Skip to content

Commit

Permalink
FreeBSD kernel support (WireGuard#128)
Browse files Browse the repository at this point in the history
* internal/freebsd: add initial version of FreeBSD support
* internal/wguser: Replace deprecated io/ioutil package with io
* internal/freebsd: prepare CI to run tests on FreeBSD
* test: sort AllowedIPs before diffing them
* test: skip integration test configure_peers_update_only on FreeBSD
* test: increase test timeout for slow FreeBSD tests
* add FreeBSD support to README

Signed-off-by: Steffen Vogel <post@steffenvogel.de>

* *: tidy
* go.mod: bump dependencies
* .builds: try to fix OpenBSD

Signed-off-by: Matt Layher <mdlayher@gmail.com>

Co-authored-by: Steffen Vogel <post@steffenvogel.de>
  • Loading branch information
mdlayher and stv0g authored Nov 4, 2022
1 parent 473347a commit 97bc4ad
Show file tree
Hide file tree
Showing 33 changed files with 1,081 additions and 76 deletions.
4 changes: 4 additions & 0 deletions .builds/freebsd.yml
Original file line number Diff line number Diff line change
@@ -1,11 +1,15 @@
image: freebsd/latest
packages:
- go
- bash
- sudo
- wireguard
sources:
- https://github.com/WireGuard/wgctrl-go
environment:
GO111MODULE: "on"
GOBIN: "/home/build/go/bin"
CGO_ENABLED: "1"
tasks:
- setup-wireguard: |
./wgctrl-go/.cibuild.sh
Expand Down
5 changes: 2 additions & 3 deletions .builds/openbsd.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,16 +14,15 @@ tasks:
go version
go install honnef.co/go/tools/cmd/staticcheck@latest
cd wgctrl-go/
diff -u <(echo -n) <(/usr/local/go/bin/gofmt -d -s .)
go vet ./...
$GOBIN/staticcheck ./...
# The race detector is not supported on OpenBSD.
go test -v ./...
# 32-bit sanity checking for different kernel structure sizes.
GOARCH=386 go build ./...
go test -c .
# TODO: re-enable once Go 1.18 is available in openbsd/latest and wireguard-go can be built
doas bash -c 'WGCTRL_INTEGRATION=yesreallydoit ./wgctrl.test -test.v -test.run TestIntegration'
# TODO: re-enable once Go 1.19 is available in openbsd/latest and wireguard-go can be built
exit 0
# Use wireguard-go for additional testing.
doas /usr/local/bin/wireguard-go tun0
doas bash -c 'WGCTRL_INTEGRATION=yesreallydoit ./wgctrl.test -test.v -test.run TestIntegration'
15 changes: 13 additions & 2 deletions .cibuild.sh
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,22 @@ KERNEL=$(uname -s)
SUDO="sudo"
if [ "${KERNEL}" == "OpenBSD" ]; then
SUDO="doas"
# TODO: wireguard-go only builds using Go 1.18. However, openbsd/latest
# currently has an older version. Re-enable once Go 1.18 is available.

# Configure a WireGuard interface.
doas ifconfig wg0 create
doas ifconfig wg0 up

# TODO: wireguard-go only builds using Go 1.19+. However, openbsd/latest
# currently has an older version.
exit 0
fi

if [ "${KERNEL}" == "FreeBSD" ]; then
# Configure a WireGuard interface.
sudo ifconfig wg create name wg0
sudo ifconfig wg0 up
fi

if [ "${KERNEL}" == "Linux" ]; then
# Configure a WireGuard interface.
sudo ip link add wg0 type wireguard
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/linux-integration-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ jobs:
build:
strategy:
matrix:
go-version: [1.18]
go-version: [1.19]
runs-on: ubuntu-latest

steps:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/linux-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ jobs:
build:
strategy:
matrix:
go-version: [1.18]
go-version: [1.19]
runs-on: ubuntu-latest

steps:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/static-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ jobs:
build:
strategy:
matrix:
go-version: [1.18]
go-version: [1.19]
runs-on: ubuntu-latest

steps:
Expand Down
3 changes: 1 addition & 2 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
Contributing
============
# Contributing

The `wgctrl` project makes use of the [GitHub Flow](https://guides.github.com/introduction/flow/)
for contributions.
Expand Down
2 changes: 1 addition & 1 deletion LICENSE.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# MIT License

Copyright (C) 2018-2019 Matt Layher
Copyright (C) 2018-2022 Matt Layher

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

Expand Down
15 changes: 6 additions & 9 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,19 +7,16 @@ For more information on WireGuard, please see <https://www.wireguard.com/>.

