wg-quick: openbsd: no use for userspace support
With alignment between the kernel and userspace, along with userspace packages, we can now rely on the kernel in the future always having wg(4). This also simplifies the interface selection logic, and stores the wg-quick interface name as the description. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
parent
265e81a344
commit
c3f26340e6
|
@ -88,42 +88,33 @@ auto_su() {
|
||||||
|
|
||||||
|
|
||||||
get_real_interface() {
|
get_real_interface() {
|
||||||
local interface diff
|
local interface line
|
||||||
wg show interfaces >/dev/null
|
while IFS= read -r line; do
|
||||||
[[ -f "/var/run/wireguard/$INTERFACE.name" ]] || return 1
|
if [[ $line =~ ^([a-z]+[0-9]+):\ .+ ]]; then
|
||||||
interface="$(< "/var/run/wireguard/$INTERFACE.name")"
|
interface="${BASH_REMATCH[1]}"
|
||||||
if [[ $interface != wg* ]]; then
|
continue
|
||||||
[[ -n $interface && -S "/var/run/wireguard/$interface.sock" ]] || return 1
|
|
||||||
diff=$(( $(stat -f %m "/var/run/wireguard/$interface.sock" 2>/dev/null || echo 200) - $(stat -f %m "/var/run/wireguard/$INTERFACE.name" 2>/dev/null || echo 100) ))
|
|
||||||
[[ $diff -ge 2 || $diff -le -2 ]] && return 1
|
|
||||||
echo "[+] Tun interface for $INTERFACE is $interface" >&2
|
|
||||||
else
|
|
||||||
[[ " $(wg show interfaces) " == *" $interface "* ]] || return 1
|
|
||||||
fi
|
fi
|
||||||
|
if [[ $interface == wg* && $line =~ ^\ description:\ wg-quick:\ (.+) && ${BASH_REMATCH[1]} == "$INTERFACE" ]]; then
|
||||||
REAL_INTERFACE="$interface"
|
REAL_INTERFACE="$interface"
|
||||||
return 0
|
return 0
|
||||||
|
fi
|
||||||
|
done < <(ifconfig)
|
||||||
|
return 1
|
||||||
}
|
}
|
||||||
|
|
||||||
add_if() {
|
add_if() {
|
||||||
local index=0 ret
|
|
||||||
while true; do
|
while true; do
|
||||||
if ret="$(cmd ifconfig wg$index create 2>&1)"; then
|
local -A existing_ifs="( $(wg show interfaces | sed 's/\([^ ]*\)/[\1]=1/g') )"
|
||||||
mkdir -p "/var/run/wireguard/"
|
local index ret
|
||||||
echo wg$index > /var/run/wireguard/$INTERFACE.name
|
for ((index=0; index <= 2147483647; ++index)); do [[ -v existing_ifs[wg$index] ]] || break; done
|
||||||
get_real_interface
|
if ret="$(cmd ifconfig wg$index create description "wg-quick: $INTERFACE" 2>&1)"; then
|
||||||
|
REAL_INTERFACE="wg$index"
|
||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
if [[ $ret != *"ifconfig: SIOCIFCREATE: File exists"* ]]; then
|
[[ $ret == *"ifconfig: SIOCIFCREATE: File exists"* ]] && continue
|
||||||
echo "[!] Missing WireGuard kernel support ($ret). Falling back to slow userspace implementation." >&3
|
echo "$ret" >&3
|
||||||
break
|
return 1
|
||||||
fi
|
|
||||||
echo "[+] wg$index in use, trying next"
|
|
||||||
((++index))
|
|
||||||
done
|
done
|
||||||
export WG_TUN_NAME_FILE="/var/run/wireguard/$INTERFACE.name"
|
|
||||||
mkdir -p "/var/run/wireguard/"
|
|
||||||
cmd "${WG_QUICK_USERSPACE_IMPLEMENTATION:-wireguard-go}" tun
|
|
||||||
get_real_interface
|
|
||||||
}
|
}
|
||||||
|
|
||||||
del_routes() {
|
del_routes() {
|
||||||
|
@ -153,12 +144,7 @@ del_routes() {
|
||||||
|
|
||||||
del_if() {
|
del_if() {
|
||||||
unset_dns
|
unset_dns
|
||||||
if [[ -n $REAL_INTERFACE && $REAL_INTERFACE != wg* ]]; then
|
[[ -n $REAL_INTERFACE ]] && cmd ifconfig $REAL_INTERFACE destroy
|
||||||
cmd rm -f "/var/run/wireguard/$REAL_INTERFACE.sock"
|
|
||||||
else
|
|
||||||
cmd ifconfig $REAL_INTERFACE destroy
|
|
||||||
fi
|
|
||||||
cmd rm -f "/var/run/wireguard/$INTERFACE.name"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
up_if() {
|
up_if() {
|
||||||
|
@ -438,9 +424,7 @@ cmd_up() {
|
||||||
}
|
}
|
||||||
|
|
||||||
cmd_down() {
|
cmd_down() {
|
||||||
if ! get_real_interface || [[ " $(wg show interfaces) " != *" $REAL_INTERFACE "* ]]; then
|
get_real_interface || die "\`$INTERFACE' is not a WireGuard interface"
|
||||||
die "\`$INTERFACE' is not a WireGuard interface"
|
|
||||||
fi
|
|
||||||
execute_hooks "${PRE_DOWN[@]}"
|
execute_hooks "${PRE_DOWN[@]}"
|
||||||
[[ $SAVE_CONFIG -eq 0 ]] || save_config
|
[[ $SAVE_CONFIG -eq 0 ]] || save_config
|
||||||
del_if
|
del_if
|
||||||
|
@ -449,9 +433,7 @@ cmd_down() {
|
||||||
}
|
}
|
||||||
|
|
||||||
cmd_save() {
|
cmd_save() {
|
||||||
if ! get_real_interface || [[ " $(wg show interfaces) " != *" $REAL_INTERFACE "* ]]; then
|
get_real_interface || die "\`$INTERFACE' is not a WireGuard interface"
|
||||||
die "\`$INTERFACE' is not a WireGuard interface"
|
|
||||||
fi
|
|
||||||
save_config
|
save_config
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue