+// TUN and TAP device types.
+const (
+	_ = iota
+	TUN
+	TAP
+)
+
+// Config defines parameters required to create a TUN/TAP interface. It's only
+// used when the device is initialized. A zero-value Config is a valid
+// configuration.
+type Config struct {
+	// DeviceType specifies whether the device is a TUN or TAP interface. A
+	// zero-value is treated as TUN.
+	DeviceType DeviceType
+
+	// PlatformSpecificParams defines parameters that differ on different
+	// platforms. See comments for the type for more details.
+	PlatformSpecificParams
+}
+
+func defaultConfig() Config {
+	return Config{
+		DeviceType:             TUN,
+		PlatformSpecificParams: defaultPlatformSpecificParams(),
+	}
+}
+
+var zeroConfig Config
+
+// New creates a new TUN/TAP interface using config.
+func New(config Config) (ifce *Interface, err error) {
+	if zeroConfig == config {
+		config = defaultConfig()
+	}
+	if config.PlatformSpecificParams == zeroConfig.PlatformSpecificParams {
+		config.PlatformSpecificParams = defaultPlatformSpecificParams()
+	}
+	switch config.DeviceType {
+	case TUN, TAP:
+		return openDev(config)
+	default:
+		return nil, errors.New("unknown device type")
+	}
+}
+
+// IsTUN returns true if ifce is a TUN interface.
+func (ifce *Interface) IsTUN() bool {
+	return !ifce.isTAP
+}
+
+// IsTAP returns true if ifce is a TAP interface.
+func (ifce *Interface) IsTAP() bool {
+	return ifce.isTAP
+}
+
+// Name returns the interface name of ifce, e.g. tun0, tap1, tun0, etc..
+func (ifce *Interface) Name() string {
+	return ifce.name
+}
diff --git a/vendor/github.com/songgao/water/if_linux.go b/vendor/github.com/songgao/water/if_linux.go
new file mode 100644
index 000000000..227e8a8de
--- /dev/null
+++ b/vendor/github.com/songgao/water/if_linux.go
@@ -0,0 +1,30 @@
+package water
+
+import (
+	"fmt"
+)
+
+// NewTAP creates a new TAP interface whose name is ifName. If ifName is empty, a
+// default name (tap0, tap1, ... ) will be assigned. ifName should not exceed
+// 16 bytes. TAP interfaces are not supported on darwin.
+// ifName cannot be specified on windows, you will need ifce.Name() to use some cmds.
+//
+// Deprecated: This function may be removed in the future. Please use New() instead.
+func NewTAP(ifName string) (ifce *Interface, err error) {
+	fmt.Println("Deprecated: NewTAP(..) may be removed in the future. Please use New() instead.")
+	config := Config{DeviceType: TAP}
+	config.Name = ifName
+	return openDev(config)
+}
+
+// NewTUN creates a new TUN interface whose name is ifName. If ifName is empty, a
+// default name (tap0, tap1, ... ) will be assigned. ifName should not exceed
+// ifName cannot be specified on windows, you will need ifce.Name() to use some cmds.
+//
+// Deprecated: This function will be removed in the future. Please use New() instead.
+func NewTUN(ifName string) (ifce *Interface, err error) {
+	fmt.Println("Deprecated: NewTUN(..) may be removed in the future. Please use New() instead.")
+	config := Config{DeviceType: TUN}
+	config.Name = ifName
+	return openDev(config)
+}
diff --git a/vendor/github.com/songgao/water/params_darwin.go b/vendor/github.com/songgao/water/params_darwin.go
new file mode 100644
index 000000000..f33a07a29
--- /dev/null
+++ b/vendor/github.com/songgao/water/params_darwin.go
@@ -0,0 +1,32 @@
+package water
+
+// MacOSDriverProvider enumerates possible MacOS TUN/TAP implementations
+type MacOSDriverProvider int
+
+const (
+	// MacOSDriverSystem refers to the default P2P driver
+	MacOSDriverSystem MacOSDriverProvider = 0
+	// MacOSDriverTunTapOSX refers to the third-party tuntaposx driver
+	// see https://sourceforge.net/p/tuntaposx
+	MacOSDriverTunTapOSX MacOSDriverProvider = 1
+)
+
+// PlatformSpecificParams defines parameters in Config that are specific to
+// macOS. A zero-value of such type is valid, yielding an interface
+// with OS defined name.
+// Currently it is not possible to set the interface name in macOS.
+type PlatformSpecificParams struct {
+	// Name is the name for the interface to be used.
+	//
+	// For TunTapOSXDriver, it should be something like "tap0".
+	// For SystemDriver, the name should match `utun[0-9]+`, e.g. utun233
+	Name string
+
+	// Driver should be set if an alternative driver is desired
+	// e.g. TunTapOSXDriver
+	Driver MacOSDriverProvider
+}
+
+func defaultPlatformSpecificParams() PlatformSpecificParams {
+	return PlatformSpecificParams{}
+}
diff --git a/vendor/github.com/songgao/water/params_linux.go b/vendor/github.com/songgao/water/params_linux.go
new file mode 100644
index 000000000..34e989811
--- /dev/null
+++ b/vendor/github.com/songgao/water/params_linux.go
@@ -0,0 +1,45 @@
+package water
+
+// DevicePermissions determines the owner and group owner for the newly created
+// interface.
+type DevicePermissions struct {
+	// Owner is the ID of the user which will be granted ownership of the
+	// device.  If set to a negative value, the owner value will not be
+	// changed.  By default, Linux sets the owner to -1, which allows any user.
+	Owner uint
+
+	// Group is the ID of the group which will be granted access to the device.
+	// If set to a negative value, the group value will not be changed.  By
+	// default, Linux sets the group to -1, which allows any group.
+	Group uint
+}
+
+// PlatformSpecificParams defines parameters in Config that are specific to
+// Linux. A zero-value of such type is valid, yielding an interface
+// with OS defined name.
+type PlatformSpecificParams struct {
+	// Name is the name to be set for the interface to be created. This overrides
+	// the default name assigned by OS such as tap0 or tun0. A zero-value of this
+	// field, i.e. an empty string, indicates that the default name should be
+	// used.
+	Name string
+
+	// Persist specifies whether persistence mode for the interface device
+	// should be enabled or disabled.
+	Persist bool
+
+	// Permissions, if non-nil, specifies the owner and group owner for the
+	// interface.  A zero-value of this field, i.e. nil, indicates that no
+	// changes to owner or group will be made.
+	Permissions *DevicePermissions
+
+	// MultiQueue specifies whether the multiqueue flag should be set on the
+	// interface.  From version 3.8, Linux supports multiqueue tuntap which can
+	// uses multiple file descriptors (queues) to parallelize packets sending
+	// or receiving.
+	MultiQueue bool
+}
+
+func defaultPlatformSpecificParams() PlatformSpecificParams {
+	return PlatformSpecificParams{}
+}
diff --git a/vendor/github.com/songgao/water/params_others.go b/vendor/github.com/songgao/water/params_others.go
new file mode 100644
index 000000000..c5c4f6e31
--- /dev/null
+++ b/vendor/github.com/songgao/water/params_others.go
@@ -0,0 +1,11 @@
+// +build !linux,!darwin,!windows
+
+package water
+
+// PlatformSpeficParams
+type PlatformSpecificParams struct {
+}
+
+func defaultPlatformSpecificParams() PlatformSpecificParams {
+	return PlatformSpecificParams{}
+}
diff --git a/vendor/github.com/songgao/water/params_windows.go b/vendor/github.com/songgao/water/params_windows.go
new file mode 100644
index 000000000..76697e43c
--- /dev/null
+++ b/vendor/github.com/songgao/water/params_windows.go
@@ -0,0 +1,34 @@
+package water
+
+// PlatformSpecificParams defines parameters in Config that are specific to
+// Windows. A zero-value of such type is valid.
+type PlatformSpecificParams struct {
+	// ComponentID associates with the virtual adapter that exists in Windows.
+	// This is usually configured when driver for the adapter is installed. A
+	// zero-value of this field, i.e., an empty string, causes the interface to
+	// use the default ComponentId. The default ComponentId is set to tap0901,
+	// the one used by OpenVPN.
+	ComponentID string
+	// InterfaceName is a friendly name of the network adapter as set in Control Panel.
+	// Of course, you may have multiple tap0901 adapters on the system, in which
+	// case we need a friendlier way to identify them.
+	InterfaceName string
+	// Network is required when creating a TUN interface. The library will call
+	// net.ParseCIDR() to parse this string into LocalIP, RemoteNetaddr,
+	// RemoteNetmask. The underlying driver will need those to generate ARP
+	// response to Windows kernel, to emulate an TUN interface.
+	// Please note that it cannot perceive the IP changes caused by DHCP, user
+	// configuration to the adapter and etc,. If IP changed, please reconfigure
+	// the adapter using syscall, just like openDev().
+	// For detail, please refer
+	// https://github.com/OpenVPN/tap-windows6/blob/master/src/device.c#L431
+	// and https://github.com/songgao/water/pull/13#issuecomment-270341777
+	Network string
+}
+
+func defaultPlatformSpecificParams() PlatformSpecificParams {
+	return PlatformSpecificParams{
+		ComponentID: "tap0901",
+		Network:     "192.168.1.10/24",
+	}
+}
diff --git a/vendor/github.com/songgao/water/syscalls_darwin.go b/vendor/github.com/songgao/water/syscalls_darwin.go
new file mode 100644
index 000000000..0b273494e
--- /dev/null
+++ b/vendor/github.com/songgao/water/syscalls_darwin.go
@@ -0,0 +1,270 @@
+package water
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"math"
+	"os"
+	"strconv"
+	"strings"
+	"sync"
+	"syscall"
+	"unsafe"
+)
+
+const appleUTUNCtl = "com.apple.net.utun_control"
+
+/*
+ * From ioctl.h:
+ * #define	IOCPARM_MASK	0x1fff		// parameter length, at most 13 bits
+ * ...
+ * #define	IOC_OUT		0x40000000	// copy out parameters
+ * #define	IOC_IN		0x80000000	// copy in parameters
+ * #define	IOC_INOUT	(IOC_IN|IOC_OUT)
+ * ...
+ * #define _IOC(inout,group,num,len) \
+ * 	(inout | ((len & IOCPARM_MASK) << 16) | ((group) << 8) | (num))
+ * ...
+ * #define	_IOWR(g,n,t)	_IOC(IOC_INOUT,	(g), (n), sizeof(t))
+ *
+ * From kern_control.h:
+ * #define CTLIOCGINFO     _IOWR('N', 3, struct ctl_info)	// get id from name
+ *
+ */
+
+const appleCTLIOCGINFO = (0x40000000 | 0x80000000) | ((100 & 0x1fff) << 16) | uint32(byte('N'))<<8 | 3
+
+/*
+ * #define _IOW(g,n,t) _IOC(IOC_IN, (g), (n), sizeof(t))
+ * #define TUNSIFMODE _IOW('t', 94, int)
+ */
+const appleTUNSIFMODE = (0x80000000) | ((4 & 0x1fff) << 16) | uint32(byte('t'))<<8 | 94
+
+/*
+ * struct sockaddr_ctl {
+ *     u_char sc_len; // depends on size of bundle ID string
+ *     u_char sc_family; // AF_SYSTEM
+ *     u_int16_t ss_sysaddr; // AF_SYS_KERNCONTROL
+ *     u_int32_t sc_id; // Controller unique identifier
+ *     u_int32_t sc_unit; // Developer private unit number
+ *     u_int32_t sc_reserved[5];
+ * };
+ */
+type sockaddrCtl struct {
+	scLen      uint8
+	scFamily   uint8
+	ssSysaddr  uint16
+	scID       uint32
+	scUnit     uint32
+	scReserved [5]uint32
+}
+
+var sockaddrCtlSize uintptr = 32
+
+func openDev(config Config) (ifce *Interface, err error) {
+	if config.Driver == MacOSDriverTunTapOSX {
+		return openDevTunTapOSX(config)
+	}
+	if config.Driver == MacOSDriverSystem {
+		return openDevSystem(config)
+	}
+	return nil, errors.New("unrecognized driver")
+}
+
+// openDevSystem opens tun device on system
+func openDevSystem(config Config) (ifce *Interface, err error) {
+	if config.DeviceType != TUN {
+		return nil, errors.New("only tun is implemented for SystemDriver, use TunTapOSXDriver for tap")
+	}
+
+	ifIndex := -1
+	if config.Name != "" {
+		const utunPrefix = "utun"
+		if !strings.HasPrefix(config.Name, utunPrefix) {
+			return nil, fmt.Errorf("Interface name must be utun[0-9]+")
+		}
+		ifIndex, err = strconv.Atoi(config.Name[len(utunPrefix):])
+		if err != nil || ifIndex < 0 || ifIndex > math.MaxUint32-1 {
+			return nil, fmt.Errorf("Interface name must be utun[0-9]+")
+		}
+	}
+
+	var fd int
+	// Supposed to be socket(PF_SYSTEM, SOCK_DGRAM, SYSPROTO_CONTROL), but ...
+	//
+	// In sys/socket.h:
+	// #define PF_SYSTEM	AF_SYSTEM
+	//
+	// In sys/sys_domain.h:
+	// #define SYSPROTO_CONTROL       	2	/* kernel control protocol */
+	if fd, err = syscall.Socket(syscall.AF_SYSTEM, syscall.SOCK_DGRAM, 2); err != nil {
+		return nil, fmt.Errorf("error in syscall.Socket: %v", err)
+	}
+
+	var ctlInfo = &struct {
+		ctlID   uint32
+		ctlName [96]byte
+	}{}
+	copy(ctlInfo.ctlName[:], []byte(appleUTUNCtl))
+
+	if _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), uintptr(appleCTLIOCGINFO), uintptr(unsafe.Pointer(ctlInfo))); errno != 0 {
+		err = errno
+		return nil, fmt.Errorf("error in syscall.Syscall(syscall.SYS_IOCTL, ...): %v", err)
+	}
+
+	addrP := unsafe.Pointer(&sockaddrCtl{
+		scLen:    uint8(sockaddrCtlSize),
+		scFamily: syscall.AF_SYSTEM,
+
+		/* #define AF_SYS_CONTROL 2 */
+		ssSysaddr: 2,
+
+		scID:   ctlInfo.ctlID,
+		scUnit: uint32(ifIndex) + 1,
+	})
+	if _, _, errno := syscall.RawSyscall(syscall.SYS_CONNECT, uintptr(fd), uintptr(addrP), uintptr(sockaddrCtlSize)); errno != 0 {
+		err = errno
+		return nil, fmt.Errorf("error in syscall.RawSyscall(syscall.SYS_CONNECT, ...): %v", err)
+	}
+
+	var ifName struct {
+		name [16]byte
+	}
+	ifNameSize := uintptr(16)
+	if _, _, errno := syscall.Syscall6(syscall.SYS_GETSOCKOPT, uintptr(fd),
+		2, /* #define SYSPROTO_CONTROL 2 */
+		2, /* #define UTUN_OPT_IFNAME 2 */
+		uintptr(unsafe.Pointer(&ifName)),
+		uintptr(unsafe.Pointer(&ifNameSize)), 0); errno != 0 {
+		err = errno
+		return nil, fmt.Errorf("error in syscall.Syscall6(syscall.SYS_GETSOCKOPT, ...): %v", err)
+	}
+
+	if err = setNonBlock(fd); err != nil {
+		return nil, fmt.Errorf("setting non-blocking error")
+	}
+
+	return &Interface{
+		isTAP: false,
+		name:  string(ifName.name[:ifNameSize-1 /* -1 is for \0 */]),
+		ReadWriteCloser: &tunReadCloser{
+			f: os.NewFile(uintptr(fd), string(ifName.name[:])),
+		},
+	}, nil
+}
+
+// openDevTunTapOSX opens tun / tap device, assuming tuntaposx is installed
+func openDevTunTapOSX(config Config) (ifce *Interface, err error) {
+	var fd int
+	var socketFD int
+
+	if config.DeviceType == TAP && !strings.HasPrefix(config.Name, "tap") {
+		return nil, errors.New("device name does not start with tap when creating a tap device")
+	}
+	if config.DeviceType == TUN && !strings.HasPrefix(config.Name, "tun") {
+		return nil, errors.New("device name does not start with tun when creating a tun device")
+	}
+	if config.DeviceType != TAP && config.DeviceType != TUN {
+		return nil, errors.New("unsupported DeviceType")
+	}
+	if len(config.Name) >= 15 {
+		return nil, errors.New("device name is too long")
+	}
+
+	if fd, err = syscall.Open(
+		"/dev/"+config.Name, os.O_RDWR|syscall.O_NONBLOCK, 0); err != nil {
+		return nil, err
+	}
+	// Note that we are not setting NONBLOCK on the fd itself since it breaks tuntaposx
+	// see https://sourceforge.net/p/tuntaposx/bugs/6/
+
+	// create socket so we can do SIO ioctls, we are not using it afterwards
+	if socketFD, err = syscall.Socket(syscall.AF_SYSTEM, syscall.SOCK_DGRAM, 2); err != nil {
+		return nil, fmt.Errorf("error in syscall.Socket: %v", err)
+	}
+	var ifReq = &struct {
+		ifName    [16]byte
+		ifruFlags int16
+		pad       [16]byte
+	}{}
+	copy(ifReq.ifName[:], []byte(config.Name))
+	if _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(socketFD), uintptr(syscall.SIOCGIFFLAGS), uintptr(unsafe.Pointer(ifReq))); errno != 0 {
+		err = errno
+		return nil, fmt.Errorf("error in syscall.Syscall(syscall.SYS_IOCTL, ...): %v", err)
+	}
+	ifReq.ifruFlags |= syscall.IFF_RUNNING | syscall.IFF_UP
+	if _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(socketFD), uintptr(syscall.SIOCSIFFLAGS), uintptr(unsafe.Pointer(ifReq))); errno != 0 {
+		err = errno
+		return nil, fmt.Errorf("error in syscall.Syscall(syscall.SYS_IOCTL, ...): %v", err)
+	}
+	syscall.Close(socketFD)
+
+	return &Interface{
+		isTAP:           config.DeviceType == TAP,
+		ReadWriteCloser: os.NewFile(uintptr(fd), "tun"),
+		name:            config.Name,
+	}, nil
+}
+
+// tunReadCloser is a hack to work around the first 4 bytes "packet
+// information" because there doesn't seem to be an IFF_NO_PI for darwin.
+type tunReadCloser struct {
+	f io.ReadWriteCloser
+
+	rMu  sync.Mutex
+	rBuf []byte
+
+	wMu  sync.Mutex
+	wBuf []byte
+}
+
+var _ io.ReadWriteCloser = (*tunReadCloser)(nil)
+
+func (t *tunReadCloser) Read(to []byte) (int, error) {
+	t.rMu.Lock()
+	defer t.rMu.Unlock()
+
+	if cap(t.rBuf) < len(to)+4 {
+		t.rBuf = make([]byte, len(to)+4)
+	}
+	t.rBuf = t.rBuf[:len(to)+4]
+
+	n, err := t.f.Read(t.rBuf)
+	copy(to, t.rBuf[4:])
+	return n - 4, err
+}
+
+func (t *tunReadCloser) Write(from []byte) (int, error) {
+
+	if len(from) == 0 {
+		return 0, syscall.EIO
+	}
+
+	t.wMu.Lock()
+	defer t.wMu.Unlock()
+
+	if cap(t.wBuf) < len(from)+4 {
+		t.wBuf = make([]byte, len(from)+4)
+	}
+	t.wBuf = t.wBuf[:len(from)+4]
+
+	// Determine the IP Family for the NULL L2 Header
+	ipVer := from[0] >> 4
+	if ipVer == 4 {
+		t.wBuf[3] = syscall.AF_INET
+	} else if ipVer == 6 {
+		t.wBuf[3] = syscall.AF_INET6
+	} else {
+		return 0, errors.New("Unable to determine IP version from packet")
+	}
+
+	copy(t.wBuf[4:], from)
+
+	n, err := t.f.Write(t.wBuf)
+	return n - 4, err
+}
+
+func (t *tunReadCloser) Close() error {
+	return t.f.Close()
+}
diff --git a/vendor/github.com/songgao/water/syscalls_darwin_go1.11.go b/vendor/github.com/songgao/water/syscalls_darwin_go1.11.go
new file mode 100644
index 000000000..b02f734fe
--- /dev/null
+++ b/vendor/github.com/songgao/water/syscalls_darwin_go1.11.go
@@ -0,0 +1,9 @@
+// +build darwin,go1.11
+
+package water
+
+import "syscall"
+
+func setNonBlock(fd int) error {
+	return syscall.SetNonblock(fd, true)
+}
diff --git a/vendor/github.com/songgao/water/syscalls_darwin_legacy.go b/vendor/github.com/songgao/water/syscalls_darwin_legacy.go
new file mode 100644
index 000000000..d1745409a
--- /dev/null
+++ b/vendor/github.com/songgao/water/syscalls_darwin_legacy.go
@@ -0,0 +1,10 @@
+// +build darwin,!go1.11
+
+package water
+
+func setNonBlock(fd int) error {
+	// There's a but pre-go1.11 that causes 'resource temporarily unavailable'
+	// error in non-blocking mode. So just skip it here. Close() won't be able
+	// to unblock a pending read, but that's better than being broken.
+	return nil
+}
diff --git a/vendor/github.com/songgao/water/syscalls_linux.go b/vendor/github.com/songgao/water/syscalls_linux.go
new file mode 100644
index 000000000..af382d1ac
--- /dev/null
+++ b/vendor/github.com/songgao/water/syscalls_linux.go
@@ -0,0 +1,83 @@
+package water
+
+import (
+	"os"
+	"strings"
+	"syscall"
+	"unsafe"
+)
+
+const (
+	cIFFTUN        = 0x0001
+	cIFFTAP        = 0x0002
+	cIFFNOPI       = 0x1000
+	cIFFMULTIQUEUE = 0x0100
+)
+
+type ifReq struct {
+	Name  [0x10]byte
+	Flags uint16
+	pad   [0x28 - 0x10 - 2]byte
+}
+
+func ioctl(fd uintptr, request uintptr, argp uintptr) error {
+	_, _, errno := syscall.Syscall(syscall.SYS_IOCTL, fd, uintptr(request), argp)
+	if errno != 0 {
+		return os.NewSyscallError("ioctl", errno)
+	}
+	return nil
+}
+
+func setupFd(config Config, fd uintptr) (name string, err error) {
+	var flags uint16 = cIFFNOPI
+	if config.DeviceType == TUN {
+		flags |= cIFFTUN
+	} else {
+		flags |= cIFFTAP
+	}
+	if config.PlatformSpecificParams.MultiQueue {
+		flags |= cIFFMULTIQUEUE
+	}
+
+	if name, err = createInterface(fd, config.Name, flags); err != nil {
+		return "", err
+	}
+
+	if err = setDeviceOptions(fd, config); err != nil {
+		return "", err
+	}
+
+	return name, nil
+}
+
+func createInterface(fd uintptr, ifName string, flags uint16) (createdIFName string, err error) {
+	var req ifReq
+	req.Flags = flags
+	copy(req.Name[:], ifName)
+
+	err = ioctl(fd, syscall.TUNSETIFF, uintptr(unsafe.Pointer(&req)))
+	if err != nil {
+		return
+	}
+
+	createdIFName = strings.Trim(string(req.Name[:]), "\x00")
+	return
+}
+
+func setDeviceOptions(fd uintptr, config Config) (err error) {
+	if config.Permissions != nil {
+		if err = ioctl(fd, syscall.TUNSETOWNER, uintptr(config.Permissions.Owner)); err != nil {
+			return
+		}
+		if err = ioctl(fd, syscall.TUNSETGROUP, uintptr(config.Permissions.Group)); err != nil {
+			return
+		}
+	}
+
+	// set clear the persist flag
+	value := 0
+	if config.Persist {
+		value = 1
+	}
+	return ioctl(fd, syscall.TUNSETPERSIST, uintptr(value))
+}
diff --git a/vendor/github.com/songgao/water/syscalls_linux_go1.11.go b/vendor/github.com/songgao/water/syscalls_linux_go1.11.go
new file mode 100644
index 000000000..90c47a123
--- /dev/null
+++ b/vendor/github.com/songgao/water/syscalls_linux_go1.11.go
@@ -0,0 +1,27 @@
+// +build linux,go1.11
+
+package water
+
+import (
+	"os"
+	"syscall"
+)
+
+func openDev(config Config) (ifce *Interface, err error) {
+	var fdInt int
+	if fdInt, err = syscall.Open(
+		"/dev/net/tun", os.O_RDWR|syscall.O_NONBLOCK, 0); err != nil {
+		return nil, err
+	}
+
+	name, err := setupFd(config, uintptr(fdInt))
+	if err != nil {
+		return nil, err
+	}
+
+	return &Interface{
+		isTAP:           config.DeviceType == TAP,
+		ReadWriteCloser: os.NewFile(uintptr(fdInt), "tun"),
+		name:            name,
+	}, nil
+}
diff --git a/vendor/github.com/songgao/water/syscalls_linux_legacy.go b/vendor/github.com/songgao/water/syscalls_linux_legacy.go
new file mode 100644
index 000000000..6499b379a
--- /dev/null
+++ b/vendor/github.com/songgao/water/syscalls_linux_legacy.go
@@ -0,0 +1,26 @@
+// +build linux,!go1.11
+
+package water
+
+import (
+	"os"
+)
+
+func openDev(config Config) (ifce *Interface, err error) {
+	var file *os.File
+	if file, err = os.OpenFile(
+		"/dev/net/tun", os.O_RDWR, 0); err != nil {
+		return nil, err
+	}
+
+	name, err := setupFd(config, file.Fd())
+	if err != nil {
+		return nil, err
+	}
+
+	return &Interface{
+		isTAP:           config.DeviceType == TAP,
+		ReadWriteCloser: file,
+		name:            name,
+	}, nil
+}
diff --git a/vendor/github.com/songgao/water/syscalls_other.go b/vendor/github.com/songgao/water/syscalls_other.go
new file mode 100644
index 000000000..c5ed1b371
--- /dev/null
+++ b/vendor/github.com/songgao/water/syscalls_other.go
@@ -0,0 +1,9 @@
+// +build !linux,!darwin,!windows
+
+package water
+
+import "errors"
+
+func openDev(config Config) (*Interface, error) {
+	return nil, errors.New("not implemented on this platform")
+}
diff --git a/vendor/github.com/songgao/water/syscalls_windows.go b/vendor/github.com/songgao/water/syscalls_windows.go
new file mode 100644
index 000000000..f38a9cb2a
--- /dev/null
+++ b/vendor/github.com/songgao/water/syscalls_windows.go
@@ -0,0 +1,313 @@
+package water
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"net"
+	"sync"
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/sys/windows/registry"
+)
+
+// To use it with windows, you need a tap driver installed on windows.
+// https://github.com/OpenVPN/tap-windows6
+// or just install OpenVPN
+// https://github.com/OpenVPN/openvpn
+
+const (
+	// tapDriverKey is the location of the TAP driver key.
+	tapDriverKey = `SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}`
+	// netConfigKey is the location of the TAP adapter's network config.
+	netConfigKey = `SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}`
+)
+
+var (
+	errIfceNameNotFound = errors.New("Failed to find the name of interface")
+	// Device Control Codes
+	tap_win_ioctl_get_mac             = tap_control_code(1, 0)
+	tap_win_ioctl_get_version         = tap_control_code(2, 0)
+	tap_win_ioctl_get_mtu             = tap_control_code(3, 0)
+	tap_win_ioctl_get_info            = tap_control_code(4, 0)
+	tap_ioctl_config_point_to_point   = tap_control_code(5, 0)
+	tap_ioctl_set_media_status        = tap_control_code(6, 0)
+	tap_win_ioctl_config_dhcp_masq    = tap_control_code(7, 0)
+	tap_win_ioctl_get_log_line        = tap_control_code(8, 0)
+	tap_win_ioctl_config_dhcp_set_opt = tap_control_code(9, 0)
+	tap_ioctl_config_tun              = tap_control_code(10, 0)
+	// w32 api
+	file_device_unknown = uint32(0x00000022)
+	nCreateEvent,
+	nResetEvent,
+	nGetOverlappedResult uintptr
+)
+
+func init() {
+	k32, err := syscall.LoadLibrary("kernel32.dll")
+	if err != nil {
+		panic("LoadLibrary " + err.Error())
+	}
+	defer syscall.FreeLibrary(k32)
+
+	nCreateEvent = getProcAddr(k32, "CreateEventW")
+	nResetEvent = getProcAddr(k32, "ResetEvent")
+	nGetOverlappedResult = getProcAddr(k32, "GetOverlappedResult")
+}
+
+func getProcAddr(lib syscall.Handle, name string) uintptr {
+	addr, err := syscall.GetProcAddress(lib, name)
+	if err != nil {
+		panic(name + " " + err.Error())
+	}
+	return addr
+}
+
+func resetEvent(h syscall.Handle) error {
+	r, _, err := syscall.Syscall(nResetEvent, 1, uintptr(h), 0, 0)
+	if r == 0 {
+		return err
+	}
+	return nil
+}
+
+func getOverlappedResult(h syscall.Handle, overlapped *syscall.Overlapped) (int, error) {
+	var n int
+	r, _, err := syscall.Syscall6(nGetOverlappedResult, 4,
+		uintptr(h),
+		uintptr(unsafe.Pointer(overlapped)),
+		uintptr(unsafe.Pointer(&n)), 1, 0, 0)
+	if r == 0 {
+		return n, err
+	}
+
+	return n, nil
+}
+
+func newOverlapped() (*syscall.Overlapped, error) {
+	var overlapped syscall.Overlapped
+	r, _, err := syscall.Syscall6(nCreateEvent, 4, 0, 1, 0, 0, 0, 0)
+	if r == 0 {
+		return nil, err
+	}
+	overlapped.HEvent = syscall.Handle(r)
+	return &overlapped, nil
+}
+
+type wfile struct {
+	fd syscall.Handle
+	rl sync.Mutex
+	wl sync.Mutex
+	ro *syscall.Overlapped
+	wo *syscall.Overlapped
+}
+
+func (f *wfile) Close() error {
+	return syscall.Close(f.fd)
+}
+
+func (f *wfile) Write(b []byte) (int, error) {
+	f.wl.Lock()
+	defer f.wl.Unlock()
+
+	if err := resetEvent(f.wo.HEvent); err != nil {
+		return 0, err
+	}
+	var n uint32
+	err := syscall.WriteFile(f.fd, b, &n, f.wo)
+	if err != nil && err != syscall.ERROR_IO_PENDING {
+		return int(n), err
+	}
+	return getOverlappedResult(f.fd, f.wo)
+}
+
+func (f *wfile) Read(b []byte) (int, error) {
+	f.rl.Lock()
+	defer f.rl.Unlock()
+
+	if err := resetEvent(f.ro.HEvent); err != nil {
+		return 0, err
+	}
+	var done uint32
+	err := syscall.ReadFile(f.fd, b, &done, f.ro)
+	if err != nil && err != syscall.ERROR_IO_PENDING {
+		return int(done), err
+	}
+	return getOverlappedResult(f.fd, f.ro)
+}
+
+func ctl_code(device_type, function, method, access uint32) uint32 {
+	return (device_type << 16) | (access << 14) | (function << 2) | method
+}
+
+func tap_control_code(request, method uint32) uint32 {
+	return ctl_code(file_device_unknown, request, method, 0)
+}
+
+// getdeviceid finds out a TAP device from registry, it *may* requires privileged right to prevent some weird issue.
+func getdeviceid(componentID string, interfaceName string) (deviceid string, err error) {
+	k, err := registry.OpenKey(registry.LOCAL_MACHINE, tapDriverKey, registry.READ)
+	if err != nil {
+		return "", fmt.Errorf("Failed to open the adapter registry, TAP driver may be not installed, %v", err)
+	}
+	defer k.Close()
+	// read all subkeys, it should not return an err here
+	keys, err := k.ReadSubKeyNames(-1)
+	if err != nil {
+		return "", err
+	}
+	// find the one matched ComponentId
+	for _, v := range keys {
+		key, err := registry.OpenKey(registry.LOCAL_MACHINE, tapDriverKey+"\\"+v, registry.READ)
+		if err != nil {
+			continue
+		}
+		val, _, err := key.GetStringValue("ComponentId")
+		if err != nil {
+			key.Close()
+			continue
+		}
+		if val == componentID {
+			val, _, err = key.GetStringValue("NetCfgInstanceId")
+			if err != nil {
+				key.Close()
+				continue
+			}
+			if len(interfaceName) > 0 {
+				key2 := fmt.Sprintf("%s\\%s\\Connection", netConfigKey, val)
+				k2, err := registry.OpenKey(registry.LOCAL_MACHINE, key2, registry.READ)
+				if err != nil {
+					continue
+				}
+				defer k2.Close()
+				val, _, err := k2.GetStringValue("Name")
+				if err != nil || val != interfaceName {
+					continue
+				}
+			}
+			key.Close()
+			return val, nil
+		}
+		key.Close()
+	}
+	if len(interfaceName) > 0 {
+		return "", fmt.Errorf("Failed to find the tap device in registry with specified ComponentId '%s' and InterfaceName '%s', TAP driver may be not installed or you may have specified an interface name that doesn't exist", componentID, interfaceName)
+	}
+
+	return "", fmt.Errorf("Failed to find the tap device in registry with specified ComponentId '%s', TAP driver may be not installed", componentID)
+}
+
+// setStatus is used to bring up or bring down the interface
+func setStatus(fd syscall.Handle, status bool) error {
+	var bytesReturned uint32
+	rdbbuf := make([]byte, syscall.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)
+	code := []byte{0x00, 0x00, 0x00, 0x00}
+	if status {
+		code[0] = 0x01
+	}
+	return syscall.DeviceIoControl(fd, tap_ioctl_set_media_status, &code[0], uint32(4), &rdbbuf[0], uint32(len(rdbbuf)), &bytesReturned, nil)
+}
+
+// setTUN is used to configure the IP address in the underlying driver when using TUN
+func setTUN(fd syscall.Handle, network string) error {
+	var bytesReturned uint32
+	rdbbuf := make([]byte, syscall.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)
+
+	localIP, remoteNet, err := net.ParseCIDR(network)
+	if err != nil {
+		return fmt.Errorf("Failed to parse network CIDR in config, %v", err)
+	}
+	if localIP.To4() == nil {
+		return fmt.Errorf("Provided network(%s) is not a valid IPv4 address", network)
+	}
+	code2 := make([]byte, 0, 12)
+	code2 = append(code2, localIP.To4()[:4]...)
+	code2 = append(code2, remoteNet.IP.To4()[:4]...)
+	code2 = append(code2, remoteNet.Mask[:4]...)
+	if len(code2) != 12 {
+		return fmt.Errorf("Provided network(%s) is not valid", network)
+	}
+	if err := syscall.DeviceIoControl(fd, tap_ioctl_config_tun, &code2[0], uint32(12), &rdbbuf[0], uint32(len(rdbbuf)), &bytesReturned, nil); err != nil {
+		return err
+	}
+	return nil
+}
+
+// openDev find and open an interface.
+func openDev(config Config) (ifce *Interface, err error) {
+	// find the device in registry.
+	deviceid, err := getdeviceid(config.PlatformSpecificParams.ComponentID, config.PlatformSpecificParams.InterfaceName)
+	if err != nil {
+		return nil, err
+	}
+	path := "\\\\.\\Global\\" + deviceid + ".tap"
+	pathp, err := syscall.UTF16PtrFromString(path)
+	if err != nil {
+		return nil, err
+	}
+	// type Handle uintptr
+	file, err := syscall.CreateFile(pathp, syscall.GENERIC_READ|syscall.GENERIC_WRITE, uint32(syscall.FILE_SHARE_READ|syscall.FILE_SHARE_WRITE), nil, syscall.OPEN_EXISTING, syscall.FILE_ATTRIBUTE_SYSTEM|syscall.FILE_FLAG_OVERLAPPED, 0)
+	// if err hanppens, close the interface.
+	defer func() {
+		if err != nil {
+			syscall.Close(file)
+		}
+		if err := recover(); err != nil {
+			syscall.Close(file)
+		}
+	}()
+	if err != nil {
+		return nil, err
+	}
+	var bytesReturned uint32
+
+	// find the mac address of tap device, use this to find the name of interface
+	mac := make([]byte, 6)
+	err = syscall.DeviceIoControl(file, tap_win_ioctl_get_mac, &mac[0], uint32(len(mac)), &mac[0], uint32(len(mac)), &bytesReturned, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	// fd := os.NewFile(uintptr(file), path)
+	ro, err := newOverlapped()
+	if err != nil {
+		return
+	}
+	wo, err := newOverlapped()
+	if err != nil {
+		return
+	}
+	fd := &wfile{fd: file, ro: ro, wo: wo}
+	ifce = &Interface{isTAP: (config.DeviceType == TAP), ReadWriteCloser: fd}
+
+	// bring up device.
+	if err := setStatus(file, true); err != nil {
+		return nil, err
+	}
+
+	//TUN
+	if config.DeviceType == TUN {
+		if err := setTUN(file, config.PlatformSpecificParams.Network); err != nil {
+			return nil, err
+		}
+	}
+
+	// find the name of tap interface(u need it to set the ip or other command)
+	ifces, err := net.Interfaces()
+	if err != nil {
+		return
+	}
+
+	for _, v := range ifces {
+		if len(v.HardwareAddr) < 6 {
+			continue
+		}
+		if bytes.Equal(v.HardwareAddr[:6], mac[:6]) {
+			ifce.name = v.Name
+			return
+		}
+	}
+
+	return nil, errIfceNameNotFound
+}
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2b.go b/vendor/golang.org/x/crypto/blake2b/blake2b.go
index c160e1a4e..d2e98d429 100644
--- a/vendor/golang.org/x/crypto/blake2b/blake2b.go
+++ b/vendor/golang.org/x/crypto/blake2b/blake2b.go
@@ -5,6 +5,8 @@
 // Package blake2b implements the BLAKE2b hash algorithm defined by RFC 7693
 // and the extendable output function (XOF) BLAKE2Xb.
 //
+// BLAKE2b is optimized for 64-bit platforms—including NEON-enabled ARMs—and
+// produces digests of any size between 1 and 64 bytes.
 // For a detailed specification of BLAKE2b see https://blake2.net/blake2.pdf
 // and for BLAKE2Xb see https://blake2.net/blake2x.pdf
 //
diff --git a/vendor/golang.org/x/crypto/blake2s/blake2s.go b/vendor/golang.org/x/crypto/blake2s/blake2s.go
index 5fb4a9ecd..e3f46aab3 100644
--- a/vendor/golang.org/x/crypto/blake2s/blake2s.go
+++ b/vendor/golang.org/x/crypto/blake2s/blake2s.go
@@ -5,6 +5,8 @@
 // Package blake2s implements the BLAKE2s hash algorithm defined by RFC 7693
 // and the extendable output function (XOF) BLAKE2Xs.
 //
+// BLAKE2s is optimized for 8- to 32-bit platforms and produces digests of any
+// size between 1 and 32 bytes.
 // For a detailed specification of BLAKE2s see https://blake2.net/blake2.pdf
 // and for BLAKE2Xs see https://blake2.net/blake2x.pdf
 //
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_generic.go b/vendor/golang.org/x/crypto/chacha20/chacha_generic.go
index 7c498e90d..a2ecf5c32 100644
--- a/vendor/golang.org/x/crypto/chacha20/chacha_generic.go
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_generic.go
@@ -42,10 +42,14 @@ type Cipher struct {
 
 	// The last len bytes of buf are leftover key stream bytes from the previous
 	// XORKeyStream invocation. The size of buf depends on how many blocks are
-	// computed at a time.
+	// computed at a time by xorKeyStreamBlocks.
 	buf [bufSize]byte
 	len int
 
+	// overflow is set when the counter overflowed, no more blocks can be
+	// generated, and the next XORKeyStream call should panic.
+	overflow bool
+
 	// The counter-independent results of the first round are cached after they
 	// are computed the first time.
 	precompDone      bool
@@ -89,6 +93,7 @@ func newUnauthenticatedCipher(c *Cipher, key, nonce []byte) (*Cipher, error) {
 		return nil, errors.New("chacha20: wrong nonce size")
 	}
 
+	key, nonce = key[:KeySize], nonce[:NonceSize] // bounds check elimination hint
 	c.key = [8]uint32{
 		binary.LittleEndian.Uint32(key[0:4]),
 		binary.LittleEndian.Uint32(key[4:8]),
@@ -139,15 +144,18 @@ func quarterRound(a, b, c, d uint32) (uint32, uint32, uint32, uint32) {
 // SetCounter sets the Cipher counter. The next invocation of XORKeyStream will
 // behave as if (64 * counter) bytes had been encrypted so far.
 //
-// To prevent accidental counter reuse, SetCounter panics if counter is
-// less than the current value.
+// To prevent accidental counter reuse, SetCounter panics if counter is less
+// than the current value.
+//
+// Note that the execution time of XORKeyStream is not independent of the
+// counter value.
 func (s *Cipher) SetCounter(counter uint32) {
 	// Internally, s may buffer multiple blocks, which complicates this
 	// implementation slightly. When checking whether the counter has rolled
 	// back, we must use both s.counter and s.len to determine how many blocks
 	// we have already output.
 	outputCounter := s.counter - uint32(s.len)/blockSize
-	if counter < outputCounter {
+	if s.overflow || counter < outputCounter {
 		panic("chacha20: SetCounter attempted to rollback counter")
 	}
 
@@ -196,34 +204,52 @@ func (s *Cipher) XORKeyStream(dst, src []byte) {
 			dst[i] = src[i] ^ b
 		}
 		s.len -= len(keyStream)
-		src = src[len(keyStream):]
-		dst = dst[len(keyStream):]
+		dst, src = dst[len(keyStream):], src[len(keyStream):]
+	}
+	if len(src) == 0 {
+		return
 	}
 
-	const blocksPerBuf = bufSize / blockSize
-	numBufs := (uint64(len(src)) + bufSize - 1) / bufSize
-	if uint64(s.counter)+numBufs*blocksPerBuf >= 1<<32 {
+	// If we'd need to let the counter overflow and keep generating output,
+	// panic immediately. If instead we'd only reach the last block, remember
+	// not to generate any more output after the buffer is drained.
+	numBlocks := (uint64(len(src)) + blockSize - 1) / blockSize
+	if s.overflow || uint64(s.counter)+numBlocks > 1<<32 {
 		panic("chacha20: counter overflow")
+	} else if uint64(s.counter)+numBlocks == 1<<32 {
+		s.overflow = true
 	}
 
 	// xorKeyStreamBlocks implementations expect input lengths that are a
 	// multiple of bufSize. Platform-specific ones process multiple blocks at a
 	// time, so have bufSizes that are a multiple of blockSize.
 
-	rem := len(src) % bufSize
-	full := len(src) - rem
-
+	full := len(src) - len(src)%bufSize
 	if full > 0 {
 		s.xorKeyStreamBlocks(dst[:full], src[:full])
 	}
+	dst, src = dst[full:], src[full:]
+
+	// If using a multi-block xorKeyStreamBlocks would overflow, use the generic
+	// one that does one block at a time.
+	const blocksPerBuf = bufSize / blockSize
+	if uint64(s.counter)+blocksPerBuf > 1<<32 {
+		s.buf = [bufSize]byte{}
+		numBlocks := (len(src) + blockSize - 1) / blockSize
+		buf := s.buf[bufSize-numBlocks*blockSize:]
+		copy(buf, src)
+		s.xorKeyStreamBlocksGeneric(buf, buf)
+		s.len = len(buf) - copy(dst, buf)
+		return
+	}
 
 	// If we have a partial (multi-)block, pad it for xorKeyStreamBlocks, and
 	// keep the leftover keystream for the next XORKeyStream invocation.
-	if rem > 0 {
+	if len(src) > 0 {
 		s.buf = [bufSize]byte{}
-		copy(s.buf[:], src[full:])
+		copy(s.buf[:], src)
 		s.xorKeyStreamBlocks(s.buf[:], s.buf[:])
-		s.len = bufSize - copy(dst[full:], s.buf[:])
+		s.len = bufSize - copy(dst, s.buf[:])
 	}
 }
 
@@ -260,7 +286,9 @@ func (s *Cipher) xorKeyStreamBlocksGeneric(dst, src []byte) {
 		s.precompDone = true
 	}
 
-	for i := 0; i < len(src); i += blockSize {
+	// A condition of len(src) > 0 would be sufficient, but this also
+	// acts as a bounds check elimination hint.
+	for len(src) >= 64 && len(dst) >= 64 {
 		// The remainder of the first column round.
 		fcr0, fcr4, fcr8, fcr12 := quarterRound(c0, c4, c8, s.counter)
 
@@ -285,49 +313,28 @@ func (s *Cipher) xorKeyStreamBlocksGeneric(dst, src []byte) {
 			x3, x4, x9, x14 = quarterRound(x3, x4, x9, x14)
 		}
 
-		// Finally, add back the initial state to generate the key stream.
-		x0 += c0
-		x1 += c1
-		x2 += c2
-		x3 += c3
-		x4 += c4
-		x5 += c5
-		x6 += c6
-		x7 += c7
-		x8 += c8
-		x9 += c9
-		x10 += c10
-		x11 += c11
-		x12 += s.counter
-		x13 += c13
-		x14 += c14
-		x15 += c15
+		// Add back the initial state to generate the key stream, then
+		// XOR the key stream with the source and write out the result.
+		addXor(dst[0:4], src[0:4], x0, c0)
+		addXor(dst[4:8], src[4:8], x1, c1)
+		addXor(dst[8:12], src[8:12], x2, c2)
+		addXor(dst[12:16], src[12:16], x3, c3)
+		addXor(dst[16:20], src[16:20], x4, c4)
+		addXor(dst[20:24], src[20:24], x5, c5)
+		addXor(dst[24:28], src[24:28], x6, c6)
+		addXor(dst[28:32], src[28:32], x7, c7)
+		addXor(dst[32:36], src[32:36], x8, c8)
+		addXor(dst[36:40], src[36:40], x9, c9)
+		addXor(dst[40:44], src[40:44], x10, c10)
+		addXor(dst[44:48], src[44:48], x11, c11)
+		addXor(dst[48:52], src[48:52], x12, s.counter)
+		addXor(dst[52:56], src[52:56], x13, c13)
+		addXor(dst[56:60], src[56:60], x14, c14)
+		addXor(dst[60:64], src[60:64], x15, c15)
 
 		s.counter += 1
-		if s.counter == 0 {
-			panic("chacha20: internal error: counter overflow")
-		}
 
-		in, out := src[i:], dst[i:]
-		in, out = in[:blockSize], out[:blockSize] // bounds check elimination hint
-
-		// XOR the key stream with the source and write out the result.
-		xor(out[0:], in[0:], x0)
-		xor(out[4:], in[4:], x1)
-		xor(out[8:], in[8:], x2)
-		xor(out[12:], in[12:], x3)
-		xor(out[16:], in[16:], x4)
-		xor(out[20:], in[20:], x5)
-		xor(out[24:], in[24:], x6)
-		xor(out[28:], in[28:], x7)
-		xor(out[32:], in[32:], x8)
-		xor(out[36:], in[36:], x9)
-		xor(out[40:], in[40:], x10)
-		xor(out[44:], in[44:], x11)
-		xor(out[48:], in[48:], x12)
-		xor(out[52:], in[52:], x13)
-		xor(out[56:], in[56:], x14)
-		xor(out[60:], in[60:], x15)
+		src, dst = src[blockSize:], dst[blockSize:]
 	}
 }
 
diff --git a/vendor/golang.org/x/crypto/chacha20/xor.go b/vendor/golang.org/x/crypto/chacha20/xor.go
index 0110c9865..c2d04851e 100644
--- a/vendor/golang.org/x/crypto/chacha20/xor.go
+++ b/vendor/golang.org/x/crypto/chacha20/xor.go
@@ -13,10 +13,10 @@ const unaligned = runtime.GOARCH == "386" ||
 	runtime.GOARCH == "ppc64le" ||
 	runtime.GOARCH == "s390x"
 
-// xor reads a little endian uint32 from src, XORs it with u and
+// addXor reads a little endian uint32 from src, XORs it with (a + b) and
 // places the result in little endian byte order in dst.
-func xor(dst, src []byte, u uint32) {
-	_, _ = src[3], dst[3] // eliminate bounds checks
+func addXor(dst, src []byte, a, b uint32) {
+	_, _ = src[3], dst[3] // bounds check elimination hint
 	if unaligned {
 		// The compiler should optimize this code into
 		// 32-bit unaligned little endian loads and stores.
@@ -27,15 +27,16 @@ func xor(dst, src []byte, u uint32) {
 		v |= uint32(src[1]) << 8
 		v |= uint32(src[2]) << 16
 		v |= uint32(src[3]) << 24
-		v ^= u
+		v ^= a + b
 		dst[0] = byte(v)
 		dst[1] = byte(v >> 8)
 		dst[2] = byte(v >> 16)
 		dst[3] = byte(v >> 24)
 	} else {
-		dst[0] = src[0] ^ byte(u)
-		dst[1] = src[1] ^ byte(u>>8)
-		dst[2] = src[2] ^ byte(u>>16)
-		dst[3] = src[3] ^ byte(u>>24)
+		a += b
+		dst[0] = src[0] ^ byte(a)
+		dst[1] = src[1] ^ byte(a>>8)
+		dst[2] = src[2] ^ byte(a>>16)
+		dst[3] = src[3] ^ byte(a>>24)
 	}
 }
diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go
index 91b38568c..fe191d395 100644
--- a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go
+++ b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go
@@ -12,56 +12,64 @@ import (
 	"golang.org/x/crypto/poly1305"
 )
 
-func roundTo16(n int) int {
-	return 16 * ((n + 15) / 16)
+func writeWithPadding(p *poly1305.MAC, b []byte) {
+	p.Write(b)
+	if rem := len(b) % 16; rem != 0 {
+		var buf [16]byte
+		padLen := 16 - rem
+		p.Write(buf[:padLen])
+	}
+}
+
+func writeUint64(p *poly1305.MAC, n int) {
+	var buf [8]byte
+	binary.LittleEndian.PutUint64(buf[:], uint64(n))
+	p.Write(buf[:])
 }
 
 func (c *chacha20poly1305) sealGeneric(dst, nonce, plaintext, additionalData []byte) []byte {
 	ret, out := sliceForAppend(dst, len(plaintext)+poly1305.TagSize)
+	ciphertext, tag := out[:len(plaintext)], out[len(plaintext):]
 	if subtle.InexactOverlap(out, plaintext) {
 		panic("chacha20poly1305: invalid buffer overlap")
 	}
 
-	var polyKey, discardBuf [32]byte
+	var polyKey [32]byte
 	s, _ := chacha20.NewUnauthenticatedCipher(c.key[:], nonce)
 	s.XORKeyStream(polyKey[:], polyKey[:])
-	s.XORKeyStream(discardBuf[:], discardBuf[:]) // skip the next 32 bytes
-	s.XORKeyStream(out, plaintext)
-
-	polyInput := make([]byte, roundTo16(len(additionalData))+roundTo16(len(plaintext))+8+8)
-	copy(polyInput, additionalData)
-	copy(polyInput[roundTo16(len(additionalData)):], out[:len(plaintext)])
-	binary.LittleEndian.PutUint64(polyInput[len(polyInput)-16:], uint64(len(additionalData)))
-	binary.LittleEndian.PutUint64(polyInput[len(polyInput)-8:], uint64(len(plaintext)))
+	s.SetCounter(1) // set the counter to 1, skipping 32 bytes
+	s.XORKeyStream(ciphertext, plaintext)
 
-	var tag [poly1305.TagSize]byte
-	poly1305.Sum(&tag, polyInput, &polyKey)
-	copy(out[len(plaintext):], tag[:])
+	p := poly1305.New(&polyKey)
+	writeWithPadding(p, additionalData)
+	writeWithPadding(p, ciphertext)
+	writeUint64(p, len(additionalData))
+	writeUint64(p, len(plaintext))
+	p.Sum(tag[:0])
 
 	return ret
 }
 
 func (c *chacha20poly1305) openGeneric(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
-	var tag [poly1305.TagSize]byte
-	copy(tag[:], ciphertext[len(ciphertext)-16:])
+	tag := ciphertext[len(ciphertext)-16:]
 	ciphertext = ciphertext[:len(ciphertext)-16]
 
-	var polyKey, discardBuf [32]byte
+	var polyKey [32]byte
 	s, _ := chacha20.NewUnauthenticatedCipher(c.key[:], nonce)
 	s.XORKeyStream(polyKey[:], polyKey[:])
-	s.XORKeyStream(discardBuf[:], discardBuf[:]) // skip the next 32 bytes
+	s.SetCounter(1) // set the counter to 1, skipping 32 bytes
 
-	polyInput := make([]byte, roundTo16(len(additionalData))+roundTo16(len(ciphertext))+8+8)
-	copy(polyInput, additionalData)
-	copy(polyInput[roundTo16(len(additionalData)):], ciphertext)
-	binary.LittleEndian.PutUint64(polyInput[len(polyInput)-16:], uint64(len(additionalData)))
-	binary.LittleEndian.PutUint64(polyInput[len(polyInput)-8:], uint64(len(ciphertext)))
+	p := poly1305.New(&polyKey)
+	writeWithPadding(p, additionalData)
+	writeWithPadding(p, ciphertext)
+	writeUint64(p, len(additionalData))
+	writeUint64(p, len(ciphertext))
 
 	ret, out := sliceForAppend(dst, len(ciphertext))
 	if subtle.InexactOverlap(out, ciphertext) {
 		panic("chacha20poly1305: invalid buffer overlap")
 	}
-	if !poly1305.Verify(&tag, polyInput, &polyKey) {
+	if !p.Verify(tag) {
 		for i := range out {
 			out[i] = 0
 		}
diff --git a/vendor/golang.org/x/crypto/poly1305/mac_noasm.go b/vendor/golang.org/x/crypto/poly1305/mac_noasm.go
index b0c2cd056..347c8b15f 100644
--- a/vendor/golang.org/x/crypto/poly1305/mac_noasm.go
+++ b/vendor/golang.org/x/crypto/poly1305/mac_noasm.go
@@ -7,5 +7,3 @@
 package poly1305
 
 type mac struct{ macGeneric }
-
-func newMAC(key *[32]byte) mac { return mac{newMACGeneric(key)} }
diff --git a/vendor/golang.org/x/crypto/poly1305/poly1305.go b/vendor/golang.org/x/crypto/poly1305/poly1305.go
index 066159b79..3c75c2a67 100644
--- a/vendor/golang.org/x/crypto/poly1305/poly1305.go
+++ b/vendor/golang.org/x/crypto/poly1305/poly1305.go
@@ -46,10 +46,9 @@ func Verify(mac *[16]byte, m []byte, key *[32]byte) bool {
 // two different messages with the same key allows an attacker
 // to forge messages at will.
 func New(key *[32]byte) *MAC {
-	return &MAC{
-		mac:       newMAC(key),
-		finalized: false,
-	}
+	m := &MAC{}
+	initialize(key, &m.macState)
+	return m
 }
 
 // MAC is an io.Writer computing an authentication tag
@@ -58,7 +57,7 @@ func New(key *[32]byte) *MAC {
 // MAC cannot be used like common hash.Hash implementations,
 // because using a poly1305 key twice breaks its security.
 // Therefore writing data to a running MAC after calling
-// Sum causes it to panic.
+// Sum or Verify causes it to panic.
 type MAC struct {
 	mac // platform-dependent implementation
 
@@ -71,10 +70,10 @@ func (h *MAC) Size() int { return TagSize }
 // Write adds more data to the running message authentication code.
 // It never returns an error.
 //
-// It must not be called after the first call of Sum.
+// It must not be called after the first call of Sum or Verify.
 func (h *MAC) Write(p []byte) (n int, err error) {
 	if h.finalized {
-		panic("poly1305: write to MAC after Sum")
+		panic("poly1305: write to MAC after Sum or Verify")
 	}
 	return h.mac.Write(p)
 }
@@ -87,3 +86,12 @@ func (h *MAC) Sum(b []byte) []byte {
 	h.finalized = true
 	return append(b, mac[:]...)
 }
+
+// Verify returns whether the authenticator of all data written to
+// the message authentication code matches the expected value.
+func (h *MAC) Verify(expected []byte) bool {
+	var mac [TagSize]byte
+	h.mac.Sum(&mac)
+	h.finalized = true
+	return subtle.ConstantTimeCompare(expected, mac[:]) == 1
+}
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_amd64.go b/vendor/golang.org/x/crypto/poly1305/sum_amd64.go
index 35b9e38c9..99e5a1d50 100644
--- a/vendor/golang.org/x/crypto/poly1305/sum_amd64.go
+++ b/vendor/golang.org/x/crypto/poly1305/sum_amd64.go
@@ -9,17 +9,6 @@ package poly1305
 //go:noescape
 func update(state *macState, msg []byte)
 
-func sum(out *[16]byte, m []byte, key *[32]byte) {
-	h := newMAC(key)
-	h.Write(m)
-	h.Sum(out)
-}
-
-func newMAC(key *[32]byte) (h mac) {
-	initialize(key, &h.r, &h.s)
-	return
-}
-
 // mac is a wrapper for macGeneric that redirects calls that would have gone to
 // updateGeneric to update.
 //
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_generic.go b/vendor/golang.org/x/crypto/poly1305/sum_generic.go
index 1187eab78..c77ff179d 100644
--- a/vendor/golang.org/x/crypto/poly1305/sum_generic.go
+++ b/vendor/golang.org/x/crypto/poly1305/sum_generic.go
@@ -31,9 +31,10 @@ func sumGeneric(out *[TagSize]byte, msg []byte, key *[32]byte) {
 	h.Sum(out)
 }
 
-func newMACGeneric(key *[32]byte) (h macGeneric) {
-	initialize(key, &h.r, &h.s)
-	return
+func newMACGeneric(key *[32]byte) macGeneric {
+	m := macGeneric{}
+	initialize(key, &m.macState)
+	return m
 }
 
 // macState holds numbers in saturated 64-bit little-endian limbs. That is,
@@ -97,11 +98,12 @@ const (
 	rMask1 = 0x0FFFFFFC0FFFFFFC
 )
 
-func initialize(key *[32]byte, r, s *[2]uint64) {
-	r[0] = binary.LittleEndian.Uint64(key[0:8]) & rMask0
-	r[1] = binary.LittleEndian.Uint64(key[8:16]) & rMask1
-	s[0] = binary.LittleEndian.Uint64(key[16:24])
-	s[1] = binary.LittleEndian.Uint64(key[24:32])
+// initialize loads the 256-bit key into the two 128-bit secret values r and s.
+func initialize(key *[32]byte, m *macState) {
+	m.r[0] = binary.LittleEndian.Uint64(key[0:8]) & rMask0
+	m.r[1] = binary.LittleEndian.Uint64(key[8:16]) & rMask1
+	m.s[0] = binary.LittleEndian.Uint64(key[16:24])
+	m.s[1] = binary.LittleEndian.Uint64(key[24:32])
 }
 
 // uint128 holds a 128-bit number as two 64-bit limbs, for use with the
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_noasm.go b/vendor/golang.org/x/crypto/poly1305/sum_noasm.go
index 2e3ae34c7..2b55a29c5 100644
--- a/vendor/golang.org/x/crypto/poly1305/sum_noasm.go
+++ b/vendor/golang.org/x/crypto/poly1305/sum_noasm.go
@@ -2,12 +2,17 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build s390x,!go1.11 !amd64,!s390x,!ppc64le gccgo purego
+// At this point only s390x has an assembly implementation of sum. All other
+// platforms have assembly implementations of mac, and just define sum as using
+// that through New. Once s390x is ported, this file can be deleted and the body
+// of sum moved into Sum.
+
+// +build !go1.11 !s390x gccgo purego
 
 package poly1305
 
 func sum(out *[TagSize]byte, msg []byte, key *[32]byte) {
-	h := newMAC(key)
+	h := New(key)
 	h.Write(msg)
-	h.Sum(out)
+	h.Sum(out[:0])
 }
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.go b/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.go
index 92597bb8c..2e7a120b1 100644
--- a/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.go
+++ b/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.go
@@ -9,17 +9,6 @@ package poly1305
 //go:noescape
 func update(state *macState, msg []byte)
 
-func sum(out *[16]byte, m []byte, key *[32]byte) {
-	h := newMAC(key)
-	h.Write(m)
-	h.Sum(out)
-}
-
-func newMAC(key *[32]byte) (h mac) {
-	initialize(key, &h.r, &h.s)
-	return
-}
-
 // mac is a wrapper for macGeneric that redirects calls that would have gone to
 // updateGeneric to update.
 //
diff --git a/vendor/golang.org/x/crypto/ssh/terminal/terminal.go b/vendor/golang.org/x/crypto/ssh/terminal/terminal.go
index d1b4fca3a..2ffb97bfb 100644
--- a/vendor/golang.org/x/crypto/ssh/terminal/terminal.go
+++ b/vendor/golang.org/x/crypto/ssh/terminal/terminal.go
@@ -113,6 +113,7 @@ func NewTerminal(c io.ReadWriter, prompt string) *Terminal {
 }
 
 const (
+	keyCtrlC     = 3
 	keyCtrlD     = 4
 	keyCtrlU     = 21
 	keyEnter     = '\r'
@@ -151,8 +152,12 @@ func bytesToKey(b []byte, pasteActive bool) (rune, []byte) {
 		switch b[0] {
 		case 1: // ^A
 			return keyHome, b[1:]
+		case 2: // ^B
+			return keyLeft, b[1:]
 		case 5: // ^E
 			return keyEnd, b[1:]
+		case 6: // ^F
+			return keyRight, b[1:]
 		case 8: // ^H
 			return keyBackspace, b[1:]
 		case 11: // ^K
@@ -738,6 +743,9 @@ func (t *Terminal) readLine() (line string, err error) {
 						return "", io.EOF
 					}
 				}
+				if key == keyCtrlC {
+					return "", io.EOF
+				}
 				if key == keyPasteStart {
 					t.pasteActive = true
 					if len(t.line) == 0 {
diff --git a/vendor/golang.org/x/sys/unix/README.md b/vendor/golang.org/x/sys/unix/README.md
index ab433ccfb..579d2d735 100644
--- a/vendor/golang.org/x/sys/unix/README.md
+++ b/vendor/golang.org/x/sys/unix/README.md
@@ -89,7 +89,7 @@ constants.
 
 Adding new syscall numbers is mostly done by running the build on a sufficiently
 new installation of the target OS (or updating the source checkouts for the
-new build system). However, depending on the OS, you make need to update the
+new build system). However, depending on the OS, you may need to update the
 parsing in mksysnum.
 
 ### mksyscall.go
@@ -163,7 +163,7 @@ The merge is performed in the following steps:
 
 ## Generated files
 
-### `zerror_${GOOS}_${GOARCH}.go`
+### `zerrors_${GOOS}_${GOARCH}.go`
 
 A file containing all of the system's generated error numbers, error strings,
 signal numbers, and constants. Generated by `mkerrors.sh` (see above).
diff --git a/vendor/golang.org/x/sys/unix/errors_freebsd_386.go b/vendor/golang.org/x/sys/unix/errors_freebsd_386.go
index c56bc8b05..761db66ef 100644
--- a/vendor/golang.org/x/sys/unix/errors_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/errors_freebsd_386.go
@@ -8,6 +8,7 @@
 package unix
 
 const (
+	DLT_HHDLC                         = 0x79
 	IFF_SMART                         = 0x20
 	IFT_1822                          = 0x2
 	IFT_A12MPPSWITCH                  = 0x82
@@ -210,13 +211,18 @@ const (
 	IFT_XETHER                        = 0x1a
 	IPPROTO_MAXID                     = 0x34
 	IPV6_FAITH                        = 0x1d
+	IPV6_MIN_MEMBERSHIPS              = 0x1f
 	IP_FAITH                          = 0x16
+	IP_MAX_SOURCE_FILTER              = 0x400
+	IP_MIN_MEMBERSHIPS                = 0x1f
 	MAP_NORESERVE                     = 0x40
 	MAP_RENAME                        = 0x20
 	NET_RT_MAXID                      = 0x6
 	RTF_PRCLONING                     = 0x10000
 	RTM_OLDADD                        = 0x9
 	RTM_OLDDEL                        = 0xa
+	RT_CACHING_CONTEXT                = 0x1
+	RT_NORTREF                        = 0x2
 	SIOCADDRT                         = 0x8030720a
 	SIOCALIFADDR                      = 0x8118691b
 	SIOCDELRT                         = 0x8030720b
diff --git a/vendor/golang.org/x/sys/unix/errors_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/errors_freebsd_amd64.go
index 3e9771175..070f44b65 100644
--- a/vendor/golang.org/x/sys/unix/errors_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/errors_freebsd_amd64.go
@@ -8,6 +8,7 @@
 package unix
 
 const (
+	DLT_HHDLC                         = 0x79
 	IFF_SMART                         = 0x20
 	IFT_1822                          = 0x2
 	IFT_A12MPPSWITCH                  = 0x82
@@ -210,13 +211,18 @@ const (
 	IFT_XETHER                        = 0x1a
 	IPPROTO_MAXID                     = 0x34
 	IPV6_FAITH                        = 0x1d
+	IPV6_MIN_MEMBERSHIPS              = 0x1f
 	IP_FAITH                          = 0x16
+	IP_MAX_SOURCE_FILTER              = 0x400
+	IP_MIN_MEMBERSHIPS                = 0x1f
 	MAP_NORESERVE                     = 0x40
 	MAP_RENAME                        = 0x20
 	NET_RT_MAXID                      = 0x6
 	RTF_PRCLONING                     = 0x10000
 	RTM_OLDADD                        = 0x9
 	RTM_OLDDEL                        = 0xa
+	RT_CACHING_CONTEXT                = 0x1
+	RT_NORTREF                        = 0x2
 	SIOCADDRT                         = 0x8040720a
 	SIOCALIFADDR                      = 0x8118691b
 	SIOCDELRT                         = 0x8040720b
diff --git a/vendor/golang.org/x/sys/unix/errors_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/errors_freebsd_arm64.go
new file mode 100644
index 000000000..946dcf3fc
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/errors_freebsd_arm64.go
@@ -0,0 +1,17 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Constants that were deprecated or moved to enums in the FreeBSD headers. Keep
+// them here for backwards compatibility.
+
+package unix
+
+const (
+	DLT_HHDLC            = 0x79
+	IPV6_MIN_MEMBERSHIPS = 0x1f
+	IP_MAX_SOURCE_FILTER = 0x400
+	IP_MIN_MEMBERSHIPS   = 0x1f
+	RT_CACHING_CONTEXT   = 0x1
+	RT_NORTREF           = 0x2
+)
diff --git a/vendor/golang.org/x/sys/unix/mkall.sh b/vendor/golang.org/x/sys/unix/mkall.sh
index fa0c69b9d..ece31e9dc 100644
--- a/vendor/golang.org/x/sys/unix/mkall.sh
+++ b/vendor/golang.org/x/sys/unix/mkall.sh
@@ -124,7 +124,7 @@ freebsd_arm)
 freebsd_arm64)
 	mkerrors="$mkerrors -m64"
 	mksysnum="go run mksysnum.go 'https://svn.freebsd.org/base/stable/11/sys/kern/syscalls.master'"
-	mktypes="GOARCH=$GOARCH go tool cgo -godefs"
+	mktypes="GOARCH=$GOARCH go tool cgo -godefs -- -fsigned-char"
 	;;
 netbsd_386)
 	mkerrors="$mkerrors -m32"
@@ -190,6 +190,12 @@ solaris_amd64)
 	mksysnum=
 	mktypes="GOARCH=$GOARCH go tool cgo -godefs"
 	;;
+illumos_amd64)
+        mksyscall="go run mksyscall_solaris.go"
+	mkerrors=
+	mksysnum=
+	mktypes=
+	;;
 *)
 	echo 'unrecognized $GOOS_$GOARCH: ' "$GOOSARCH" 1>&2
 	exit 1
@@ -217,6 +223,11 @@ esac
 				echo "$mksyscall -tags $GOOS,$GOARCH,go1.12 $syscall_goos $GOOSARCH_in |gofmt >zsyscall_$GOOSARCH.go";
 				# 1.13 and later, syscalls via libSystem (including syscallPtr)
 				echo "$mksyscall -tags $GOOS,$GOARCH,go1.13 syscall_darwin.1_13.go |gofmt >zsyscall_$GOOSARCH.1_13.go";
+			elif [ "$GOOS" == "illumos" ]; then
+			        # illumos code generation requires a --illumos switch
+			        echo "$mksyscall -illumos -tags illumos,$GOARCH syscall_illumos.go |gofmt > zsyscall_illumos_$GOARCH.go";
+			        # illumos implies solaris, so solaris code generation is also required
+				echo "$mksyscall -tags solaris,$GOARCH syscall_solaris.go syscall_solaris_$GOARCH.go |gofmt >zsyscall_solaris_$GOARCH.go";
 			else
 				echo "$mksyscall -tags $GOOS,$GOARCH $syscall_goos $GOOSARCH_in |gofmt >zsyscall_$GOOSARCH.go";
 			fi
diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh
index 96bf2a919..ab09aafcf 100644
--- a/vendor/golang.org/x/sys/unix/mkerrors.sh
+++ b/vendor/golang.org/x/sys/unix/mkerrors.sh
@@ -105,6 +105,7 @@ includes_FreeBSD='
 #include <sys/capsicum.h>
 #include <sys/param.h>
 #include <sys/types.h>
+#include <sys/disk.h>
 #include <sys/event.h>
 #include <sys/select.h>
 #include <sys/socket.h>
@@ -199,6 +200,7 @@ struct ltchars {
 #include <linux/filter.h>
 #include <linux/fs.h>
 #include <linux/fscrypt.h>
+#include <linux/fsverity.h>
 #include <linux/genetlink.h>
 #include <linux/hdreg.h>
 #include <linux/icmpv6.h>
@@ -280,6 +282,11 @@ struct ltchars {
 // for the tipc_subscr timeout __u32 field.
 #undef TIPC_WAIT_FOREVER
 #define TIPC_WAIT_FOREVER 0xffffffff
+
+// Copied from linux/l2tp.h
+// Including linux/l2tp.h here causes conflicts between linux/in.h
+// and netinet/in.h included via net/route.h above.
+#define IPPROTO_L2TP		115
 '
 
 includes_NetBSD='
@@ -479,6 +486,7 @@ ccflags="$@"
 		$2 ~ /^LINUX_REBOOT_MAGIC[12]$/ ||
 		$2 ~ /^MODULE_INIT_/ ||
 		$2 !~ "NLA_TYPE_MASK" &&
+		$2 !~ /^RTC_VL_(ACCURACY|BACKUP|DATA)/ &&
 		$2 ~ /^(NETLINK|NLM|NLMSG|NLA|IFA|IFAN|RT|RTC|RTCF|RTN|RTPROT|RTNH|ARPHRD|ETH_P|NETNSA)_/ ||
 		$2 ~ /^SIOC/ ||
 		$2 ~ /^TIOC/ ||
@@ -488,6 +496,7 @@ ccflags="$@"
 		$2 !~ "RTF_BITS" &&
 		$2 ~ /^(IFF|IFT|NET_RT|RTM(GRP)?|RTF|RTV|RTA|RTAX)_/ ||
 		$2 ~ /^BIOC/ ||
+		$2 ~ /^DIOC/ ||
 		$2 ~ /^RUSAGE_(SELF|CHILDREN|THREAD)/ ||
 		$2 ~ /^RLIMIT_(AS|CORE|CPU|DATA|FSIZE|LOCKS|MEMLOCK|MSGQUEUE|NICE|NOFILE|NPROC|RSS|RTPRIO|RTTIME|SIGPENDING|STACK)|RLIM_INFINITY/ ||
 		$2 ~ /^PRIO_(PROCESS|PGRP|USER)/ ||
@@ -499,7 +508,8 @@ ccflags="$@"
 		$2 ~ /^CAP_/ ||
 		$2 ~ /^ALG_/ ||
 		$2 ~ /^FS_(POLICY_FLAGS|KEY_DESC|ENCRYPTION_MODE|[A-Z0-9_]+_KEY_SIZE)/ ||
-		$2 ~ /^FS_IOC_.*ENCRYPTION/ ||
+		$2 ~ /^FS_IOC_.*(ENCRYPTION|VERITY|GETFLAGS)/ ||
+		$2 ~ /^FS_VERITY_/ ||
 		$2 ~ /^FSCRYPT_/ ||
 		$2 ~ /^GRND_/ ||
 		$2 ~ /^RND/ ||
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd.go b/vendor/golang.org/x/sys/unix/syscall_freebsd.go
index 6b2eca493..6932e7c2c 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd.go
@@ -521,10 +521,6 @@ func PtraceGetFpRegs(pid int, fpregsout *FpReg) (err error) {
 	return ptrace(PTRACE_GETFPREGS, pid, uintptr(unsafe.Pointer(fpregsout)), 0)
 }
 
-func PtraceGetFsBase(pid int, fsbase *int64) (err error) {
-	return ptrace(PTRACE_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0)
-}
-
 func PtraceGetRegs(pid int, regsout *Reg) (err error) {
 	return ptrace(PTRACE_GETREGS, pid, uintptr(unsafe.Pointer(regsout)), 0)
 }
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
index 0a5a66fab..72a506ddc 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
@@ -55,6 +55,10 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 
 func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
 
+func PtraceGetFsBase(pid int, fsbase *int64) (err error) {
+	return ptrace(PTRACE_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0)
+}
+
 func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) {
 	ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint32(countin)}
 	err = ptrace(PTRACE_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
index 8025b22d0..d5e376aca 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
@@ -55,6 +55,10 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 
 func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
 
+func PtraceGetFsBase(pid int, fsbase *int64) (err error) {
+	return ptrace(PTRACE_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0)
+}
+
 func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) {
 	ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint64(countin)}
 	err = ptrace(PTRACE_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
diff --git a/vendor/golang.org/x/sys/unix/syscall_illumos.go b/vendor/golang.org/x/sys/unix/syscall_illumos.go
new file mode 100644
index 000000000..99e62dcd8
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/syscall_illumos.go
@@ -0,0 +1,57 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// illumos system calls not present on Solaris.
+
+// +build amd64,illumos
+
+package unix
+
+import "unsafe"
+
+func bytes2iovec(bs [][]byte) []Iovec {
+	iovecs := make([]Iovec, len(bs))
+	for i, b := range bs {
+		iovecs[i].SetLen(len(b))
+		if len(b) > 0 {
+			// somehow Iovec.Base on illumos is (*int8), not (*byte)
+			iovecs[i].Base = (*int8)(unsafe.Pointer(&b[0]))
+		} else {
+			iovecs[i].Base = (*int8)(unsafe.Pointer(&_zero))
+		}
+	}
+	return iovecs
+}
+
+//sys   readv(fd int, iovs []Iovec) (n int, err error)
+
+func Readv(fd int, iovs [][]byte) (n int, err error) {
+	iovecs := bytes2iovec(iovs)
+	n, err = readv(fd, iovecs)
+	return n, err
+}
+
+//sys   preadv(fd int, iovs []Iovec, off int64) (n int, err error)
+
+func Preadv(fd int, iovs [][]byte, off int64) (n int, err error) {
+	iovecs := bytes2iovec(iovs)
+	n, err = preadv(fd, iovecs, off)
+	return n, err
+}
+
+//sys   writev(fd int, iovs []Iovec) (n int, err error)
+
+func Writev(fd int, iovs [][]byte) (n int, err error) {
+	iovecs := bytes2iovec(iovs)
+	n, err = writev(fd, iovecs)
+	return n, err
+}
+
+//sys   pwritev(fd int, iovs []Iovec, off int64) (n int, err error)
+
+func Pwritev(fd int, iovs [][]byte, off int64) (n int, err error) {
+	iovecs := bytes2iovec(iovs)
+	n, err = pwritev(fd, iovecs, off)
+	return n, err
+}
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go
index 95f7a159a..bbe1abbce 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux.go
@@ -839,6 +839,40 @@ func (sa *SockaddrTIPC) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	return unsafe.Pointer(&sa.raw), SizeofSockaddrTIPC, nil
 }
 
+// SockaddrL2TPIP implements the Sockaddr interface for IPPROTO_L2TP/AF_INET sockets.
+type SockaddrL2TPIP struct {
+	Addr   [4]byte
+	ConnId uint32
+	raw    RawSockaddrL2TPIP
+}
+
+func (sa *SockaddrL2TPIP) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	sa.raw.Family = AF_INET
+	sa.raw.Conn_id = sa.ConnId
+	for i := 0; i < len(sa.Addr); i++ {
+		sa.raw.Addr[i] = sa.Addr[i]
+	}
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrL2TPIP, nil
+}
+
+// SockaddrL2TPIP6 implements the Sockaddr interface for IPPROTO_L2TP/AF_INET6 sockets.
+type SockaddrL2TPIP6 struct {
+	Addr   [16]byte
+	ZoneId uint32
+	ConnId uint32
+	raw    RawSockaddrL2TPIP6
+}
+
+func (sa *SockaddrL2TPIP6) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	sa.raw.Family = AF_INET6
+	sa.raw.Conn_id = sa.ConnId
+	sa.raw.Scope_id = sa.ZoneId
+	for i := 0; i < len(sa.Addr); i++ {
+		sa.raw.Addr[i] = sa.Addr[i]
+	}
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrL2TPIP6, nil
+}
+
 func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 	switch rsa.Addr.Family {
 	case AF_NETLINK:
@@ -889,25 +923,58 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 		return sa, nil
 
 	case AF_INET:
-		pp := (*RawSockaddrInet4)(unsafe.Pointer(rsa))
-		sa := new(SockaddrInet4)
-		p := (*[2]byte)(unsafe.Pointer(&pp.Port))
-		sa.Port = int(p[0])<<8 + int(p[1])
-		for i := 0; i < len(sa.Addr); i++ {
-			sa.Addr[i] = pp.Addr[i]
+		proto, err := GetsockoptInt(fd, SOL_SOCKET, SO_PROTOCOL)
+		if err != nil {
+			return nil, err
+		}
+
+		switch proto {
+		case IPPROTO_L2TP:
+			pp := (*RawSockaddrL2TPIP)(unsafe.Pointer(rsa))
+			sa := new(SockaddrL2TPIP)
+			sa.ConnId = pp.Conn_id
+			for i := 0; i < len(sa.Addr); i++ {
+				sa.Addr[i] = pp.Addr[i]
+			}
+			return sa, nil
+		default:
+			pp := (*RawSockaddrInet4)(unsafe.Pointer(rsa))
+			sa := new(SockaddrInet4)
+			p := (*[2]byte)(unsafe.Pointer(&pp.Port))
+			sa.Port = int(p[0])<<8 + int(p[1])
+			for i := 0; i < len(sa.Addr); i++ {
+				sa.Addr[i] = pp.Addr[i]
+			}
+			return sa, nil
 		}
-		return sa, nil
 
 	case AF_INET6:
-		pp := (*RawSockaddrInet6)(unsafe.Pointer(rsa))
-		sa := new(SockaddrInet6)
-		p := (*[2]byte)(unsafe.Pointer(&pp.Port))
-		sa.Port = int(p[0])<<8 + int(p[1])
-		sa.ZoneId = pp.Scope_id
-		for i := 0; i < len(sa.Addr); i++ {
-			sa.Addr[i] = pp.Addr[i]
+		proto, err := GetsockoptInt(fd, SOL_SOCKET, SO_PROTOCOL)
+		if err != nil {
+			return nil, err
+		}
+
+		switch proto {
+		case IPPROTO_L2TP:
+			pp := (*RawSockaddrL2TPIP6)(unsafe.Pointer(rsa))
+			sa := new(SockaddrL2TPIP6)
+			sa.ConnId = pp.Conn_id
+			sa.ZoneId = pp.Scope_id
+			for i := 0; i < len(sa.Addr); i++ {
+				sa.Addr[i] = pp.Addr[i]
+			}
+			return sa, nil
+		default:
+			pp := (*RawSockaddrInet6)(unsafe.Pointer(rsa))
+			sa := new(SockaddrInet6)
+			p := (*[2]byte)(unsafe.Pointer(&pp.Port))
+			sa.Port = int(p[0])<<8 + int(p[1])
+			sa.ZoneId = pp.Scope_id
+			for i := 0; i < len(sa.Addr); i++ {
+				sa.Addr[i] = pp.Addr[i]
+			}
+			return sa, nil
 		}
-		return sa, nil
 
 	case AF_VSOCK:
 		pp := (*RawSockaddrVM)(unsafe.Pointer(rsa))
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
index 807a0b20c..84ff9fa64 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
@@ -25,7 +25,7 @@ func EpollCreate(size int) (fd int, err error) {
 //sysnb	Getegid() (egid int)
 //sysnb	Geteuid() (euid int)
 //sysnb	Getgid() (gid int)
-//sysnb	Getrlimit(resource int, rlim *Rlimit) (err error)
+//sysnb	getrlimit(resource int, rlim *Rlimit) (err error)
 //sysnb	Getuid() (uid int)
 //sys	Listen(s int, n int) (err error)
 //sys	Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64
@@ -47,7 +47,7 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err
 //sysnb	Setregid(rgid int, egid int) (err error)
 //sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
 //sysnb	Setresuid(ruid int, euid int, suid int) (err error)
-//sysnb	Setrlimit(resource int, rlim *Rlimit) (err error)
+//sysnb	setrlimit(resource int, rlim *Rlimit) (err error)
 //sysnb	Setreuid(ruid int, euid int) (err error)
 //sys	Shutdown(fd int, how int) (err error)
 //sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error)
@@ -168,6 +168,24 @@ func Pipe2(p []int, flags int) (err error) {
 	return
 }
 
+// Getrlimit prefers the prlimit64 system call. See issue 38604.
+func Getrlimit(resource int, rlim *Rlimit) error {
+	err := prlimit(0, resource, nil, rlim)
+	if err != ENOSYS {
+		return err
+	}
+	return getrlimit(resource, rlim)
+}
+
+// Setrlimit prefers the prlimit64 system call. See issue 38604.
+func Setrlimit(resource int, rlim *Rlimit) error {
+	err := prlimit(0, resource, rlim, nil)
+	if err != ENOSYS {
+		return err
+	}
+	return setrlimit(resource, rlim)
+}
+
 func (r *PtraceRegs) PC() uint64 { return r.Pc }
 
 func (r *PtraceRegs) SetPC(pc uint64) { r.Pc = pc }
diff --git a/vendor/golang.org/x/sys/unix/syscall_unix.go b/vendor/golang.org/x/sys/unix/syscall_unix.go
index 3de37566c..8f710d014 100644
--- a/vendor/golang.org/x/sys/unix/syscall_unix.go
+++ b/vendor/golang.org/x/sys/unix/syscall_unix.go
@@ -76,7 +76,7 @@ func SignalName(s syscall.Signal) string {
 // The signal name should start with "SIG".
 func SignalNum(s string) syscall.Signal {
 	signalNameMapOnce.Do(func() {
-		signalNameMap = make(map[string]syscall.Signal)
+		signalNameMap = make(map[string]syscall.Signal, len(signalList))
 		for _, signal := range signalList {
 			signalNameMap[signal.name] = signal.num
 		}
diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
index b72544fcd..848245873 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
@@ -355,6 +355,22 @@ const (
 	CTL_KERN                       = 0x1
 	CTL_MAXNAME                    = 0x18
 	CTL_NET                        = 0x4
+	DIOCGATTR                      = 0xc144648e
+	DIOCGDELETE                    = 0x80106488
+	DIOCGFLUSH                     = 0x20006487
+	DIOCGFRONTSTUFF                = 0x40086486
+	DIOCGFWHEADS                   = 0x40046483
+	DIOCGFWSECTORS                 = 0x40046482
+	DIOCGIDENT                     = 0x41006489
+	DIOCGMEDIASIZE                 = 0x40086481
+	DIOCGPHYSPATH                  = 0x4400648d
+	DIOCGPROVIDERNAME              = 0x4400648a
+	DIOCGSECTORSIZE                = 0x40046480
+	DIOCGSTRIPEOFFSET              = 0x4008648c
+	DIOCGSTRIPESIZE                = 0x4008648b
+	DIOCSKERNELDUMP                = 0x804c6490
+	DIOCSKERNELDUMP_FREEBSD11      = 0x80046485
+	DIOCZONECMD                    = 0xc06c648f
 	DLT_A429                       = 0xb8
 	DLT_A653_ICM                   = 0xb9
 	DLT_AIRONET_HEADER             = 0x78
@@ -379,11 +395,14 @@ const (
 	DLT_CHAOS                      = 0x5
 	DLT_CHDLC                      = 0x68
 	DLT_CISCO_IOS                  = 0x76
+	DLT_CLASS_NETBSD_RAWAF         = 0x2240000
 	DLT_C_HDLC                     = 0x68
 	DLT_C_HDLC_WITH_DIR            = 0xcd
 	DLT_DBUS                       = 0xe7
 	DLT_DECT                       = 0xdd
+	DLT_DISPLAYPORT_AUX            = 0x113
 	DLT_DOCSIS                     = 0x8f
+	DLT_DOCSIS31_XRA31             = 0x111
 	DLT_DVB_CI                     = 0xeb
 	DLT_ECONET                     = 0x73
 	DLT_EN10MB                     = 0x1
@@ -393,6 +412,7 @@ const (
 	DLT_ERF                        = 0xc5
 	DLT_ERF_ETH                    = 0xaf
 	DLT_ERF_POS                    = 0xb0
+	DLT_ETHERNET_MPACKET           = 0x112
 	DLT_FC_2                       = 0xe0
 	DLT_FC_2_WITH_FRAME_DELIMS     = 0xe1
 	DLT_FDDI                       = 0xa
@@ -406,7 +426,6 @@ const (
 	DLT_GPRS_LLC                   = 0xa9
 	DLT_GSMTAP_ABIS                = 0xda
 	DLT_GSMTAP_UM                  = 0xd9
-	DLT_HHDLC                      = 0x79
 	DLT_IBM_SN                     = 0x92
 	DLT_IBM_SP                     = 0x91
 	DLT_IEEE802                    = 0x6
@@ -429,6 +448,7 @@ const (
 	DLT_IPV4                       = 0xe4
 	DLT_IPV6                       = 0xe5
 	DLT_IP_OVER_FC                 = 0x7a
+	DLT_ISO_14443                  = 0x108
 	DLT_JUNIPER_ATM1               = 0x89
 	DLT_JUNIPER_ATM2               = 0x87
 	DLT_JUNIPER_ATM_CEMIC          = 0xee
@@ -461,8 +481,9 @@ const (
 	DLT_LINUX_PPP_WITHDIRECTION    = 0xa6
 	DLT_LINUX_SLL                  = 0x71
 	DLT_LOOP                       = 0x6c
+	DLT_LORATAP                    = 0x10e
 	DLT_LTALK                      = 0x72
-	DLT_MATCHING_MAX               = 0x104
+	DLT_MATCHING_MAX               = 0x113
 	DLT_MATCHING_MIN               = 0x68
 	DLT_MFR                        = 0xb6
 	DLT_MOST                       = 0xd3
@@ -478,14 +499,16 @@ const (
 	DLT_NFC_LLCP                   = 0xf5
 	DLT_NFLOG                      = 0xef
 	DLT_NG40                       = 0xf4
+	DLT_NORDIC_BLE                 = 0x110
 	DLT_NULL                       = 0x0
+	DLT_OPENFLOW                   = 0x10b
 	DLT_PCI_EXP                    = 0x7d
 	DLT_PFLOG                      = 0x75
 	DLT_PFSYNC                     = 0x79
 	DLT_PKTAP                      = 0x102
 	DLT_PPI                        = 0xc0
 	DLT_PPP                        = 0x9
-	DLT_PPP_BSDOS                  = 0x10
+	DLT_PPP_BSDOS                  = 0xe
 	DLT_PPP_ETHER                  = 0x33
 	DLT_PPP_PPPD                   = 0xa6
 	DLT_PPP_SERIAL                 = 0x32
@@ -496,19 +519,25 @@ const (
 	DLT_PRONET                     = 0x4
 	DLT_RAIF1                      = 0xc6
 	DLT_RAW                        = 0xc
+	DLT_RDS                        = 0x109
+	DLT_REDBACK_SMARTEDGE          = 0x20
 	DLT_RIO                        = 0x7c
 	DLT_RTAC_SERIAL                = 0xfa
 	DLT_SCCP                       = 0x8e
 	DLT_SCTP                       = 0xf8
+	DLT_SDLC                       = 0x10c
 	DLT_SITA                       = 0xc4
 	DLT_SLIP                       = 0x8
-	DLT_SLIP_BSDOS                 = 0xf
+	DLT_SLIP_BSDOS                 = 0xd
 	DLT_STANAG_5066_D_PDU          = 0xed
 	DLT_SUNATM                     = 0x7b
 	DLT_SYMANTEC_FIREWALL          = 0x63
+	DLT_TI_LLN_SNIFFER             = 0x10d
 	DLT_TZSP                       = 0x80
 	DLT_USB                        = 0xba
 	DLT_USBPCAP                    = 0xf9
+	DLT_USB_DARWIN                 = 0x10a
+	DLT_USB_FREEBSD                = 0xba
 	DLT_USB_LINUX                  = 0xbd
 	DLT_USB_LINUX_MMAPPED          = 0xdc
 	DLT_USER0                      = 0x93
@@ -527,10 +556,14 @@ const (
 	DLT_USER7                      = 0x9a
 	DLT_USER8                      = 0x9b
 	DLT_USER9                      = 0x9c
+	DLT_VSOCK                      = 0x10f
+	DLT_WATTSTOPPER_DLM            = 0x107
 	DLT_WIHART                     = 0xdf
 	DLT_WIRESHARK_UPPER_PDU        = 0xfc
 	DLT_X2E_SERIAL                 = 0xd5
 	DLT_X2E_XORAYA                 = 0xd6
+	DLT_ZWAVE_R1_R2                = 0x105
+	DLT_ZWAVE_R3                   = 0x106
 	DT_BLK                         = 0x6
 	DT_CHR                         = 0x2
 	DT_DIR                         = 0x4
@@ -548,6 +581,7 @@ const (
 	ECHONL                         = 0x10
 	ECHOPRT                        = 0x20
 	EVFILT_AIO                     = -0x3
+	EVFILT_EMPTY                   = -0xd
 	EVFILT_FS                      = -0x9
 	EVFILT_LIO                     = -0xa
 	EVFILT_PROC                    = -0x5
@@ -555,11 +589,12 @@ const (
 	EVFILT_READ                    = -0x1
 	EVFILT_SENDFILE                = -0xc
 	EVFILT_SIGNAL                  = -0x6
-	EVFILT_SYSCOUNT                = 0xc
+	EVFILT_SYSCOUNT                = 0xd
 	EVFILT_TIMER                   = -0x7
 	EVFILT_USER                    = -0xb
 	EVFILT_VNODE                   = -0x4
 	EVFILT_WRITE                   = -0x2
+	EVNAMEMAP_NAME_SIZE            = 0x40
 	EV_ADD                         = 0x1
 	EV_CLEAR                       = 0x20
 	EV_DELETE                      = 0x2
@@ -576,6 +611,7 @@ const (
 	EV_RECEIPT                     = 0x40
 	EV_SYSFLAGS                    = 0xf000
 	EXTA                           = 0x4b00
+	EXTATTR_MAXNAMELEN             = 0xff
 	EXTATTR_NAMESPACE_EMPTY        = 0x0
 	EXTATTR_NAMESPACE_SYSTEM       = 0x2
 	EXTATTR_NAMESPACE_USER         = 0x1
@@ -617,6 +653,7 @@ const (
 	IEXTEN                         = 0x400
 	IFAN_ARRIVAL                   = 0x0
 	IFAN_DEPARTURE                 = 0x1
+	IFCAP_WOL_MAGIC                = 0x2000
 	IFF_ALLMULTI                   = 0x200
 	IFF_ALTPHYS                    = 0x4000
 	IFF_BROADCAST                  = 0x2
@@ -633,6 +670,7 @@ const (
 	IFF_MONITOR                    = 0x40000
 	IFF_MULTICAST                  = 0x8000
 	IFF_NOARP                      = 0x80
+	IFF_NOGROUP                    = 0x800000
 	IFF_OACTIVE                    = 0x400
 	IFF_POINTOPOINT                = 0x10
 	IFF_PPROMISC                   = 0x20000
@@ -807,6 +845,7 @@ const (
 	IPV6_DSTOPTS                   = 0x32
 	IPV6_FLOWID                    = 0x43
 	IPV6_FLOWINFO_MASK             = 0xffffff0f
+	IPV6_FLOWLABEL_LEN             = 0x14
 	IPV6_FLOWLABEL_MASK            = 0xffff0f00
 	IPV6_FLOWTYPE                  = 0x44
 	IPV6_FRAGTTL                   = 0x78
@@ -827,13 +866,13 @@ const (
 	IPV6_MAX_GROUP_SRC_FILTER      = 0x200
 	IPV6_MAX_MEMBERSHIPS           = 0xfff
 	IPV6_MAX_SOCK_SRC_FILTER       = 0x80
-	IPV6_MIN_MEMBERSHIPS           = 0x1f
 	IPV6_MMTU                      = 0x500
 	IPV6_MSFILTER                  = 0x4a
 	IPV6_MULTICAST_HOPS            = 0xa
 	IPV6_MULTICAST_IF              = 0x9
 	IPV6_MULTICAST_LOOP            = 0xb
 	IPV6_NEXTHOP                   = 0x30
+	IPV6_ORIGDSTADDR               = 0x48
 	IPV6_PATHMTU                   = 0x2c
 	IPV6_PKTINFO                   = 0x2e
 	IPV6_PORTRANGE                 = 0xe
@@ -845,6 +884,7 @@ const (
 	IPV6_RECVFLOWID                = 0x46
 	IPV6_RECVHOPLIMIT              = 0x25
 	IPV6_RECVHOPOPTS               = 0x27
+	IPV6_RECVORIGDSTADDR           = 0x48
 	IPV6_RECVPATHMTU               = 0x2b
 	IPV6_RECVPKTINFO               = 0x24
 	IPV6_RECVRSSBUCKETID           = 0x47
@@ -905,10 +945,8 @@ const (
 	IP_MAX_MEMBERSHIPS             = 0xfff
 	IP_MAX_SOCK_MUTE_FILTER        = 0x80
 	IP_MAX_SOCK_SRC_FILTER         = 0x80
-	IP_MAX_SOURCE_FILTER           = 0x400
 	IP_MF                          = 0x2000
 	IP_MINTTL                      = 0x42
-	IP_MIN_MEMBERSHIPS             = 0x1f
 	IP_MSFILTER                    = 0x4a
 	IP_MSS                         = 0x240
 	IP_MULTICAST_IF                = 0x9
@@ -918,6 +956,7 @@ const (
 	IP_OFFMASK                     = 0x1fff
 	IP_ONESBCAST                   = 0x17
 	IP_OPTIONS                     = 0x1
+	IP_ORIGDSTADDR                 = 0x1b
 	IP_PORTRANGE                   = 0x13
 	IP_PORTRANGE_DEFAULT           = 0x0
 	IP_PORTRANGE_HIGH              = 0x1
@@ -926,6 +965,7 @@ const (
 	IP_RECVFLOWID                  = 0x5d
 	IP_RECVIF                      = 0x14
 	IP_RECVOPTS                    = 0x5
+	IP_RECVORIGDSTADDR             = 0x1b
 	IP_RECVRETOPTS                 = 0x6
 	IP_RECVRSSBUCKETID             = 0x5e
 	IP_RECVTOS                     = 0x44
@@ -975,6 +1015,7 @@ const (
 	MAP_EXCL                       = 0x4000
 	MAP_FILE                       = 0x0
 	MAP_FIXED                      = 0x10
+	MAP_GUARD                      = 0x2000
 	MAP_HASSEMAPHORE               = 0x200
 	MAP_NOCORE                     = 0x20000
 	MAP_NOSYNC                     = 0x800
@@ -986,6 +1027,15 @@ const (
 	MAP_RESERVED0100               = 0x100
 	MAP_SHARED                     = 0x1
 	MAP_STACK                      = 0x400
+	MCAST_BLOCK_SOURCE             = 0x54
+	MCAST_EXCLUDE                  = 0x2
+	MCAST_INCLUDE                  = 0x1
+	MCAST_JOIN_GROUP               = 0x50
+	MCAST_JOIN_SOURCE_GROUP        = 0x52
+	MCAST_LEAVE_GROUP              = 0x51
+	MCAST_LEAVE_SOURCE_GROUP       = 0x53
+	MCAST_UNBLOCK_SOURCE           = 0x55
+	MCAST_UNDEFINED                = 0x0
 	MCL_CURRENT                    = 0x1
 	MCL_FUTURE                     = 0x2
 	MNT_ACLS                       = 0x8000000
@@ -1026,10 +1076,12 @@ const (
 	MNT_SUSPEND                    = 0x4
 	MNT_SYNCHRONOUS                = 0x2
 	MNT_UNION                      = 0x20
+	MNT_UNTRUSTED                  = 0x800000000
 	MNT_UPDATE                     = 0x10000
-	MNT_UPDATEMASK                 = 0x2d8d0807e
+	MNT_UPDATEMASK                 = 0xad8d0807e
 	MNT_USER                       = 0x8000
-	MNT_VISFLAGMASK                = 0x3fef0ffff
+	MNT_VERIFIED                   = 0x400000000
+	MNT_VISFLAGMASK                = 0xffef0ffff
 	MNT_WAIT                       = 0x1
 	MSG_CMSG_CLOEXEC               = 0x40000
 	MSG_COMPAT                     = 0x8000
@@ -1058,6 +1110,7 @@ const (
 	NFDBITS                        = 0x20
 	NOFLSH                         = 0x80000000
 	NOKERNINFO                     = 0x2000000
+	NOTE_ABSTIME                   = 0x10
 	NOTE_ATTRIB                    = 0x8
 	NOTE_CHILD                     = 0x4
 	NOTE_CLOSE                     = 0x100
@@ -1212,7 +1265,6 @@ const (
 	RTV_WEIGHT                     = 0x100
 	RT_ALL_FIBS                    = -0x1
 	RT_BLACKHOLE                   = 0x40
-	RT_CACHING_CONTEXT             = 0x1
 	RT_DEFAULT_FIB                 = 0x0
 	RT_HAS_GW                      = 0x80
 	RT_HAS_HEADER                  = 0x10
@@ -1222,15 +1274,17 @@ const (
 	RT_LLE_CACHE                   = 0x100
 	RT_MAY_LOOP                    = 0x8
 	RT_MAY_LOOP_BIT                = 0x3
-	RT_NORTREF                     = 0x2
 	RT_REJECT                      = 0x20
 	RUSAGE_CHILDREN                = -0x1
 	RUSAGE_SELF                    = 0x0
 	RUSAGE_THREAD                  = 0x1
 	SCM_BINTIME                    = 0x4
 	SCM_CREDS                      = 0x3
+	SCM_MONOTONIC                  = 0x6
+	SCM_REALTIME                   = 0x5
 	SCM_RIGHTS                     = 0x1
 	SCM_TIMESTAMP                  = 0x2
+	SCM_TIME_INFO                  = 0x7
 	SHUT_RD                        = 0x0
 	SHUT_RDWR                      = 0x2
 	SHUT_WR                        = 0x1
@@ -1246,6 +1300,7 @@ const (
 	SIOCGETSGCNT                   = 0xc0147210
 	SIOCGETVIFCNT                  = 0xc014720f
 	SIOCGHIWAT                     = 0x40047301
+	SIOCGHWADDR                    = 0xc020693e
 	SIOCGI2C                       = 0xc020693d
 	SIOCGIFADDR                    = 0xc0206921
 	SIOCGIFBRDADDR                 = 0xc0206923
@@ -1267,8 +1322,11 @@ const (
 	SIOCGIFPDSTADDR                = 0xc0206948
 	SIOCGIFPHYS                    = 0xc0206935
 	SIOCGIFPSRCADDR                = 0xc0206947
+	SIOCGIFRSSHASH                 = 0xc0186997
+	SIOCGIFRSSKEY                  = 0xc0946996
 	SIOCGIFSTATUS                  = 0xc331693b
 	SIOCGIFXMEDIA                  = 0xc028698b
+	SIOCGLANPCP                    = 0xc0206998
 	SIOCGLOWAT                     = 0x40047303
 	SIOCGPGRP                      = 0x40047309
 	SIOCGPRIVATE_0                 = 0xc0206950
@@ -1299,6 +1357,7 @@ const (
 	SIOCSIFPHYS                    = 0x80206936
 	SIOCSIFRVNET                   = 0xc020695b
 	SIOCSIFVNET                    = 0xc020695a
+	SIOCSLANPCP                    = 0x80206999
 	SIOCSLOWAT                     = 0x80047302
 	SIOCSPGRP                      = 0x80047308
 	SIOCSTUNFIB                    = 0x8020695f
@@ -1317,6 +1376,7 @@ const (
 	SO_BINTIME                     = 0x2000
 	SO_BROADCAST                   = 0x20
 	SO_DEBUG                       = 0x1
+	SO_DOMAIN                      = 0x1019
 	SO_DONTROUTE                   = 0x10
 	SO_ERROR                       = 0x1007
 	SO_KEEPALIVE                   = 0x8
@@ -1325,6 +1385,7 @@ const (
 	SO_LISTENINCQLEN               = 0x1013
 	SO_LISTENQLEN                  = 0x1012
 	SO_LISTENQLIMIT                = 0x1011
+	SO_MAX_PACING_RATE             = 0x1018
 	SO_NOSIGPIPE                   = 0x800
 	SO_NO_DDP                      = 0x8000
 	SO_NO_OFFLOAD                  = 0x4000
@@ -1337,11 +1398,19 @@ const (
 	SO_RCVTIMEO                    = 0x1006
 	SO_REUSEADDR                   = 0x4
 	SO_REUSEPORT                   = 0x200
+	SO_REUSEPORT_LB                = 0x10000
 	SO_SETFIB                      = 0x1014
 	SO_SNDBUF                      = 0x1001
 	SO_SNDLOWAT                    = 0x1003
 	SO_SNDTIMEO                    = 0x1005
 	SO_TIMESTAMP                   = 0x400
+	SO_TS_BINTIME                  = 0x1
+	SO_TS_CLOCK                    = 0x1017
+	SO_TS_CLOCK_MAX                = 0x3
+	SO_TS_DEFAULT                  = 0x0
+	SO_TS_MONOTONIC                = 0x3
+	SO_TS_REALTIME                 = 0x2
+	SO_TS_REALTIME_MICRO           = 0x0
 	SO_TYPE                        = 0x1008
 	SO_USELOOPBACK                 = 0x40
 	SO_USER_COOKIE                 = 0x1015
@@ -1385,10 +1454,45 @@ const (
 	TCOFLUSH                       = 0x2
 	TCOOFF                         = 0x1
 	TCOON                          = 0x2
+	TCP_BBR_ACK_COMP_ALG           = 0x448
+	TCP_BBR_DRAIN_INC_EXTRA        = 0x43c
+	TCP_BBR_DRAIN_PG               = 0x42e
+	TCP_BBR_EXTRA_GAIN             = 0x449
+	TCP_BBR_IWINTSO                = 0x42b
+	TCP_BBR_LOWGAIN_FD             = 0x436
+	TCP_BBR_LOWGAIN_HALF           = 0x435
+	TCP_BBR_LOWGAIN_THRESH         = 0x434
+	TCP_BBR_MAX_RTO                = 0x439
+	TCP_BBR_MIN_RTO                = 0x438
+	TCP_BBR_ONE_RETRAN             = 0x431
+	TCP_BBR_PACE_CROSS             = 0x442
+	TCP_BBR_PACE_DEL_TAR           = 0x43f
+	TCP_BBR_PACE_PER_SEC           = 0x43e
+	TCP_BBR_PACE_SEG_MAX           = 0x440
+	TCP_BBR_PACE_SEG_MIN           = 0x441
+	TCP_BBR_PROBE_RTT_GAIN         = 0x44d
+	TCP_BBR_PROBE_RTT_INT          = 0x430
+	TCP_BBR_PROBE_RTT_LEN          = 0x44e
+	TCP_BBR_RACK_RTT_USE           = 0x44a
+	TCP_BBR_RECFORCE               = 0x42c
+	TCP_BBR_REC_OVER_HPTS          = 0x43a
+	TCP_BBR_RETRAN_WTSO            = 0x44b
+	TCP_BBR_RWND_IS_APP            = 0x42f
+	TCP_BBR_STARTUP_EXIT_EPOCH     = 0x43d
+	TCP_BBR_STARTUP_LOSS_EXIT      = 0x432
+	TCP_BBR_STARTUP_PG             = 0x42d
+	TCP_BBR_UNLIMITED              = 0x43b
+	TCP_BBR_USEDEL_RATE            = 0x437
+	TCP_BBR_USE_LOWGAIN            = 0x433
 	TCP_CA_NAME_MAX                = 0x10
 	TCP_CCALGOOPT                  = 0x41
 	TCP_CONGESTION                 = 0x40
+	TCP_DATA_AFTER_CLOSE           = 0x44c
+	TCP_DELACK                     = 0x48
 	TCP_FASTOPEN                   = 0x401
+	TCP_FASTOPEN_MAX_COOKIE_LEN    = 0x10
+	TCP_FASTOPEN_MIN_COOKIE_LEN    = 0x4
+	TCP_FASTOPEN_PSK_LEN           = 0x10
 	TCP_FUNCTION_BLK               = 0x2000
 	TCP_FUNCTION_NAME_LEN_MAX      = 0x20
 	TCP_INFO                       = 0x20
@@ -1396,6 +1500,12 @@ const (
 	TCP_KEEPIDLE                   = 0x100
 	TCP_KEEPINIT                   = 0x80
 	TCP_KEEPINTVL                  = 0x200
+	TCP_LOG                        = 0x22
+	TCP_LOGBUF                     = 0x23
+	TCP_LOGDUMP                    = 0x25
+	TCP_LOGDUMPID                  = 0x26
+	TCP_LOGID                      = 0x24
+	TCP_LOG_ID_LEN                 = 0x40
 	TCP_MAXBURST                   = 0x4
 	TCP_MAXHLEN                    = 0x3c
 	TCP_MAXOLEN                    = 0x28
@@ -1411,8 +1521,30 @@ const (
 	TCP_NOPUSH                     = 0x4
 	TCP_PCAP_IN                    = 0x1000
 	TCP_PCAP_OUT                   = 0x800
+	TCP_RACK_EARLY_RECOV           = 0x423
+	TCP_RACK_EARLY_SEG             = 0x424
+	TCP_RACK_IDLE_REDUCE_HIGH      = 0x444
+	TCP_RACK_MIN_PACE              = 0x445
+	TCP_RACK_MIN_PACE_SEG          = 0x446
+	TCP_RACK_MIN_TO                = 0x422
+	TCP_RACK_PACE_ALWAYS           = 0x41f
+	TCP_RACK_PACE_MAX_SEG          = 0x41e
+	TCP_RACK_PACE_REDUCE           = 0x41d
+	TCP_RACK_PKT_DELAY             = 0x428
+	TCP_RACK_PROP                  = 0x41b
+	TCP_RACK_PROP_RATE             = 0x420
+	TCP_RACK_PRR_SENDALOT          = 0x421
+	TCP_RACK_REORD_FADE            = 0x426
+	TCP_RACK_REORD_THRESH          = 0x425
+	TCP_RACK_SESS_CWV              = 0x42a
+	TCP_RACK_TLP_INC_VAR           = 0x429
+	TCP_RACK_TLP_REDUCE            = 0x41c
+	TCP_RACK_TLP_THRESH            = 0x427
+	TCP_RACK_TLP_USE               = 0x447
 	TCP_VENDOR                     = 0x80000000
 	TCSAFLUSH                      = 0x2
+	TIMER_ABSTIME                  = 0x1
+	TIMER_RELTIME                  = 0x0
 	TIOCCBRK                       = 0x2000747a
 	TIOCCDTR                       = 0x20007478
 	TIOCCONS                       = 0x80047462
@@ -1476,6 +1608,8 @@ const (
 	TIOCTIMESTAMP                  = 0x40087459
 	TIOCUCNTL                      = 0x80047466
 	TOSTOP                         = 0x400000
+	UTIME_NOW                      = -0x1
+	UTIME_OMIT                     = -0x2
 	VDISCARD                       = 0xf
 	VDSUSP                         = 0xb
 	VEOF                           = 0x0
@@ -1487,6 +1621,8 @@ const (
 	VKILL                          = 0x5
 	VLNEXT                         = 0xe
 	VMIN                           = 0x10
+	VM_BCACHE_SIZE_MAX             = 0x70e0000
+	VM_SWZONE_SIZE_MAX             = 0x2280000
 	VQUIT                          = 0x9
 	VREPRINT                       = 0x6
 	VSTART                         = 0xc
diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
index 9f382678e..4acd101c3 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
@@ -355,6 +355,22 @@ const (
 	CTL_KERN                       = 0x1
 	CTL_MAXNAME                    = 0x18
 	CTL_NET                        = 0x4
+	DIOCGATTR                      = 0xc148648e
+	DIOCGDELETE                    = 0x80106488
+	DIOCGFLUSH                     = 0x20006487
+	DIOCGFRONTSTUFF                = 0x40086486
+	DIOCGFWHEADS                   = 0x40046483
+	DIOCGFWSECTORS                 = 0x40046482
+	DIOCGIDENT                     = 0x41006489
+	DIOCGMEDIASIZE                 = 0x40086481
+	DIOCGPHYSPATH                  = 0x4400648d
+	DIOCGPROVIDERNAME              = 0x4400648a
+	DIOCGSECTORSIZE                = 0x40046480
+	DIOCGSTRIPEOFFSET              = 0x4008648c
+	DIOCGSTRIPESIZE                = 0x4008648b
+	DIOCSKERNELDUMP                = 0x80506490
+	DIOCSKERNELDUMP_FREEBSD11      = 0x80046485
+	DIOCZONECMD                    = 0xc080648f
 	DLT_A429                       = 0xb8
 	DLT_A653_ICM                   = 0xb9
 	DLT_AIRONET_HEADER             = 0x78
@@ -379,11 +395,14 @@ const (
 	DLT_CHAOS                      = 0x5
 	DLT_CHDLC                      = 0x68
 	DLT_CISCO_IOS                  = 0x76
+	DLT_CLASS_NETBSD_RAWAF         = 0x2240000
 	DLT_C_HDLC                     = 0x68
 	DLT_C_HDLC_WITH_DIR            = 0xcd
 	DLT_DBUS                       = 0xe7
 	DLT_DECT                       = 0xdd
+	DLT_DISPLAYPORT_AUX            = 0x113
 	DLT_DOCSIS                     = 0x8f
+	DLT_DOCSIS31_XRA31             = 0x111
 	DLT_DVB_CI                     = 0xeb
 	DLT_ECONET                     = 0x73
 	DLT_EN10MB                     = 0x1
@@ -393,6 +412,7 @@ const (
 	DLT_ERF                        = 0xc5
 	DLT_ERF_ETH                    = 0xaf
 	DLT_ERF_POS                    = 0xb0
+	DLT_ETHERNET_MPACKET           = 0x112
 	DLT_FC_2                       = 0xe0
 	DLT_FC_2_WITH_FRAME_DELIMS     = 0xe1
 	DLT_FDDI                       = 0xa
@@ -406,7 +426,6 @@ const (
 	DLT_GPRS_LLC                   = 0xa9
 	DLT_GSMTAP_ABIS                = 0xda
 	DLT_GSMTAP_UM                  = 0xd9
-	DLT_HHDLC                      = 0x79
 	DLT_IBM_SN                     = 0x92
 	DLT_IBM_SP                     = 0x91
 	DLT_IEEE802                    = 0x6
@@ -429,6 +448,7 @@ const (
 	DLT_IPV4                       = 0xe4
 	DLT_IPV6                       = 0xe5
 	DLT_IP_OVER_FC                 = 0x7a
+	DLT_ISO_14443                  = 0x108
 	DLT_JUNIPER_ATM1               = 0x89
 	DLT_JUNIPER_ATM2               = 0x87
 	DLT_JUNIPER_ATM_CEMIC          = 0xee
@@ -461,8 +481,9 @@ const (
 	DLT_LINUX_PPP_WITHDIRECTION    = 0xa6
 	DLT_LINUX_SLL                  = 0x71
 	DLT_LOOP                       = 0x6c
+	DLT_LORATAP                    = 0x10e
 	DLT_LTALK                      = 0x72
-	DLT_MATCHING_MAX               = 0x104
+	DLT_MATCHING_MAX               = 0x113
 	DLT_MATCHING_MIN               = 0x68
 	DLT_MFR                        = 0xb6
 	DLT_MOST                       = 0xd3
@@ -478,14 +499,16 @@ const (
 	DLT_NFC_LLCP                   = 0xf5
 	DLT_NFLOG                      = 0xef
 	DLT_NG40                       = 0xf4
+	DLT_NORDIC_BLE                 = 0x110
 	DLT_NULL                       = 0x0
+	DLT_OPENFLOW                   = 0x10b
 	DLT_PCI_EXP                    = 0x7d
 	DLT_PFLOG                      = 0x75
 	DLT_PFSYNC                     = 0x79
 	DLT_PKTAP                      = 0x102
 	DLT_PPI                        = 0xc0
 	DLT_PPP                        = 0x9
-	DLT_PPP_BSDOS                  = 0x10
+	DLT_PPP_BSDOS                  = 0xe
 	DLT_PPP_ETHER                  = 0x33
 	DLT_PPP_PPPD                   = 0xa6
 	DLT_PPP_SERIAL                 = 0x32
@@ -496,19 +519,25 @@ const (
 	DLT_PRONET                     = 0x4
 	DLT_RAIF1                      = 0xc6
 	DLT_RAW                        = 0xc
+	DLT_RDS                        = 0x109
+	DLT_REDBACK_SMARTEDGE          = 0x20
 	DLT_RIO                        = 0x7c
 	DLT_RTAC_SERIAL                = 0xfa
 	DLT_SCCP                       = 0x8e
 	DLT_SCTP                       = 0xf8
+	DLT_SDLC                       = 0x10c
 	DLT_SITA                       = 0xc4
 	DLT_SLIP                       = 0x8
-	DLT_SLIP_BSDOS                 = 0xf
+	DLT_SLIP_BSDOS                 = 0xd
 	DLT_STANAG_5066_D_PDU          = 0xed
 	DLT_SUNATM                     = 0x7b
 	DLT_SYMANTEC_FIREWALL          = 0x63
+	DLT_TI_LLN_SNIFFER             = 0x10d
 	DLT_TZSP                       = 0x80
 	DLT_USB                        = 0xba
 	DLT_USBPCAP                    = 0xf9
+	DLT_USB_DARWIN                 = 0x10a
+	DLT_USB_FREEBSD                = 0xba
 	DLT_USB_LINUX                  = 0xbd
 	DLT_USB_LINUX_MMAPPED          = 0xdc
 	DLT_USER0                      = 0x93
@@ -527,10 +556,14 @@ const (
 	DLT_USER7                      = 0x9a
 	DLT_USER8                      = 0x9b
 	DLT_USER9                      = 0x9c
+	DLT_VSOCK                      = 0x10f
+	DLT_WATTSTOPPER_DLM            = 0x107
 	DLT_WIHART                     = 0xdf
 	DLT_WIRESHARK_UPPER_PDU        = 0xfc
 	DLT_X2E_SERIAL                 = 0xd5
 	DLT_X2E_XORAYA                 = 0xd6
+	DLT_ZWAVE_R1_R2                = 0x105
+	DLT_ZWAVE_R3                   = 0x106
 	DT_BLK                         = 0x6
 	DT_CHR                         = 0x2
 	DT_DIR                         = 0x4
@@ -548,6 +581,7 @@ const (
 	ECHONL                         = 0x10
 	ECHOPRT                        = 0x20
 	EVFILT_AIO                     = -0x3
+	EVFILT_EMPTY                   = -0xd
 	EVFILT_FS                      = -0x9
 	EVFILT_LIO                     = -0xa
 	EVFILT_PROC                    = -0x5
@@ -555,11 +589,12 @@ const (
 	EVFILT_READ                    = -0x1
 	EVFILT_SENDFILE                = -0xc
 	EVFILT_SIGNAL                  = -0x6
-	EVFILT_SYSCOUNT                = 0xc
+	EVFILT_SYSCOUNT                = 0xd
 	EVFILT_TIMER                   = -0x7
 	EVFILT_USER                    = -0xb
 	EVFILT_VNODE                   = -0x4
 	EVFILT_WRITE                   = -0x2
+	EVNAMEMAP_NAME_SIZE            = 0x40
 	EV_ADD                         = 0x1
 	EV_CLEAR                       = 0x20
 	EV_DELETE                      = 0x2
@@ -576,6 +611,7 @@ const (
 	EV_RECEIPT                     = 0x40
 	EV_SYSFLAGS                    = 0xf000
 	EXTA                           = 0x4b00
+	EXTATTR_MAXNAMELEN             = 0xff
 	EXTATTR_NAMESPACE_EMPTY        = 0x0
 	EXTATTR_NAMESPACE_SYSTEM       = 0x2
 	EXTATTR_NAMESPACE_USER         = 0x1
@@ -617,6 +653,7 @@ const (
 	IEXTEN                         = 0x400
 	IFAN_ARRIVAL                   = 0x0
 	IFAN_DEPARTURE                 = 0x1
+	IFCAP_WOL_MAGIC                = 0x2000
 	IFF_ALLMULTI                   = 0x200
 	IFF_ALTPHYS                    = 0x4000
 	IFF_BROADCAST                  = 0x2
@@ -633,6 +670,7 @@ const (
 	IFF_MONITOR                    = 0x40000
 	IFF_MULTICAST                  = 0x8000
 	IFF_NOARP                      = 0x80
+	IFF_NOGROUP                    = 0x800000
 	IFF_OACTIVE                    = 0x400
 	IFF_POINTOPOINT                = 0x10
 	IFF_PPROMISC                   = 0x20000
@@ -807,6 +845,7 @@ const (
 	IPV6_DSTOPTS                   = 0x32
 	IPV6_FLOWID                    = 0x43
 	IPV6_FLOWINFO_MASK             = 0xffffff0f
+	IPV6_FLOWLABEL_LEN             = 0x14
 	IPV6_FLOWLABEL_MASK            = 0xffff0f00
 	IPV6_FLOWTYPE                  = 0x44
 	IPV6_FRAGTTL                   = 0x78
@@ -827,13 +866,13 @@ const (
 	IPV6_MAX_GROUP_SRC_FILTER      = 0x200
 	IPV6_MAX_MEMBERSHIPS           = 0xfff
 	IPV6_MAX_SOCK_SRC_FILTER       = 0x80
-	IPV6_MIN_MEMBERSHIPS           = 0x1f
 	IPV6_MMTU                      = 0x500
 	IPV6_MSFILTER                  = 0x4a
 	IPV6_MULTICAST_HOPS            = 0xa
 	IPV6_MULTICAST_IF              = 0x9
 	IPV6_MULTICAST_LOOP            = 0xb
 	IPV6_NEXTHOP                   = 0x30
+	IPV6_ORIGDSTADDR               = 0x48
 	IPV6_PATHMTU                   = 0x2c
 	IPV6_PKTINFO                   = 0x2e
 	IPV6_PORTRANGE                 = 0xe
@@ -845,6 +884,7 @@ const (
 	IPV6_RECVFLOWID                = 0x46
 	IPV6_RECVHOPLIMIT              = 0x25
 	IPV6_RECVHOPOPTS               = 0x27
+	IPV6_RECVORIGDSTADDR           = 0x48
 	IPV6_RECVPATHMTU               = 0x2b
 	IPV6_RECVPKTINFO               = 0x24
 	IPV6_RECVRSSBUCKETID           = 0x47
@@ -905,10 +945,8 @@ const (
 	IP_MAX_MEMBERSHIPS             = 0xfff
 	IP_MAX_SOCK_MUTE_FILTER        = 0x80
 	IP_MAX_SOCK_SRC_FILTER         = 0x80
-	IP_MAX_SOURCE_FILTER           = 0x400
 	IP_MF                          = 0x2000
 	IP_MINTTL                      = 0x42
-	IP_MIN_MEMBERSHIPS             = 0x1f
 	IP_MSFILTER                    = 0x4a
 	IP_MSS                         = 0x240
 	IP_MULTICAST_IF                = 0x9
@@ -918,6 +956,7 @@ const (
 	IP_OFFMASK                     = 0x1fff
 	IP_ONESBCAST                   = 0x17
 	IP_OPTIONS                     = 0x1
+	IP_ORIGDSTADDR                 = 0x1b
 	IP_PORTRANGE                   = 0x13
 	IP_PORTRANGE_DEFAULT           = 0x0
 	IP_PORTRANGE_HIGH              = 0x1
@@ -926,6 +965,7 @@ const (
 	IP_RECVFLOWID                  = 0x5d
 	IP_RECVIF                      = 0x14
 	IP_RECVOPTS                    = 0x5
+	IP_RECVORIGDSTADDR             = 0x1b
 	IP_RECVRETOPTS                 = 0x6
 	IP_RECVRSSBUCKETID             = 0x5e
 	IP_RECVTOS                     = 0x44
@@ -976,6 +1016,7 @@ const (
 	MAP_EXCL                       = 0x4000
 	MAP_FILE                       = 0x0
 	MAP_FIXED                      = 0x10
+	MAP_GUARD                      = 0x2000
 	MAP_HASSEMAPHORE               = 0x200
 	MAP_NOCORE                     = 0x20000
 	MAP_NOSYNC                     = 0x800
@@ -987,6 +1028,15 @@ const (
 	MAP_RESERVED0100               = 0x100
 	MAP_SHARED                     = 0x1
 	MAP_STACK                      = 0x400
+	MCAST_BLOCK_SOURCE             = 0x54
+	MCAST_EXCLUDE                  = 0x2
+	MCAST_INCLUDE                  = 0x1
+	MCAST_JOIN_GROUP               = 0x50
+	MCAST_JOIN_SOURCE_GROUP        = 0x52
+	MCAST_LEAVE_GROUP              = 0x51
+	MCAST_LEAVE_SOURCE_GROUP       = 0x53
+	MCAST_UNBLOCK_SOURCE           = 0x55
+	MCAST_UNDEFINED                = 0x0
 	MCL_CURRENT                    = 0x1
 	MCL_FUTURE                     = 0x2
 	MNT_ACLS                       = 0x8000000
@@ -1027,10 +1077,12 @@ const (
 	MNT_SUSPEND                    = 0x4
 	MNT_SYNCHRONOUS                = 0x2
 	MNT_UNION                      = 0x20
+	MNT_UNTRUSTED                  = 0x800000000
 	MNT_UPDATE                     = 0x10000
-	MNT_UPDATEMASK                 = 0x2d8d0807e
+	MNT_UPDATEMASK                 = 0xad8d0807e
 	MNT_USER                       = 0x8000
-	MNT_VISFLAGMASK                = 0x3fef0ffff
+	MNT_VERIFIED                   = 0x400000000
+	MNT_VISFLAGMASK                = 0xffef0ffff
 	MNT_WAIT                       = 0x1
 	MSG_CMSG_CLOEXEC               = 0x40000
 	MSG_COMPAT                     = 0x8000
@@ -1059,6 +1111,7 @@ const (
 	NFDBITS                        = 0x40
 	NOFLSH                         = 0x80000000
 	NOKERNINFO                     = 0x2000000
+	NOTE_ABSTIME                   = 0x10
 	NOTE_ATTRIB                    = 0x8
 	NOTE_CHILD                     = 0x4
 	NOTE_CLOSE                     = 0x100
@@ -1213,7 +1266,6 @@ const (
 	RTV_WEIGHT                     = 0x100
 	RT_ALL_FIBS                    = -0x1
 	RT_BLACKHOLE                   = 0x40
-	RT_CACHING_CONTEXT             = 0x1
 	RT_DEFAULT_FIB                 = 0x0
 	RT_HAS_GW                      = 0x80
 	RT_HAS_HEADER                  = 0x10
@@ -1223,15 +1275,17 @@ const (
 	RT_LLE_CACHE                   = 0x100
 	RT_MAY_LOOP                    = 0x8
 	RT_MAY_LOOP_BIT                = 0x3
-	RT_NORTREF                     = 0x2
 	RT_REJECT                      = 0x20
 	RUSAGE_CHILDREN                = -0x1
 	RUSAGE_SELF                    = 0x0
 	RUSAGE_THREAD                  = 0x1
 	SCM_BINTIME                    = 0x4
 	SCM_CREDS                      = 0x3
+	SCM_MONOTONIC                  = 0x6
+	SCM_REALTIME                   = 0x5
 	SCM_RIGHTS                     = 0x1
 	SCM_TIMESTAMP                  = 0x2
+	SCM_TIME_INFO                  = 0x7
 	SHUT_RD                        = 0x0
 	SHUT_RDWR                      = 0x2
 	SHUT_WR                        = 0x1
@@ -1247,6 +1301,7 @@ const (
 	SIOCGETSGCNT                   = 0xc0207210
 	SIOCGETVIFCNT                  = 0xc028720f
 	SIOCGHIWAT                     = 0x40047301
+	SIOCGHWADDR                    = 0xc020693e
 	SIOCGI2C                       = 0xc020693d
 	SIOCGIFADDR                    = 0xc0206921
 	SIOCGIFBRDADDR                 = 0xc0206923
@@ -1268,8 +1323,11 @@ const (
 	SIOCGIFPDSTADDR                = 0xc0206948
 	SIOCGIFPHYS                    = 0xc0206935
 	SIOCGIFPSRCADDR                = 0xc0206947
+	SIOCGIFRSSHASH                 = 0xc0186997
+	SIOCGIFRSSKEY                  = 0xc0946996
 	SIOCGIFSTATUS                  = 0xc331693b
 	SIOCGIFXMEDIA                  = 0xc030698b
+	SIOCGLANPCP                    = 0xc0206998
 	SIOCGLOWAT                     = 0x40047303
 	SIOCGPGRP                      = 0x40047309
 	SIOCGPRIVATE_0                 = 0xc0206950
@@ -1300,6 +1358,7 @@ const (
 	SIOCSIFPHYS                    = 0x80206936
 	SIOCSIFRVNET                   = 0xc020695b
 	SIOCSIFVNET                    = 0xc020695a
+	SIOCSLANPCP                    = 0x80206999
 	SIOCSLOWAT                     = 0x80047302
 	SIOCSPGRP                      = 0x80047308
 	SIOCSTUNFIB                    = 0x8020695f
@@ -1318,6 +1377,7 @@ const (
 	SO_BINTIME                     = 0x2000
 	SO_BROADCAST                   = 0x20
 	SO_DEBUG                       = 0x1
+	SO_DOMAIN                      = 0x1019
 	SO_DONTROUTE                   = 0x10
 	SO_ERROR                       = 0x1007
 	SO_KEEPALIVE                   = 0x8
@@ -1326,6 +1386,7 @@ const (
 	SO_LISTENINCQLEN               = 0x1013
 	SO_LISTENQLEN                  = 0x1012
 	SO_LISTENQLIMIT                = 0x1011
+	SO_MAX_PACING_RATE             = 0x1018
 	SO_NOSIGPIPE                   = 0x800
 	SO_NO_DDP                      = 0x8000
 	SO_NO_OFFLOAD                  = 0x4000
@@ -1338,11 +1399,19 @@ const (
 	SO_RCVTIMEO                    = 0x1006
 	SO_REUSEADDR                   = 0x4
 	SO_REUSEPORT                   = 0x200
+	SO_REUSEPORT_LB                = 0x10000
 	SO_SETFIB                      = 0x1014
 	SO_SNDBUF                      = 0x1001
 	SO_SNDLOWAT                    = 0x1003
 	SO_SNDTIMEO                    = 0x1005
 	SO_TIMESTAMP                   = 0x400
+	SO_TS_BINTIME                  = 0x1
+	SO_TS_CLOCK                    = 0x1017
+	SO_TS_CLOCK_MAX                = 0x3
+	SO_TS_DEFAULT                  = 0x0
+	SO_TS_MONOTONIC                = 0x3
+	SO_TS_REALTIME                 = 0x2
+	SO_TS_REALTIME_MICRO           = 0x0
 	SO_TYPE                        = 0x1008
 	SO_USELOOPBACK                 = 0x40
 	SO_USER_COOKIE                 = 0x1015
@@ -1386,10 +1455,45 @@ const (
 	TCOFLUSH                       = 0x2
 	TCOOFF                         = 0x1
 	TCOON                          = 0x2
+	TCP_BBR_ACK_COMP_ALG           = 0x448
+	TCP_BBR_DRAIN_INC_EXTRA        = 0x43c
+	TCP_BBR_DRAIN_PG               = 0x42e
+	TCP_BBR_EXTRA_GAIN             = 0x449
+	TCP_BBR_IWINTSO                = 0x42b
+	TCP_BBR_LOWGAIN_FD             = 0x436
+	TCP_BBR_LOWGAIN_HALF           = 0x435
+	TCP_BBR_LOWGAIN_THRESH         = 0x434
+	TCP_BBR_MAX_RTO                = 0x439
+	TCP_BBR_MIN_RTO                = 0x438
+	TCP_BBR_ONE_RETRAN             = 0x431
+	TCP_BBR_PACE_CROSS             = 0x442
+	TCP_BBR_PACE_DEL_TAR           = 0x43f
+	TCP_BBR_PACE_PER_SEC           = 0x43e
+	TCP_BBR_PACE_SEG_MAX           = 0x440
+	TCP_BBR_PACE_SEG_MIN           = 0x441
+	TCP_BBR_PROBE_RTT_GAIN         = 0x44d
+	TCP_BBR_PROBE_RTT_INT          = 0x430
+	TCP_BBR_PROBE_RTT_LEN          = 0x44e
+	TCP_BBR_RACK_RTT_USE           = 0x44a
+	TCP_BBR_RECFORCE               = 0x42c
+	TCP_BBR_REC_OVER_HPTS          = 0x43a
+	TCP_BBR_RETRAN_WTSO            = 0x44b
+	TCP_BBR_RWND_IS_APP            = 0x42f
+	TCP_BBR_STARTUP_EXIT_EPOCH     = 0x43d
+	TCP_BBR_STARTUP_LOSS_EXIT      = 0x432
+	TCP_BBR_STARTUP_PG             = 0x42d
+	TCP_BBR_UNLIMITED              = 0x43b
+	TCP_BBR_USEDEL_RATE            = 0x437
+	TCP_BBR_USE_LOWGAIN            = 0x433
 	TCP_CA_NAME_MAX                = 0x10
 	TCP_CCALGOOPT                  = 0x41
 	TCP_CONGESTION                 = 0x40
+	TCP_DATA_AFTER_CLOSE           = 0x44c
+	TCP_DELACK                     = 0x48
 	TCP_FASTOPEN                   = 0x401
+	TCP_FASTOPEN_MAX_COOKIE_LEN    = 0x10
+	TCP_FASTOPEN_MIN_COOKIE_LEN    = 0x4
+	TCP_FASTOPEN_PSK_LEN           = 0x10
 	TCP_FUNCTION_BLK               = 0x2000
 	TCP_FUNCTION_NAME_LEN_MAX      = 0x20
 	TCP_INFO                       = 0x20
@@ -1397,6 +1501,12 @@ const (
 	TCP_KEEPIDLE                   = 0x100
 	TCP_KEEPINIT                   = 0x80
 	TCP_KEEPINTVL                  = 0x200
+	TCP_LOG                        = 0x22
+	TCP_LOGBUF                     = 0x23
+	TCP_LOGDUMP                    = 0x25
+	TCP_LOGDUMPID                  = 0x26
+	TCP_LOGID                      = 0x24
+	TCP_LOG_ID_LEN                 = 0x40
 	TCP_MAXBURST                   = 0x4
 	TCP_MAXHLEN                    = 0x3c
 	TCP_MAXOLEN                    = 0x28
@@ -1412,8 +1522,30 @@ const (
 	TCP_NOPUSH                     = 0x4
 	TCP_PCAP_IN                    = 0x1000
 	TCP_PCAP_OUT                   = 0x800
+	TCP_RACK_EARLY_RECOV           = 0x423
+	TCP_RACK_EARLY_SEG             = 0x424
+	TCP_RACK_IDLE_REDUCE_HIGH      = 0x444
+	TCP_RACK_MIN_PACE              = 0x445
+	TCP_RACK_MIN_PACE_SEG          = 0x446
+	TCP_RACK_MIN_TO                = 0x422
+	TCP_RACK_PACE_ALWAYS           = 0x41f
+	TCP_RACK_PACE_MAX_SEG          = 0x41e
+	TCP_RACK_PACE_REDUCE           = 0x41d
+	TCP_RACK_PKT_DELAY             = 0x428
+	TCP_RACK_PROP                  = 0x41b
+	TCP_RACK_PROP_RATE             = 0x420
+	TCP_RACK_PRR_SENDALOT          = 0x421
+	TCP_RACK_REORD_FADE            = 0x426
+	TCP_RACK_REORD_THRESH          = 0x425
+	TCP_RACK_SESS_CWV              = 0x42a
+	TCP_RACK_TLP_INC_VAR           = 0x429
+	TCP_RACK_TLP_REDUCE            = 0x41c
+	TCP_RACK_TLP_THRESH            = 0x427
+	TCP_RACK_TLP_USE               = 0x447
 	TCP_VENDOR                     = 0x80000000
 	TCSAFLUSH                      = 0x2
+	TIMER_ABSTIME                  = 0x1
+	TIMER_RELTIME                  = 0x0
 	TIOCCBRK                       = 0x2000747a
 	TIOCCDTR                       = 0x20007478
 	TIOCCONS                       = 0x80047462
@@ -1477,6 +1609,8 @@ const (
 	TIOCTIMESTAMP                  = 0x40107459
 	TIOCUCNTL                      = 0x80047466
 	TOSTOP                         = 0x400000
+	UTIME_NOW                      = -0x1
+	UTIME_OMIT                     = -0x2
 	VDISCARD                       = 0xf
 	VDSUSP                         = 0xb
 	VEOF                           = 0x0
diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
index 16db56abc..e4719873b 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
@@ -355,6 +355,22 @@ const (
 	CTL_KERN                       = 0x1
 	CTL_MAXNAME                    = 0x18
 	CTL_NET                        = 0x4
+	DIOCGATTR                      = 0xc144648e
+	DIOCGDELETE                    = 0x80106488
+	DIOCGFLUSH                     = 0x20006487
+	DIOCGFRONTSTUFF                = 0x40086486
+	DIOCGFWHEADS                   = 0x40046483
+	DIOCGFWSECTORS                 = 0x40046482
+	DIOCGIDENT                     = 0x41006489
+	DIOCGMEDIASIZE                 = 0x40086481
+	DIOCGPHYSPATH                  = 0x4400648d
+	DIOCGPROVIDERNAME              = 0x4400648a
+	DIOCGSECTORSIZE                = 0x40046480
+	DIOCGSTRIPEOFFSET              = 0x4008648c
+	DIOCGSTRIPESIZE                = 0x4008648b
+	DIOCSKERNELDUMP                = 0x804c6490
+	DIOCSKERNELDUMP_FREEBSD11      = 0x80046485
+	DIOCZONECMD                    = 0xc06c648f
 	DLT_A429                       = 0xb8
 	DLT_A653_ICM                   = 0xb9
 	DLT_AIRONET_HEADER             = 0x78
diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
index 1a1de3454..5e49769d9 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
@@ -355,6 +355,22 @@ const (
 	CTL_KERN                       = 0x1
 	CTL_MAXNAME                    = 0x18
 	CTL_NET                        = 0x4
+	DIOCGATTR                      = 0xc148648e
+	DIOCGDELETE                    = 0x80106488
+	DIOCGFLUSH                     = 0x20006487
+	DIOCGFRONTSTUFF                = 0x40086486
+	DIOCGFWHEADS                   = 0x40046483
+	DIOCGFWSECTORS                 = 0x40046482
+	DIOCGIDENT                     = 0x41006489
+	DIOCGMEDIASIZE                 = 0x40086481
+	DIOCGPHYSPATH                  = 0x4400648d
+	DIOCGPROVIDERNAME              = 0x4400648a
+	DIOCGSECTORSIZE                = 0x40046480
+	DIOCGSTRIPEOFFSET              = 0x4008648c
+	DIOCGSTRIPESIZE                = 0x4008648b
+	DIOCSKERNELDUMP                = 0x80506490
+	DIOCSKERNELDUMP_FREEBSD11      = 0x80046485
+	DIOCZONECMD                    = 0xc080648f
 	DLT_A429                       = 0xb8
 	DLT_A653_ICM                   = 0xb9
 	DLT_AIRONET_HEADER             = 0x78
@@ -379,11 +395,14 @@ const (
 	DLT_CHAOS                      = 0x5
 	DLT_CHDLC                      = 0x68
 	DLT_CISCO_IOS                  = 0x76
+	DLT_CLASS_NETBSD_RAWAF         = 0x2240000
 	DLT_C_HDLC                     = 0x68
 	DLT_C_HDLC_WITH_DIR            = 0xcd
 	DLT_DBUS                       = 0xe7
 	DLT_DECT                       = 0xdd
+	DLT_DISPLAYPORT_AUX            = 0x113
 	DLT_DOCSIS                     = 0x8f
+	DLT_DOCSIS31_XRA31             = 0x111
 	DLT_DVB_CI                     = 0xeb
 	DLT_ECONET                     = 0x73
 	DLT_EN10MB                     = 0x1
@@ -393,6 +412,7 @@ const (
 	DLT_ERF                        = 0xc5
 	DLT_ERF_ETH                    = 0xaf
 	DLT_ERF_POS                    = 0xb0
+	DLT_ETHERNET_MPACKET           = 0x112
 	DLT_FC_2                       = 0xe0
 	DLT_FC_2_WITH_FRAME_DELIMS     = 0xe1
 	DLT_FDDI                       = 0xa
@@ -406,7 +426,6 @@ const (
 	DLT_GPRS_LLC                   = 0xa9
 	DLT_GSMTAP_ABIS                = 0xda
 	DLT_GSMTAP_UM                  = 0xd9
-	DLT_HHDLC                      = 0x79
 	DLT_IBM_SN                     = 0x92
 	DLT_IBM_SP                     = 0x91
 	DLT_IEEE802                    = 0x6
@@ -429,6 +448,7 @@ const (
 	DLT_IPV4                       = 0xe4
 	DLT_IPV6                       = 0xe5
 	DLT_IP_OVER_FC                 = 0x7a
+	DLT_ISO_14443                  = 0x108
 	DLT_JUNIPER_ATM1               = 0x89
 	DLT_JUNIPER_ATM2               = 0x87
 	DLT_JUNIPER_ATM_CEMIC          = 0xee
@@ -461,8 +481,9 @@ const (
 	DLT_LINUX_PPP_WITHDIRECTION    = 0xa6
 	DLT_LINUX_SLL                  = 0x71
 	DLT_LOOP                       = 0x6c
+	DLT_LORATAP                    = 0x10e
 	DLT_LTALK                      = 0x72
-	DLT_MATCHING_MAX               = 0x104
+	DLT_MATCHING_MAX               = 0x113
 	DLT_MATCHING_MIN               = 0x68
 	DLT_MFR                        = 0xb6
 	DLT_MOST                       = 0xd3
@@ -478,14 +499,16 @@ const (
 	DLT_NFC_LLCP                   = 0xf5
 	DLT_NFLOG                      = 0xef
 	DLT_NG40                       = 0xf4
+	DLT_NORDIC_BLE                 = 0x110
 	DLT_NULL                       = 0x0
+	DLT_OPENFLOW                   = 0x10b
 	DLT_PCI_EXP                    = 0x7d
 	DLT_PFLOG                      = 0x75
 	DLT_PFSYNC                     = 0x79
 	DLT_PKTAP                      = 0x102
 	DLT_PPI                        = 0xc0
 	DLT_PPP                        = 0x9
-	DLT_PPP_BSDOS                  = 0x10
+	DLT_PPP_BSDOS                  = 0xe
 	DLT_PPP_ETHER                  = 0x33
 	DLT_PPP_PPPD                   = 0xa6
 	DLT_PPP_SERIAL                 = 0x32
@@ -496,19 +519,25 @@ const (
 	DLT_PRONET                     = 0x4
 	DLT_RAIF1                      = 0xc6
 	DLT_RAW                        = 0xc
+	DLT_RDS                        = 0x109
+	DLT_REDBACK_SMARTEDGE          = 0x20
 	DLT_RIO                        = 0x7c
 	DLT_RTAC_SERIAL                = 0xfa
 	DLT_SCCP                       = 0x8e
 	DLT_SCTP                       = 0xf8
+	DLT_SDLC                       = 0x10c
 	DLT_SITA                       = 0xc4
 	DLT_SLIP                       = 0x8
-	DLT_SLIP_BSDOS                 = 0xf
+	DLT_SLIP_BSDOS                 = 0xd
 	DLT_STANAG_5066_D_PDU          = 0xed
 	DLT_SUNATM                     = 0x7b
 	DLT_SYMANTEC_FIREWALL          = 0x63
+	DLT_TI_LLN_SNIFFER             = 0x10d
 	DLT_TZSP                       = 0x80
 	DLT_USB                        = 0xba
 	DLT_USBPCAP                    = 0xf9
+	DLT_USB_DARWIN                 = 0x10a
+	DLT_USB_FREEBSD                = 0xba
 	DLT_USB_LINUX                  = 0xbd
 	DLT_USB_LINUX_MMAPPED          = 0xdc
 	DLT_USER0                      = 0x93
@@ -527,10 +556,14 @@ const (
 	DLT_USER7                      = 0x9a
 	DLT_USER8                      = 0x9b
 	DLT_USER9                      = 0x9c
+	DLT_VSOCK                      = 0x10f
+	DLT_WATTSTOPPER_DLM            = 0x107
 	DLT_WIHART                     = 0xdf
 	DLT_WIRESHARK_UPPER_PDU        = 0xfc
 	DLT_X2E_SERIAL                 = 0xd5
 	DLT_X2E_XORAYA                 = 0xd6
+	DLT_ZWAVE_R1_R2                = 0x105
+	DLT_ZWAVE_R3                   = 0x106
 	DT_BLK                         = 0x6
 	DT_CHR                         = 0x2
 	DT_DIR                         = 0x4
@@ -548,6 +581,7 @@ const (
 	ECHONL                         = 0x10
 	ECHOPRT                        = 0x20
 	EVFILT_AIO                     = -0x3
+	EVFILT_EMPTY                   = -0xd
 	EVFILT_FS                      = -0x9
 	EVFILT_LIO                     = -0xa
 	EVFILT_PROC                    = -0x5
@@ -555,11 +589,12 @@ const (
 	EVFILT_READ                    = -0x1
 	EVFILT_SENDFILE                = -0xc
 	EVFILT_SIGNAL                  = -0x6
-	EVFILT_SYSCOUNT                = 0xc
+	EVFILT_SYSCOUNT                = 0xd
 	EVFILT_TIMER                   = -0x7
 	EVFILT_USER                    = -0xb
 	EVFILT_VNODE                   = -0x4
 	EVFILT_WRITE                   = -0x2
+	EVNAMEMAP_NAME_SIZE            = 0x40
 	EV_ADD                         = 0x1
 	EV_CLEAR                       = 0x20
 	EV_DELETE                      = 0x2
@@ -576,6 +611,7 @@ const (
 	EV_RECEIPT                     = 0x40
 	EV_SYSFLAGS                    = 0xf000
 	EXTA                           = 0x4b00
+	EXTATTR_MAXNAMELEN             = 0xff
 	EXTATTR_NAMESPACE_EMPTY        = 0x0
 	EXTATTR_NAMESPACE_SYSTEM       = 0x2
 	EXTATTR_NAMESPACE_USER         = 0x1
@@ -617,6 +653,7 @@ const (
 	IEXTEN                         = 0x400
 	IFAN_ARRIVAL                   = 0x0
 	IFAN_DEPARTURE                 = 0x1
+	IFCAP_WOL_MAGIC                = 0x2000
 	IFF_ALLMULTI                   = 0x200
 	IFF_ALTPHYS                    = 0x4000
 	IFF_BROADCAST                  = 0x2
@@ -633,6 +670,7 @@ const (
 	IFF_MONITOR                    = 0x40000
 	IFF_MULTICAST                  = 0x8000
 	IFF_NOARP                      = 0x80
+	IFF_NOGROUP                    = 0x800000
 	IFF_OACTIVE                    = 0x400
 	IFF_POINTOPOINT                = 0x10
 	IFF_PPROMISC                   = 0x20000
@@ -807,6 +845,7 @@ const (
 	IPV6_DSTOPTS                   = 0x32
 	IPV6_FLOWID                    = 0x43
 	IPV6_FLOWINFO_MASK             = 0xffffff0f
+	IPV6_FLOWLABEL_LEN             = 0x14
 	IPV6_FLOWLABEL_MASK            = 0xffff0f00
 	IPV6_FLOWTYPE                  = 0x44
 	IPV6_FRAGTTL                   = 0x78
@@ -827,13 +866,13 @@ const (
 	IPV6_MAX_GROUP_SRC_FILTER      = 0x200
 	IPV6_MAX_MEMBERSHIPS           = 0xfff
 	IPV6_MAX_SOCK_SRC_FILTER       = 0x80
-	IPV6_MIN_MEMBERSHIPS           = 0x1f
 	IPV6_MMTU                      = 0x500
 	IPV6_MSFILTER                  = 0x4a
 	IPV6_MULTICAST_HOPS            = 0xa
 	IPV6_MULTICAST_IF              = 0x9
 	IPV6_MULTICAST_LOOP            = 0xb
 	IPV6_NEXTHOP                   = 0x30
+	IPV6_ORIGDSTADDR               = 0x48
 	IPV6_PATHMTU                   = 0x2c
 	IPV6_PKTINFO                   = 0x2e
 	IPV6_PORTRANGE                 = 0xe
@@ -845,6 +884,7 @@ const (
 	IPV6_RECVFLOWID                = 0x46
 	IPV6_RECVHOPLIMIT              = 0x25
 	IPV6_RECVHOPOPTS               = 0x27
+	IPV6_RECVORIGDSTADDR           = 0x48
 	IPV6_RECVPATHMTU               = 0x2b
 	IPV6_RECVPKTINFO               = 0x24
 	IPV6_RECVRSSBUCKETID           = 0x47
@@ -905,10 +945,8 @@ const (
 	IP_MAX_MEMBERSHIPS             = 0xfff
 	IP_MAX_SOCK_MUTE_FILTER        = 0x80
 	IP_MAX_SOCK_SRC_FILTER         = 0x80
-	IP_MAX_SOURCE_FILTER           = 0x400
 	IP_MF                          = 0x2000
 	IP_MINTTL                      = 0x42
-	IP_MIN_MEMBERSHIPS             = 0x1f
 	IP_MSFILTER                    = 0x4a
 	IP_MSS                         = 0x240
 	IP_MULTICAST_IF                = 0x9
@@ -918,6 +956,7 @@ const (
 	IP_OFFMASK                     = 0x1fff
 	IP_ONESBCAST                   = 0x17
 	IP_OPTIONS                     = 0x1
+	IP_ORIGDSTADDR                 = 0x1b
 	IP_PORTRANGE                   = 0x13
 	IP_PORTRANGE_DEFAULT           = 0x0
 	IP_PORTRANGE_HIGH              = 0x1
@@ -926,6 +965,7 @@ const (
 	IP_RECVFLOWID                  = 0x5d
 	IP_RECVIF                      = 0x14
 	IP_RECVOPTS                    = 0x5
+	IP_RECVORIGDSTADDR             = 0x1b
 	IP_RECVRETOPTS                 = 0x6
 	IP_RECVRSSBUCKETID             = 0x5e
 	IP_RECVTOS                     = 0x44
@@ -976,6 +1016,7 @@ const (
 	MAP_EXCL                       = 0x4000
 	MAP_FILE                       = 0x0
 	MAP_FIXED                      = 0x10
+	MAP_GUARD                      = 0x2000
 	MAP_HASSEMAPHORE               = 0x200
 	MAP_NOCORE                     = 0x20000
 	MAP_NOSYNC                     = 0x800
@@ -987,6 +1028,15 @@ const (
 	MAP_RESERVED0100               = 0x100
 	MAP_SHARED                     = 0x1
 	MAP_STACK                      = 0x400
+	MCAST_BLOCK_SOURCE             = 0x54
+	MCAST_EXCLUDE                  = 0x2
+	MCAST_INCLUDE                  = 0x1
+	MCAST_JOIN_GROUP               = 0x50
+	MCAST_JOIN_SOURCE_GROUP        = 0x52
+	MCAST_LEAVE_GROUP              = 0x51
+	MCAST_LEAVE_SOURCE_GROUP       = 0x53
+	MCAST_UNBLOCK_SOURCE           = 0x55
+	MCAST_UNDEFINED                = 0x0
 	MCL_CURRENT                    = 0x1
 	MCL_FUTURE                     = 0x2
 	MNT_ACLS                       = 0x8000000
@@ -1027,10 +1077,12 @@ const (
 	MNT_SUSPEND                    = 0x4
 	MNT_SYNCHRONOUS                = 0x2
 	MNT_UNION                      = 0x20
+	MNT_UNTRUSTED                  = 0x800000000
 	MNT_UPDATE                     = 0x10000
-	MNT_UPDATEMASK                 = 0x2d8d0807e
+	MNT_UPDATEMASK                 = 0xad8d0807e
 	MNT_USER                       = 0x8000
-	MNT_VISFLAGMASK                = 0x3fef0ffff
+	MNT_VERIFIED                   = 0x400000000
+	MNT_VISFLAGMASK                = 0xffef0ffff
 	MNT_WAIT                       = 0x1
 	MSG_CMSG_CLOEXEC               = 0x40000
 	MSG_COMPAT                     = 0x8000
@@ -1059,6 +1111,7 @@ const (
 	NFDBITS                        = 0x40
 	NOFLSH                         = 0x80000000
 	NOKERNINFO                     = 0x2000000
+	NOTE_ABSTIME                   = 0x10
 	NOTE_ATTRIB                    = 0x8
 	NOTE_CHILD                     = 0x4
 	NOTE_CLOSE                     = 0x100
@@ -1213,7 +1266,6 @@ const (
 	RTV_WEIGHT                     = 0x100
 	RT_ALL_FIBS                    = -0x1
 	RT_BLACKHOLE                   = 0x40
-	RT_CACHING_CONTEXT             = 0x1
 	RT_DEFAULT_FIB                 = 0x0
 	RT_HAS_GW                      = 0x80
 	RT_HAS_HEADER                  = 0x10
@@ -1223,15 +1275,17 @@ const (
 	RT_LLE_CACHE                   = 0x100
 	RT_MAY_LOOP                    = 0x8
 	RT_MAY_LOOP_BIT                = 0x3
-	RT_NORTREF                     = 0x2
 	RT_REJECT                      = 0x20
 	RUSAGE_CHILDREN                = -0x1
 	RUSAGE_SELF                    = 0x0
 	RUSAGE_THREAD                  = 0x1
 	SCM_BINTIME                    = 0x4
 	SCM_CREDS                      = 0x3
+	SCM_MONOTONIC                  = 0x6
+	SCM_REALTIME                   = 0x5
 	SCM_RIGHTS                     = 0x1
 	SCM_TIMESTAMP                  = 0x2
+	SCM_TIME_INFO                  = 0x7
 	SHUT_RD                        = 0x0
 	SHUT_RDWR                      = 0x2
 	SHUT_WR                        = 0x1
@@ -1247,6 +1301,7 @@ const (
 	SIOCGETSGCNT                   = 0xc0207210
 	SIOCGETVIFCNT                  = 0xc028720f
 	SIOCGHIWAT                     = 0x40047301
+	SIOCGHWADDR                    = 0xc020693e
 	SIOCGI2C                       = 0xc020693d
 	SIOCGIFADDR                    = 0xc0206921
 	SIOCGIFBRDADDR                 = 0xc0206923
@@ -1268,8 +1323,11 @@ const (
 	SIOCGIFPDSTADDR                = 0xc0206948
 	SIOCGIFPHYS                    = 0xc0206935
 	SIOCGIFPSRCADDR                = 0xc0206947
+	SIOCGIFRSSHASH                 = 0xc0186997
+	SIOCGIFRSSKEY                  = 0xc0946996
 	SIOCGIFSTATUS                  = 0xc331693b
 	SIOCGIFXMEDIA                  = 0xc030698b
+	SIOCGLANPCP                    = 0xc0206998
 	SIOCGLOWAT                     = 0x40047303
 	SIOCGPGRP                      = 0x40047309
 	SIOCGPRIVATE_0                 = 0xc0206950
@@ -1300,6 +1358,7 @@ const (
 	SIOCSIFPHYS                    = 0x80206936
 	SIOCSIFRVNET                   = 0xc020695b
 	SIOCSIFVNET                    = 0xc020695a
+	SIOCSLANPCP                    = 0x80206999
 	SIOCSLOWAT                     = 0x80047302
 	SIOCSPGRP                      = 0x80047308
 	SIOCSTUNFIB                    = 0x8020695f
@@ -1318,6 +1377,7 @@ const (
 	SO_BINTIME                     = 0x2000
 	SO_BROADCAST                   = 0x20
 	SO_DEBUG                       = 0x1
+	SO_DOMAIN                      = 0x1019
 	SO_DONTROUTE                   = 0x10
 	SO_ERROR                       = 0x1007
 	SO_KEEPALIVE                   = 0x8
@@ -1326,6 +1386,7 @@ const (
 	SO_LISTENINCQLEN               = 0x1013
 	SO_LISTENQLEN                  = 0x1012
 	SO_LISTENQLIMIT                = 0x1011
+	SO_MAX_PACING_RATE             = 0x1018
 	SO_NOSIGPIPE                   = 0x800
 	SO_NO_DDP                      = 0x8000
 	SO_NO_OFFLOAD                  = 0x4000
@@ -1338,11 +1399,19 @@ const (
 	SO_RCVTIMEO                    = 0x1006
 	SO_REUSEADDR                   = 0x4
 	SO_REUSEPORT                   = 0x200
+	SO_REUSEPORT_LB                = 0x10000
 	SO_SETFIB                      = 0x1014
 	SO_SNDBUF                      = 0x1001
 	SO_SNDLOWAT                    = 0x1003
 	SO_SNDTIMEO                    = 0x1005
 	SO_TIMESTAMP                   = 0x400
+	SO_TS_BINTIME                  = 0x1
+	SO_TS_CLOCK                    = 0x1017
+	SO_TS_CLOCK_MAX                = 0x3
+	SO_TS_DEFAULT                  = 0x0
+	SO_TS_MONOTONIC                = 0x3
+	SO_TS_REALTIME                 = 0x2
+	SO_TS_REALTIME_MICRO           = 0x0
 	SO_TYPE                        = 0x1008
 	SO_USELOOPBACK                 = 0x40
 	SO_USER_COOKIE                 = 0x1015
@@ -1386,10 +1455,45 @@ const (
 	TCOFLUSH                       = 0x2
 	TCOOFF                         = 0x1
 	TCOON                          = 0x2
+	TCP_BBR_ACK_COMP_ALG           = 0x448
+	TCP_BBR_DRAIN_INC_EXTRA        = 0x43c
+	TCP_BBR_DRAIN_PG               = 0x42e
+	TCP_BBR_EXTRA_GAIN             = 0x449
+	TCP_BBR_IWINTSO                = 0x42b
+	TCP_BBR_LOWGAIN_FD             = 0x436
+	TCP_BBR_LOWGAIN_HALF           = 0x435
+	TCP_BBR_LOWGAIN_THRESH         = 0x434
+	TCP_BBR_MAX_RTO                = 0x439
+	TCP_BBR_MIN_RTO                = 0x438
+	TCP_BBR_ONE_RETRAN             = 0x431
+	TCP_BBR_PACE_CROSS             = 0x442
+	TCP_BBR_PACE_DEL_TAR           = 0x43f
+	TCP_BBR_PACE_PER_SEC           = 0x43e
+	TCP_BBR_PACE_SEG_MAX           = 0x440
+	TCP_BBR_PACE_SEG_MIN           = 0x441
+	TCP_BBR_PROBE_RTT_GAIN         = 0x44d
+	TCP_BBR_PROBE_RTT_INT          = 0x430
+	TCP_BBR_PROBE_RTT_LEN          = 0x44e
+	TCP_BBR_RACK_RTT_USE           = 0x44a
+	TCP_BBR_RECFORCE               = 0x42c
+	TCP_BBR_REC_OVER_HPTS          = 0x43a
+	TCP_BBR_RETRAN_WTSO            = 0x44b
+	TCP_BBR_RWND_IS_APP            = 0x42f
+	TCP_BBR_STARTUP_EXIT_EPOCH     = 0x43d
+	TCP_BBR_STARTUP_LOSS_EXIT      = 0x432
+	TCP_BBR_STARTUP_PG             = 0x42d
+	TCP_BBR_UNLIMITED              = 0x43b
+	TCP_BBR_USEDEL_RATE            = 0x437
+	TCP_BBR_USE_LOWGAIN            = 0x433
 	TCP_CA_NAME_MAX                = 0x10
 	TCP_CCALGOOPT                  = 0x41
 	TCP_CONGESTION                 = 0x40
+	TCP_DATA_AFTER_CLOSE           = 0x44c
+	TCP_DELACK                     = 0x48
 	TCP_FASTOPEN                   = 0x401
+	TCP_FASTOPEN_MAX_COOKIE_LEN    = 0x10
+	TCP_FASTOPEN_MIN_COOKIE_LEN    = 0x4
+	TCP_FASTOPEN_PSK_LEN           = 0x10
 	TCP_FUNCTION_BLK               = 0x2000
 	TCP_FUNCTION_NAME_LEN_MAX      = 0x20
 	TCP_INFO                       = 0x20
@@ -1397,6 +1501,12 @@ const (
 	TCP_KEEPIDLE                   = 0x100
 	TCP_KEEPINIT                   = 0x80
 	TCP_KEEPINTVL                  = 0x200
+	TCP_LOG                        = 0x22
+	TCP_LOGBUF                     = 0x23
+	TCP_LOGDUMP                    = 0x25
+	TCP_LOGDUMPID                  = 0x26
+	TCP_LOGID                      = 0x24
+	TCP_LOG_ID_LEN                 = 0x40
 	TCP_MAXBURST                   = 0x4
 	TCP_MAXHLEN                    = 0x3c
 	TCP_MAXOLEN                    = 0x28
@@ -1412,8 +1522,30 @@ const (
 	TCP_NOPUSH                     = 0x4
 	TCP_PCAP_IN                    = 0x1000
 	TCP_PCAP_OUT                   = 0x800
+	TCP_RACK_EARLY_RECOV           = 0x423
+	TCP_RACK_EARLY_SEG             = 0x424
+	TCP_RACK_IDLE_REDUCE_HIGH      = 0x444
+	TCP_RACK_MIN_PACE              = 0x445
+	TCP_RACK_MIN_PACE_SEG          = 0x446
+	TCP_RACK_MIN_TO                = 0x422
+	TCP_RACK_PACE_ALWAYS           = 0x41f
+	TCP_RACK_PACE_MAX_SEG          = 0x41e
+	TCP_RACK_PACE_REDUCE           = 0x41d
+	TCP_RACK_PKT_DELAY             = 0x428
+	TCP_RACK_PROP                  = 0x41b
+	TCP_RACK_PROP_RATE             = 0x420
+	TCP_RACK_PRR_SENDALOT          = 0x421
+	TCP_RACK_REORD_FADE            = 0x426
+	TCP_RACK_REORD_THRESH          = 0x425
+	TCP_RACK_SESS_CWV              = 0x42a
+	TCP_RACK_TLP_INC_VAR           = 0x429
+	TCP_RACK_TLP_REDUCE            = 0x41c
+	TCP_RACK_TLP_THRESH            = 0x427
+	TCP_RACK_TLP_USE               = 0x447
 	TCP_VENDOR                     = 0x80000000
 	TCSAFLUSH                      = 0x2
+	TIMER_ABSTIME                  = 0x1
+	TIMER_RELTIME                  = 0x0
 	TIOCCBRK                       = 0x2000747a
 	TIOCCDTR                       = 0x20007478
 	TIOCCONS                       = 0x80047462
@@ -1477,6 +1609,8 @@ const (
 	TIOCTIMESTAMP                  = 0x40107459
 	TIOCUCNTL                      = 0x80047466
 	TOSTOP                         = 0x400000
+	UTIME_NOW                      = -0x1
+	UTIME_OMIT                     = -0x2
 	VDISCARD                       = 0xf
 	VDSUSP                         = 0xb
 	VEOF                           = 0x0
@@ -1488,6 +1622,7 @@ const (
 	VKILL                          = 0x5
 	VLNEXT                         = 0xe
 	VMIN                           = 0x10
+	VM_BCACHE_SIZE_MAX             = 0x19000000
 	VQUIT                          = 0x9
 	VREPRINT                       = 0x6
 	VSTART                         = 0xc
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go
index 5be454c0d..219739407 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go
@@ -216,6 +216,7 @@ const (
 	BPF_F_RDONLY                                = 0x8
 	BPF_F_RDONLY_PROG                           = 0x80
 	BPF_F_RECOMPUTE_CSUM                        = 0x1
+	BPF_F_REPLACE                               = 0x4
 	BPF_F_REUSE_STACKID                         = 0x400
 	BPF_F_SEQ_NUMBER                            = 0x8
 	BPF_F_SKIP_FIELD_MASK                       = 0xff
@@ -389,6 +390,7 @@ const (
 	CLONE_NEWNET                                = 0x40000000
 	CLONE_NEWNS                                 = 0x20000
 	CLONE_NEWPID                                = 0x20000000
+	CLONE_NEWTIME                               = 0x80
 	CLONE_NEWUSER                               = 0x10000000
 	CLONE_NEWUTS                                = 0x4000000
 	CLONE_PARENT                                = 0x8000
@@ -671,6 +673,7 @@ const (
 	FS_IOC_ADD_ENCRYPTION_KEY                   = 0xc0506617
 	FS_IOC_GET_ENCRYPTION_KEY_STATUS            = 0xc080661a
 	FS_IOC_GET_ENCRYPTION_POLICY_EX             = 0xc0096616
+	FS_IOC_MEASURE_VERITY                       = 0xc0046686
 	FS_IOC_REMOVE_ENCRYPTION_KEY                = 0xc0406618
 	FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS      = 0xc0406619
 	FS_KEY_DESCRIPTOR_SIZE                      = 0x8
@@ -683,6 +686,9 @@ const (
 	FS_POLICY_FLAGS_PAD_8                       = 0x1
 	FS_POLICY_FLAGS_PAD_MASK                    = 0x3
 	FS_POLICY_FLAGS_VALID                       = 0xf
+	FS_VERITY_FL                                = 0x100000
+	FS_VERITY_HASH_ALG_SHA256                   = 0x1
+	FS_VERITY_HASH_ALG_SHA512                   = 0x2
 	FUTEXFS_SUPER_MAGIC                         = 0xbad1dea
 	F_ADD_SEALS                                 = 0x409
 	F_DUPFD                                     = 0x0
@@ -733,6 +739,7 @@ const (
 	GENL_NAMSIZ                                 = 0x10
 	GENL_START_ALLOC                            = 0x13
 	GENL_UNS_ADMIN_PERM                         = 0x10
+	GRND_INSECURE                               = 0x4
 	GRND_NONBLOCK                               = 0x1
 	GRND_RANDOM                                 = 0x2
 	HDIO_DRIVE_CMD                              = 0x31f
@@ -890,6 +897,7 @@ const (
 	IPPROTO_IP                                  = 0x0
 	IPPROTO_IPIP                                = 0x4
 	IPPROTO_IPV6                                = 0x29
+	IPPROTO_L2TP                                = 0x73
 	IPPROTO_MH                                  = 0x87
 	IPPROTO_MPLS                                = 0x89
 	IPPROTO_MTP                                 = 0x5c
@@ -1482,6 +1490,7 @@ const (
 	PR_GET_FPEMU                                = 0x9
 	PR_GET_FPEXC                                = 0xb
 	PR_GET_FP_MODE                              = 0x2e
+	PR_GET_IO_FLUSHER                           = 0x3a
 	PR_GET_KEEPCAPS                             = 0x7
 	PR_GET_NAME                                 = 0x10
 	PR_GET_NO_NEW_PRIVS                         = 0x27
@@ -1517,6 +1526,7 @@ const (
 	PR_SET_FPEMU                                = 0xa
 	PR_SET_FPEXC                                = 0xc
 	PR_SET_FP_MODE                              = 0x2d
+	PR_SET_IO_FLUSHER                           = 0x39
 	PR_SET_KEEPCAPS                             = 0x8
 	PR_SET_MM                                   = 0x23
 	PR_SET_MM_ARG_END                           = 0x9
@@ -1745,12 +1755,15 @@ const (
 	RTM_DELRULE                                 = 0x21
 	RTM_DELTCLASS                               = 0x29
 	RTM_DELTFILTER                              = 0x2d
+	RTM_DELVLAN                                 = 0x71
 	RTM_F_CLONED                                = 0x200
 	RTM_F_EQUALIZE                              = 0x400
 	RTM_F_FIB_MATCH                             = 0x2000
 	RTM_F_LOOKUP_TABLE                          = 0x1000
 	RTM_F_NOTIFY                                = 0x100
+	RTM_F_OFFLOAD                               = 0x4000
 	RTM_F_PREFIX                                = 0x800
+	RTM_F_TRAP                                  = 0x8000
 	RTM_GETACTION                               = 0x32
 	RTM_GETADDR                                 = 0x16
 	RTM_GETADDRLABEL                            = 0x4a
@@ -1772,7 +1785,8 @@ const (
 	RTM_GETSTATS                                = 0x5e
 	RTM_GETTCLASS                               = 0x2a
 	RTM_GETTFILTER                              = 0x2e
-	RTM_MAX                                     = 0x6f
+	RTM_GETVLAN                                 = 0x72
+	RTM_MAX                                     = 0x73
 	RTM_NEWACTION                               = 0x30
 	RTM_NEWADDR                                 = 0x14
 	RTM_NEWADDRLABEL                            = 0x48
@@ -1787,6 +1801,7 @@ const (
 	RTM_NEWNETCONF                              = 0x50
 	RTM_NEWNEXTHOP                              = 0x68
 	RTM_NEWNSID                                 = 0x58
+	RTM_NEWNVLAN                                = 0x70
 	RTM_NEWPREFIX                               = 0x34
 	RTM_NEWQDISC                                = 0x24
 	RTM_NEWROUTE                                = 0x18
@@ -1794,8 +1809,8 @@ const (
 	RTM_NEWSTATS                                = 0x5c
 	RTM_NEWTCLASS                               = 0x28
 	RTM_NEWTFILTER                              = 0x2c
-	RTM_NR_FAMILIES                             = 0x18
-	RTM_NR_MSGTYPES                             = 0x60
+	RTM_NR_FAMILIES                             = 0x19
+	RTM_NR_MSGTYPES                             = 0x64
 	RTM_SETDCB                                  = 0x4f
 	RTM_SETLINK                                 = 0x13
 	RTM_SETNEIGHTBL                             = 0x43
@@ -2085,7 +2100,7 @@ const (
 	TASKSTATS_GENL_NAME                         = "TASKSTATS"
 	TASKSTATS_GENL_VERSION                      = 0x1
 	TASKSTATS_TYPE_MAX                          = 0x6
-	TASKSTATS_VERSION                           = 0x9
+	TASKSTATS_VERSION                           = 0xa
 	TCIFLUSH                                    = 0x0
 	TCIOFF                                      = 0x2
 	TCIOFLUSH                                   = 0x2
@@ -2266,7 +2281,7 @@ const (
 	VMADDR_CID_ANY                              = 0xffffffff
 	VMADDR_CID_HOST                             = 0x2
 	VMADDR_CID_HYPERVISOR                       = 0x0
-	VMADDR_CID_RESERVED                         = 0x1
+	VMADDR_CID_LOCAL                            = 0x1
 	VMADDR_PORT_ANY                             = 0xffffffff
 	VM_SOCKETS_INVALID_VERSION                  = 0xffffffff
 	VQUIT                                       = 0x1
@@ -2393,6 +2408,7 @@ const (
 	XENFS_SUPER_MAGIC                           = 0xabba1974
 	XFS_SUPER_MAGIC                             = 0x58465342
 	Z3FOLD_MAGIC                                = 0x33
+	ZONEFS_MAGIC                                = 0x5a4f4653
 	ZSMALLOC_MAGIC                              = 0x58295829
 )
 
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
index 0876cf92f..028c9d878 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
@@ -73,6 +73,8 @@ const (
 	FFDLY                            = 0x8000
 	FLUSHO                           = 0x1000
 	FP_XSTATE_MAGIC2                 = 0x46505845
+	FS_IOC_ENABLE_VERITY             = 0x40806685
+	FS_IOC_GETFLAGS                  = 0x80046601
 	FS_IOC_GET_ENCRYPTION_POLICY     = 0x400c6615
 	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x40106614
 	FS_IOC_SET_ENCRYPTION_POLICY     = 0x800c6613
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
index d5be2e837..005970f71 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
@@ -73,6 +73,8 @@ const (
 	FFDLY                            = 0x8000
 	FLUSHO                           = 0x1000
 	FP_XSTATE_MAGIC2                 = 0x46505845
+	FS_IOC_ENABLE_VERITY             = 0x40806685
+	FS_IOC_GETFLAGS                  = 0x80086601
 	FS_IOC_GET_ENCRYPTION_POLICY     = 0x400c6615
 	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x40106614
 	FS_IOC_SET_ENCRYPTION_POLICY     = 0x800c6613
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
index fbeef8325..0541f36ee 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
@@ -72,6 +72,8 @@ const (
 	FF1                              = 0x8000
 	FFDLY                            = 0x8000
 	FLUSHO                           = 0x1000
+	FS_IOC_ENABLE_VERITY             = 0x40806685
+	FS_IOC_GETFLAGS                  = 0x80046601
 	FS_IOC_GET_ENCRYPTION_POLICY     = 0x400c6615
 	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x40106614
 	FS_IOC_SET_ENCRYPTION_POLICY     = 0x800c6613
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
index 06daa50eb..9ee8d1bc8 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
@@ -75,6 +75,8 @@ const (
 	FFDLY                            = 0x8000
 	FLUSHO                           = 0x1000
 	FPSIMD_MAGIC                     = 0x46508001
+	FS_IOC_ENABLE_VERITY             = 0x40806685
+	FS_IOC_GETFLAGS                  = 0x80086601
 	FS_IOC_GET_ENCRYPTION_POLICY     = 0x400c6615
 	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x40106614
 	FS_IOC_SET_ENCRYPTION_POLICY     = 0x800c6613
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
index 7c866b8f5..4826bd705 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
@@ -72,6 +72,8 @@ const (
 	FF1                              = 0x8000
 	FFDLY                            = 0x8000
 	FLUSHO                           = 0x2000
+	FS_IOC_ENABLE_VERITY             = 0x80806685
+	FS_IOC_GETFLAGS                  = 0x40046601
 	FS_IOC_GET_ENCRYPTION_POLICY     = 0x800c6615
 	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x80106614
 	FS_IOC_SET_ENCRYPTION_POLICY     = 0x400c6613
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
index c42966d19..2346dc554 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
@@ -72,6 +72,8 @@ const (
 	FF1                              = 0x8000
 	FFDLY                            = 0x8000
 	FLUSHO                           = 0x2000
+	FS_IOC_ENABLE_VERITY             = 0x80806685
+	FS_IOC_GETFLAGS                  = 0x40086601
 	FS_IOC_GET_ENCRYPTION_POLICY     = 0x800c6615
 	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x80106614
 	FS_IOC_SET_ENCRYPTION_POLICY     = 0x400c6613
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
index a5b2b4273..e758b61e3 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
@@ -72,6 +72,8 @@ const (
 	FF1                              = 0x8000
 	FFDLY                            = 0x8000
 	FLUSHO                           = 0x2000
+	FS_IOC_ENABLE_VERITY             = 0x80806685
+	FS_IOC_GETFLAGS                  = 0x40086601
 	FS_IOC_GET_ENCRYPTION_POLICY     = 0x800c6615
 	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x80106614
 	FS_IOC_SET_ENCRYPTION_POLICY     = 0x400c6613
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
index 7f91881b8..2dfe6bba1 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
@@ -72,6 +72,8 @@ const (
 	FF1                              = 0x8000
 	FFDLY                            = 0x8000
 	FLUSHO                           = 0x2000
+	FS_IOC_ENABLE_VERITY             = 0x80806685
+	FS_IOC_GETFLAGS                  = 0x40046601
 	FS_IOC_GET_ENCRYPTION_POLICY     = 0x800c6615
 	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x80106614
 	FS_IOC_SET_ENCRYPTION_POLICY     = 0x400c6613
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
index 63df35597..518586670 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
@@ -72,6 +72,8 @@ const (
 	FF1                              = 0x4000
 	FFDLY                            = 0x4000
 	FLUSHO                           = 0x800000
+	FS_IOC_ENABLE_VERITY             = 0x80806685
+	FS_IOC_GETFLAGS                  = 0x40086601
 	FS_IOC_GET_ENCRYPTION_POLICY     = 0x800c6615
 	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x80106614
 	FS_IOC_SET_ENCRYPTION_POLICY     = 0x400c6613
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
index 7ab68f7c8..4231b20b5 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
@@ -72,6 +72,8 @@ const (
 	FF1                              = 0x4000
 	FFDLY                            = 0x4000
 	FLUSHO                           = 0x800000
+	FS_IOC_ENABLE_VERITY             = 0x80806685
+	FS_IOC_GETFLAGS                  = 0x40086601
 	FS_IOC_GET_ENCRYPTION_POLICY     = 0x800c6615
 	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x80106614
 	FS_IOC_SET_ENCRYPTION_POLICY     = 0x400c6613
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
index f99cf1b9e..6a0b2d293 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
@@ -72,6 +72,8 @@ const (
 	FF1                              = 0x8000
 	FFDLY                            = 0x8000
 	FLUSHO                           = 0x1000
+	FS_IOC_ENABLE_VERITY             = 0x40806685
+	FS_IOC_GETFLAGS                  = 0x80086601
 	FS_IOC_GET_ENCRYPTION_POLICY     = 0x400c6615
 	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x40106614
 	FS_IOC_SET_ENCRYPTION_POLICY     = 0x800c6613
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
index 613ee237e..95e950fc8 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
@@ -72,6 +72,8 @@ const (
 	FF1                              = 0x8000
 	FFDLY                            = 0x8000
 	FLUSHO                           = 0x1000
+	FS_IOC_ENABLE_VERITY             = 0x40806685
+	FS_IOC_GETFLAGS                  = 0x80086601
 	FS_IOC_GET_ENCRYPTION_POLICY     = 0x400c6615
 	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x40106614
 	FS_IOC_SET_ENCRYPTION_POLICY     = 0x800c6613
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
index 1f7a68d5c..079762fa9 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
@@ -76,6 +76,8 @@ const (
 	FF1                              = 0x8000
 	FFDLY                            = 0x8000
 	FLUSHO                           = 0x1000
+	FS_IOC_ENABLE_VERITY             = 0x80806685
+	FS_IOC_GETFLAGS                  = 0x40086601
 	FS_IOC_GET_ENCRYPTION_POLICY     = 0x800c6615
 	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x80106614
 	FS_IOC_SET_ENCRYPTION_POLICY     = 0x400c6613
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
index c9058f309..600f1d26d 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
@@ -214,22 +214,6 @@ func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, ne
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
-	var _p0 unsafe.Pointer
-	if len(mib) > 0 {
-		_p0 = unsafe.Pointer(&mib[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func utimes(path string, timeval *[2]Timeval) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -376,8 +360,15 @@ func pipe2(p *[2]_C_int, flags int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func ptrace(request int, pid int, addr uintptr, data int) (err error) {
-	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+func Getcwd(buf []byte) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall(SYS___GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
+	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -386,15 +377,24 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Getcwd(buf []byte) (n int, err error) {
+func ioctl(fd int, req uint, arg uintptr) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := Syscall(SYS___GETCWD, uintptr(_p0), uintptr(len(buf)), 0)
-	n = int(r0)
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -403,8 +403,8 @@ func Getcwd(buf []byte) (n int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func ioctl(fd int, req uint, arg uintptr) (err error) {
-	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+func ptrace(request int, pid int, addr uintptr, data int) (err error) {
+	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1352,7 +1352,7 @@ func mknodat_freebsd12(fd int, path string, mode uint32, dev uint64) (err error)
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_MKNODAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	_, _, e1 := Syscall6(SYS_MKNODAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), uintptr(dev>>32), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
index 49b20c229..064934b0d 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
@@ -350,22 +350,6 @@ func Munlockall() (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
-	var _p0 unsafe.Pointer
-	if len(mib) > 0 {
-		_p0 = unsafe.Pointer(&mib[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func pipe2(p *[2]_C_int, flags int) (err error) {
 	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
 	if e1 != 0 {
@@ -403,6 +387,22 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func ptrace(request int, pid int, addr uintptr, data int) (err error) {
 	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
 	if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
index abab3d7cb..4adaaa561 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
@@ -1,4 +1,4 @@
-// go run mksyscall.go -tags freebsd,arm64 -- syscall_bsd.go syscall_freebsd.go syscall_freebsd_arm64.go
+// go run mksyscall.go -tags freebsd,arm64 syscall_bsd.go syscall_freebsd.go syscall_freebsd_arm64.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 // +build freebsd,arm64
@@ -350,22 +350,6 @@ func Munlockall() (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
-	var _p0 unsafe.Pointer
-	if len(mib) > 0 {
-		_p0 = unsafe.Pointer(&mib[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func pipe2(p *[2]_C_int, flags int) (err error) {
 	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
 	if e1 != 0 {
@@ -403,6 +387,22 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func ptrace(request int, pid int, addr uintptr, data int) (err error) {
 	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
 	if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go
new file mode 100644
index 000000000..92efa1da3
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go
@@ -0,0 +1,87 @@
+// go run mksyscall_solaris.go -illumos -tags illumos,amd64 syscall_illumos.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build illumos,amd64
+
+package unix
+
+import (
+	"unsafe"
+)
+
+//go:cgo_import_dynamic libc_readv readv "libc.so"
+//go:cgo_import_dynamic libc_preadv preadv "libc.so"
+//go:cgo_import_dynamic libc_writev writev "libc.so"
+//go:cgo_import_dynamic libc_pwritev pwritev "libc.so"
+
+//go:linkname procreadv libc_readv
+//go:linkname procpreadv libc_preadv
+//go:linkname procwritev libc_writev
+//go:linkname procpwritev libc_pwritev
+
+var (
+	procreadv,
+	procpreadv,
+	procwritev,
+	procpwritev syscallFunc
+)
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readv(fd int, iovs []Iovec) (n int, err error) {
+	var _p0 *Iovec
+	if len(iovs) > 0 {
+		_p0 = &iovs[0]
+	}
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procreadv)), 3, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(iovs)), 0, 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func preadv(fd int, iovs []Iovec, off int64) (n int, err error) {
+	var _p0 *Iovec
+	if len(iovs) > 0 {
+		_p0 = &iovs[0]
+	}
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procpreadv)), 4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(iovs)), uintptr(off), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writev(fd int, iovs []Iovec) (n int, err error) {
+	var _p0 *Iovec
+	if len(iovs) > 0 {
+		_p0 = &iovs[0]
+	}
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procwritev)), 3, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(iovs)), 0, 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pwritev(fd int, iovs []Iovec, off int64) (n int, err error) {
+	var _p0 *Iovec
+	if len(iovs) > 0 {
+		_p0 = &iovs[0]
+	}
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procpwritev)), 4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(iovs)), uintptr(off), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
index f0d2890b1..1b897dee0 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
@@ -151,7 +151,7 @@ func Getgid() (gid int) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Getrlimit(resource int, rlim *Rlimit) (err error) {
+func getrlimit(resource int, rlim *Rlimit) (err error) {
 	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
@@ -307,7 +307,7 @@ func Setresuid(ruid int, euid int, suid int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Setrlimit(resource int, rlim *Rlimit) (err error) {
+func setrlimit(resource int, rlim *Rlimit) (err error) {
 	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
index 7aae554f2..54559a895 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
@@ -431,4 +431,6 @@ const (
 	SYS_FSPICK                       = 433
 	SYS_PIDFD_OPEN                   = 434
 	SYS_CLONE3                       = 435
+	SYS_OPENAT2                      = 437
+	SYS_PIDFD_GETFD                  = 438
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
index 7968439a9..054a741b7 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
@@ -353,4 +353,6 @@ const (
 	SYS_FSPICK                 = 433
 	SYS_PIDFD_OPEN             = 434
 	SYS_CLONE3                 = 435
+	SYS_OPENAT2                = 437
+	SYS_PIDFD_GETFD            = 438
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
index 3c663c69d..307f2ba12 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
@@ -395,4 +395,6 @@ const (
 	SYS_FSPICK                       = 433
 	SYS_PIDFD_OPEN                   = 434
 	SYS_CLONE3                       = 435
+	SYS_OPENAT2                      = 437
+	SYS_PIDFD_GETFD                  = 438
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
index 1f3b4d150..e9404dd54 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
@@ -298,4 +298,6 @@ const (
 	SYS_FSPICK                 = 433
 	SYS_PIDFD_OPEN             = 434
 	SYS_CLONE3                 = 435
+	SYS_OPENAT2                = 437
+	SYS_PIDFD_GETFD            = 438
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
index 00da3de90..68bb6d29b 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
@@ -416,4 +416,6 @@ const (
 	SYS_FSPICK                       = 4433
 	SYS_PIDFD_OPEN                   = 4434
 	SYS_CLONE3                       = 4435
+	SYS_OPENAT2                      = 4437
+	SYS_PIDFD_GETFD                  = 4438
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
index d404fbd4d..4e5251185 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
@@ -346,4 +346,6 @@ const (
 	SYS_FSPICK                 = 5433
 	SYS_PIDFD_OPEN             = 5434
 	SYS_CLONE3                 = 5435
+	SYS_OPENAT2                = 5437
+	SYS_PIDFD_GETFD            = 5438
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
index bfbf242f3..4d9aa3003 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
@@ -346,4 +346,6 @@ const (
 	SYS_FSPICK                 = 5433
 	SYS_PIDFD_OPEN             = 5434
 	SYS_CLONE3                 = 5435
+	SYS_OPENAT2                = 5437
+	SYS_PIDFD_GETFD            = 5438
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
index 3826f497a..64af0707d 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
@@ -416,4 +416,6 @@ const (
 	SYS_FSPICK                       = 4433
 	SYS_PIDFD_OPEN                   = 4434
 	SYS_CLONE3                       = 4435
+	SYS_OPENAT2                      = 4437
+	SYS_PIDFD_GETFD                  = 4438
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
index 52e3da649..cc3c067ba 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
@@ -395,4 +395,6 @@ const (
 	SYS_FSPICK                 = 433
 	SYS_PIDFD_OPEN             = 434
 	SYS_CLONE3                 = 435
+	SYS_OPENAT2                = 437
+	SYS_PIDFD_GETFD            = 438
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
index 6141f90a8..4050ff983 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
@@ -395,4 +395,6 @@ const (
 	SYS_FSPICK                 = 433
 	SYS_PIDFD_OPEN             = 434
 	SYS_CLONE3                 = 435
+	SYS_OPENAT2                = 437
+	SYS_PIDFD_GETFD            = 438
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
index 4f7261a88..529abb6a7 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
@@ -297,4 +297,6 @@ const (
 	SYS_FSPICK                 = 433
 	SYS_PIDFD_OPEN             = 434
 	SYS_CLONE3                 = 435
+	SYS_OPENAT2                = 437
+	SYS_PIDFD_GETFD            = 438
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
index f47014ac0..276650010 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
@@ -360,4 +360,6 @@ const (
 	SYS_FSPICK                 = 433
 	SYS_PIDFD_OPEN             = 434
 	SYS_CLONE3                 = 435
+	SYS_OPENAT2                = 437
+	SYS_PIDFD_GETFD            = 438
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
index dd78abb0d..4dc82bb24 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
@@ -374,4 +374,6 @@ const (
 	SYS_FSMOUNT                = 432
 	SYS_FSPICK                 = 433
 	SYS_PIDFD_OPEN             = 434
+	SYS_OPENAT2                = 437
+	SYS_PIDFD_GETFD            = 438
 )
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
index 0ec159680..2a3ec615f 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
@@ -128,9 +128,9 @@ type Statfs_t struct {
 	Owner       uint32
 	Fsid        Fsid
 	Charspare   [80]int8
-	Fstypename  [16]int8
-	Mntfromname [1024]int8
-	Mntonname   [1024]int8
+	Fstypename  [16]byte
+	Mntfromname [1024]byte
+	Mntonname   [1024]byte
 }
 
 type statfs_freebsd11_t struct {
@@ -153,9 +153,9 @@ type statfs_freebsd11_t struct {
 	Owner       uint32
 	Fsid        Fsid
 	Charspare   [80]int8
-	Fstypename  [16]int8
-	Mntfromname [88]int8
-	Mntonname   [88]int8
+	Fstypename  [16]byte
+	Mntfromname [88]byte
+	Mntonname   [88]byte
 }
 
 type Flock_t struct {
@@ -375,15 +375,15 @@ type PtraceLwpInfoStruct struct {
 }
 
 type __Siginfo struct {
-	Signo    int32
-	Errno    int32
-	Code     int32
-	Pid      int32
-	Uid      uint32
-	Status   int32
-	Addr     *byte
-	Value    [4]byte
-	X_reason [32]byte
+	Signo  int32
+	Errno  int32
+	Code   int32
+	Pid    int32
+	Uid    uint32
+	Status int32
+	Addr   *byte
+	Value  [4]byte
+	_      [32]byte
 }
 
 type Sigset_t struct {
@@ -458,7 +458,7 @@ type ifMsghdr struct {
 	Addrs   int32
 	Flags   int32
 	Index   uint16
-	_       [2]byte
+	_       uint16
 	Data    ifData
 }
 
@@ -469,7 +469,6 @@ type IfMsghdr struct {
 	Addrs   int32
 	Flags   int32
 	Index   uint16
-	_       [2]byte
 	Data    IfData
 }
 
@@ -536,7 +535,7 @@ type IfaMsghdr struct {
 	Addrs   int32
 	Flags   int32
 	Index   uint16
-	_       [2]byte
+	_       uint16
 	Metric  int32
 }
 
@@ -547,7 +546,7 @@ type IfmaMsghdr struct {
 	Addrs   int32
 	Flags   int32
 	Index   uint16
-	_       [2]byte
+	_       uint16
 }
 
 type IfAnnounceMsghdr struct {
@@ -564,7 +563,7 @@ type RtMsghdr struct {
 	Version uint8
 	Type    uint8
 	Index   uint16
-	_       [2]byte
+	_       uint16
 	Flags   int32
 	Addrs   int32
 	Pid     int32
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
index 8340f5775..e11e95499 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
@@ -123,9 +123,9 @@ type Statfs_t struct {
 	Owner       uint32
 	Fsid        Fsid
 	Charspare   [80]int8
-	Fstypename  [16]int8
-	Mntfromname [1024]int8
-	Mntonname   [1024]int8
+	Fstypename  [16]byte
+	Mntfromname [1024]byte
+	Mntonname   [1024]byte
 }
 
 type statfs_freebsd11_t struct {
@@ -148,9 +148,9 @@ type statfs_freebsd11_t struct {
 	Owner       uint32
 	Fsid        Fsid
 	Charspare   [80]int8
-	Fstypename  [16]int8
-	Mntfromname [88]int8
-	Mntonname   [88]int8
+	Fstypename  [16]byte
+	Mntfromname [88]byte
+	Mntonname   [88]byte
 }
 
 type Flock_t struct {
@@ -275,10 +275,8 @@ type IPv6Mreq struct {
 type Msghdr struct {
 	Name       *byte
 	Namelen    uint32
-	_          [4]byte
 	Iov        *Iovec
 	Iovlen     int32
-	_          [4]byte
 	Control    *byte
 	Controllen uint32
 	Flags      int32
@@ -463,7 +461,7 @@ type ifMsghdr struct {
 	Addrs   int32
 	Flags   int32
 	Index   uint16
-	_       [2]byte
+	_       uint16
 	Data    ifData
 }
 
@@ -474,7 +472,6 @@ type IfMsghdr struct {
 	Addrs   int32
 	Flags   int32
 	Index   uint16
-	_       [2]byte
 	Data    IfData
 }
 
@@ -541,7 +538,7 @@ type IfaMsghdr struct {
 	Addrs   int32
 	Flags   int32
 	Index   uint16
-	_       [2]byte
+	_       uint16
 	Metric  int32
 }
 
@@ -552,7 +549,7 @@ type IfmaMsghdr struct {
 	Addrs   int32
 	Flags   int32
 	Index   uint16
-	_       [2]byte
+	_       uint16
 }
 
 type IfAnnounceMsghdr struct {
@@ -569,7 +566,7 @@ type RtMsghdr struct {
 	Version uint8
 	Type    uint8
 	Index   uint16
-	_       [2]byte
+	_       uint16
 	Flags   int32
 	Addrs   int32
 	Pid     int32
@@ -623,7 +620,6 @@ type BpfZbuf struct {
 
 type BpfProgram struct {
 	Len   uint32
-	_     [4]byte
 	Insns *BpfInsn
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
index e751e0033..c6fe1d097 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
@@ -1,4 +1,4 @@
-// cgo -godefs types_freebsd.go | go run mkpost.go
+// cgo -godefs -- -fsigned-char types_freebsd.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 // +build arm64,freebsd
@@ -123,9 +123,9 @@ type Statfs_t struct {
 	Owner       uint32
 	Fsid        Fsid
 	Charspare   [80]int8
-	Fstypename  [16]int8
-	Mntfromname [1024]int8
-	Mntonname   [1024]int8
+	Fstypename  [16]byte
+	Mntfromname [1024]byte
+	Mntonname   [1024]byte
 }
 
 type statfs_freebsd11_t struct {
@@ -148,9 +148,9 @@ type statfs_freebsd11_t struct {
 	Owner       uint32
 	Fsid        Fsid
 	Charspare   [80]int8
-	Fstypename  [16]int8
-	Mntfromname [88]int8
-	Mntonname   [88]int8
+	Fstypename  [16]byte
+	Mntfromname [88]byte
+	Mntonname   [88]byte
 }
 
 type Flock_t struct {
@@ -275,10 +275,8 @@ type IPv6Mreq struct {
 type Msghdr struct {
 	Name       *byte
 	Namelen    uint32
-	_          [4]byte
 	Iov        *Iovec
 	Iovlen     int32
-	_          [4]byte
 	Control    *byte
 	Controllen uint32
 	Flags      int32
@@ -326,11 +324,9 @@ const (
 	PTRACE_CONT       = 0x7
 	PTRACE_DETACH     = 0xb
 	PTRACE_GETFPREGS  = 0x23
-	PTRACE_GETFSBASE  = 0x47
 	PTRACE_GETLWPLIST = 0xf
 	PTRACE_GETNUMLWPS = 0xe
 	PTRACE_GETREGS    = 0x21
-	PTRACE_GETXSTATE  = 0x45
 	PTRACE_IO         = 0xc
 	PTRACE_KILL       = 0x8
 	PTRACE_LWPEVENTS  = 0x18
@@ -373,15 +369,15 @@ type PtraceLwpInfoStruct struct {
 }
 
 type __Siginfo struct {
-	Signo    int32
-	Errno    int32
-	Code     int32
-	Pid      int32
-	Uid      uint32
-	Status   int32
-	Addr     *byte
-	Value    [8]byte
-	X_reason [40]byte
+	Signo  int32
+	Errno  int32
+	Code   int32
+	Pid    int32
+	Uid    uint32
+	Status int32
+	Addr   *byte
+	Value  [8]byte
+	_      [40]byte
 }
 
 type Sigset_t struct {
@@ -394,12 +390,14 @@ type Reg struct {
 	Sp   uint64
 	Elr  uint64
 	Spsr uint32
+	_    [4]byte
 }
 
 type FpReg struct {
-	Fp_q  [512]uint8
-	Fp_sr uint32
-	Fp_cr uint32
+	Q  [32][16]uint8
+	Sr uint32
+	Cr uint32
+	_  [8]byte
 }
 
 type PtraceIoDesc struct {
@@ -441,7 +439,7 @@ type ifMsghdr struct {
 	Addrs   int32
 	Flags   int32
 	Index   uint16
-	_       [2]byte
+	_       uint16
 	Data    ifData
 }
 
@@ -452,7 +450,6 @@ type IfMsghdr struct {
 	Addrs   int32
 	Flags   int32
 	Index   uint16
-	_       [2]byte
 	Data    IfData
 }
 
@@ -519,7 +516,7 @@ type IfaMsghdr struct {
 	Addrs   int32
 	Flags   int32
 	Index   uint16
-	_       [2]byte
+	_       uint16
 	Metric  int32
 }
 
@@ -530,7 +527,7 @@ type IfmaMsghdr struct {
 	Addrs   int32
 	Flags   int32
 	Index   uint16
-	_       [2]byte
+	_       uint16
 }
 
 type IfAnnounceMsghdr struct {
@@ -547,7 +544,7 @@ type RtMsghdr struct {
 	Version uint8
 	Type    uint8
 	Index   uint16
-	_       [2]byte
+	_       uint16
 	Flags   int32
 	Addrs   int32
 	Pid     int32
@@ -601,7 +598,6 @@ type BpfZbuf struct {
 
 type BpfProgram struct {
 	Len   uint32
-	_     [4]byte
 	Insns *BpfInsn
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go
index 6c81e7515..af5ab4552 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go
@@ -114,7 +114,8 @@ type FscryptKeySpecifier struct {
 type FscryptAddKeyArg struct {
 	Key_spec FscryptKeySpecifier
 	Raw_size uint32
-	_        [9]uint32
+	Key_id   uint32
+	_        [8]uint32
 }
 
 type FscryptRemoveKeyArg struct {
@@ -243,6 +244,23 @@ type RawSockaddrTIPC struct {
 	Addr     [12]byte
 }
 
+type RawSockaddrL2TPIP struct {
+	Family  uint16
+	Unused  uint16
+	Addr    [4]byte /* in_addr */
+	Conn_id uint32
+	_       [4]uint8
+}
+
+type RawSockaddrL2TPIP6 struct {
+	Family   uint16
+	Unused   uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+	Conn_id  uint32
+}
+
 type _Socklen uint32
 
 type Linger struct {
@@ -353,6 +371,8 @@ const (
 	SizeofSockaddrXDP       = 0x10
 	SizeofSockaddrPPPoX     = 0x1e
 	SizeofSockaddrTIPC      = 0x10
+	SizeofSockaddrL2TPIP    = 0x10
+	SizeofSockaddrL2TPIP6   = 0x20
 	SizeofLinger            = 0x8
 	SizeofIPMreq            = 0x8
 	SizeofIPMreqn           = 0xc
@@ -460,7 +480,7 @@ const (
 	IFLA_NEW_IFINDEX        = 0x31
 	IFLA_MIN_MTU            = 0x32
 	IFLA_MAX_MTU            = 0x33
-	IFLA_MAX                = 0x35
+	IFLA_MAX                = 0x36
 	IFLA_INFO_KIND          = 0x1
 	IFLA_INFO_DATA          = 0x2
 	IFLA_INFO_XSTATS        = 0x3
@@ -2272,3 +2292,49 @@ const (
 	DEVLINK_DPIPE_HEADER_IPV4                 = 0x1
 	DEVLINK_DPIPE_HEADER_IPV6                 = 0x2
 )
+
+type FsverityDigest struct {
+	Algorithm uint16
+	Size      uint16
+}
+
+type FsverityEnableArg struct {
+	Version        uint32
+	Hash_algorithm uint32
+	Block_size     uint32
+	Salt_size      uint32
+	Salt_ptr       uint64
+	Sig_size       uint32
+	_              uint32
+	Sig_ptr        uint64
+	_              [11]uint64
+}
+
+type Nhmsg struct {
+	Family   uint8
+	Scope    uint8
+	Protocol uint8
+	Resvd    uint8
+	Flags    uint32
+}
+
+type NexthopGrp struct {
+	Id     uint32
+	Weight uint8
+	Resvd1 uint8
+	Resvd2 uint16
+}
+
+const (
+	NHA_UNSPEC     = 0x0
+	NHA_ID         = 0x1
+	NHA_GROUP      = 0x2
+	NHA_GROUP_TYPE = 0x3
+	NHA_BLACKHOLE  = 0x4
+	NHA_OIF        = 0x5
+	NHA_GATEWAY    = 0x6
+	NHA_ENCAP_TYPE = 0x7
+	NHA_ENCAP      = 0x8
+	NHA_GROUPS     = 0x9
+	NHA_MASTER     = 0xa
+)
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
index fc6b3fb5c..761b67c86 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
@@ -287,6 +287,7 @@ type Taskstats struct {
 	Freepages_delay_total     uint64
 	Thrashing_count           uint64
 	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
 }
 
 type cpuMask uint32
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
index 26c30b84d..201fb3482 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
@@ -298,6 +298,7 @@ type Taskstats struct {
 	Freepages_delay_total     uint64
 	Thrashing_count           uint64
 	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
 }
 
 type cpuMask uint64
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
index 814d42d54..8051b5610 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
@@ -276,6 +276,7 @@ type Taskstats struct {
 	Freepages_delay_total     uint64
 	Thrashing_count           uint64
 	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
 }
 
 type cpuMask uint32
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
index d9664c713..a936f2169 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
@@ -277,6 +277,7 @@ type Taskstats struct {
 	Freepages_delay_total     uint64
 	Thrashing_count           uint64
 	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
 }
 
 type cpuMask uint64
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
index 0d721454f..aaca03dd7 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
@@ -281,6 +281,7 @@ type Taskstats struct {
 	Freepages_delay_total     uint64
 	Thrashing_count           uint64
 	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
 }
 
 type cpuMask uint32
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
index ef697684d..2e7f3b8ca 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
@@ -280,6 +280,7 @@ type Taskstats struct {
 	Freepages_delay_total     uint64
 	Thrashing_count           uint64
 	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
 }
 
 type cpuMask uint64
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
index 485fda70b..16add5a25 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
@@ -280,6 +280,7 @@ type Taskstats struct {
 	Freepages_delay_total     uint64
 	Thrashing_count           uint64
 	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
 }
 
 type cpuMask uint64
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
index 569477eef..4ed2c8e54 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
@@ -281,6 +281,7 @@ type Taskstats struct {
 	Freepages_delay_total     uint64
 	Thrashing_count           uint64
 	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
 }
 
 type cpuMask uint32
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
index 602d8b4ee..741519099 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
@@ -287,6 +287,7 @@ type Taskstats struct {
 	Freepages_delay_total     uint64
 	Thrashing_count           uint64
 	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
 }
 
 type cpuMask uint64
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
index 6db9a7b73..046c2debd 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
@@ -287,6 +287,7 @@ type Taskstats struct {
 	Freepages_delay_total     uint64
 	Thrashing_count           uint64
 	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
 }
 
 type cpuMask uint64
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
index 52b5348c2..0f2f61a6a 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
@@ -305,6 +305,7 @@ type Taskstats struct {
 	Freepages_delay_total     uint64
 	Thrashing_count           uint64
 	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
 }
 
 type cpuMask uint64
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
index a111387b3..cca1b6be2 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
@@ -300,6 +300,7 @@ type Taskstats struct {
 	Freepages_delay_total     uint64
 	Thrashing_count           uint64
 	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
 }
 
 type cpuMask uint64
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
index 8153af181..33a73bf18 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
@@ -282,6 +282,7 @@ type Taskstats struct {
 	Freepages_delay_total     uint64
 	Thrashing_count           uint64
 	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
 }
 
 type cpuMask uint64
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 2618f3463..3b4125f07 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -1,4 +1,4 @@
-# github.com/SkycoinProject/dmsg v0.2.0
+# github.com/SkycoinProject/dmsg v0.1.1-0.20200420091742-8c1a3d828a49
 github.com/SkycoinProject/dmsg
 github.com/SkycoinProject/dmsg/cipher
 github.com/SkycoinProject/dmsg/disc
@@ -69,7 +69,7 @@ github.com/klauspost/compress/zstd
 github.com/klauspost/compress/zstd/internal/xxhash
 # github.com/klauspost/pgzip v1.2.1
 github.com/klauspost/pgzip
-# github.com/konsorten/go-windows-terminal-sequences v1.0.2
+# github.com/konsorten/go-windows-terminal-sequences v1.0.3
 github.com/konsorten/go-windows-terminal-sequences
 # github.com/mattn/go-colorable v0.1.6
 github.com/mattn/go-colorable
@@ -112,9 +112,11 @@ github.com/prometheus/procfs/internal/util
 github.com/rakyll/statik/fs
 # github.com/schollz/progressbar/v2 v2.15.0
 github.com/schollz/progressbar/v2
-# github.com/sirupsen/logrus v1.4.2
+# github.com/sirupsen/logrus v1.5.0
 github.com/sirupsen/logrus
 github.com/sirupsen/logrus/hooks/syslog
+# github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8
+github.com/songgao/water
 # github.com/spf13/cobra v0.0.5
 github.com/spf13/cobra
 # github.com/spf13/pflag v1.0.3
@@ -134,7 +136,7 @@ github.com/ulikunitz/xz/lzma
 github.com/xi2/xz
 # go.etcd.io/bbolt v1.3.4
 go.etcd.io/bbolt
-# golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073
+# golang.org/x/crypto v0.0.0-20200427165652-729f1e841bcc
 golang.org/x/crypto/blake2b
 golang.org/x/crypto/blake2s
 golang.org/x/crypto/chacha20
@@ -148,7 +150,7 @@ golang.org/x/net/context
 golang.org/x/net/internal/socks
 golang.org/x/net/nettest
 golang.org/x/net/proxy
-# golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527
+# golang.org/x/sys v0.0.0-20200428200454-593003d681fa
 golang.org/x/sys/cpu
 golang.org/x/sys/unix
 golang.org/x/sys/windows