MIT Licensed.

```text
go get golang.zx2c4.com/wireguard/wgctrl
```

## Overview

`wgctrl` can control multiple types of WireGuard devices, including:

- Linux kernel module devices, via generic netlink
- userspace devices (e.g. wireguard-go), via the userspace configuration protocol
- both UNIX-like and Windows operating systems are supported
- **Experimental:** OpenBSD kernel module devices (read-only), via ioctl interface
- See <https://git.zx2c4.com/wireguard-openbsd/about/> for details.
- Kernel module devices
- Linux: via generic netlink
- FreeBSD: via ioctl interface
- OpenBSD: via ioctl interface (read-only)
- Windows: via ioctl interface
- Userspace devices via the userspace configuration protocol

As new operating systems add support for in-kernel WireGuard implementations,
this package should also be extended to support those native implementations.
Expand Down
19 changes: 18 additions & 1 deletion client_integration_test.go
Original file line number Diff line number Diff line change
@@ -1,10 +1,12 @@
package wgctrl_test

import (
"bytes"
"errors"
"fmt"
"net"
"os"
"sort"
"strings"
"testing"
"time"
Expand Down Expand Up @@ -68,7 +70,7 @@ func TestIntegrationClient(t *testing.T) {
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
// Panic if a specific test takes too long.
timer := time.AfterFunc(1*time.Minute, func() {
timer := time.AfterFunc(5*time.Minute, func() {
panic("test took too long")
})
defer timer.Stop()
Expand Down Expand Up @@ -187,6 +189,15 @@ func testConfigure(t *testing.T, c *wgctrl.Client, d *wgtypes.Device) {
}},
}

// Sort AllowedIPs as different implementations might return
// them in different order
for i := range dn.Peers {
ips := dn.Peers[i].AllowedIPs
sort.Slice(ips, func(i, j int) bool {
return bytes.Compare(ips[i].IP, ips[j].IP) > 0
})
}

if diff := cmp.Diff(d, dn); diff != "" {
t.Fatalf("unexpected Device from Device (-want +got):\n%s", diff)
}
Expand Down Expand Up @@ -354,6 +365,12 @@ func testConfigurePeersUpdateOnly(t *testing.T, c *wgctrl.Client, d *wgtypes.Dev
}

if err := c.ConfigureDevice(d.Name, cfg); err != nil {
if d.Type == wgtypes.FreeBSDKernel && err == wgtypes.ErrUpdateOnlyNotSupported {
// TODO(stv0g): remove as soon as the FreeBSD kernel module supports it
t.Skip("FreeBSD kernel devices do not support UpdateOnly flag")
}


t.Fatalf("failed to configure second time on %q: %v", d.Name, err)
}

Expand Down
20 changes: 0 additions & 20 deletions doc.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,26 +2,6 @@
//
// For more information on WireGuard, please see https://www.wireguard.com/.
//
// go get golang.zx2c4.com/wireguard/wgctrl
//
//
// Overview
//
// wgctrl can control multiple types of WireGuard devices, including:
//
// - Linux kernel module devices, via generic netlink
// - userspace devices (e.g. wireguard-go), via the userspace configuration protocol
// - both UNIX-like and Windows operating systems are supported
// - **Experimental:** OpenBSD kernel module devices, via ioctl interface
// See <https://git.zx2c4.com/wireguard-openbsd/about/> for details. Specify
// environment variable WGCTRL_OPENBSD_KERNEL=1 to enable this interface.
//
// As new operating systems add support for in-kernel WireGuard implementations,
// this package should also be extended to support those native implementations.
//
// If you are aware of any efforts on this front, please file an issue:
// https://github.com/WireGuard/wgctrl-go/issues/new.
//
// This package implements WireGuard configuration protocol operations, enabling
// the configuration of existing WireGuard devices. Operations such as creating
// WireGuard devices, or applying IP addresses to those devices, are out of scope
Expand Down
16 changes: 8 additions & 8 deletions go.mod
Original file line number Diff line number Diff line change
@@ -1,20 +1,20 @@
module golang.zx2c4.com/wireguard/wgctrl

go 1.17
go 1.19

require (
github.com/google/go-cmp v0.5.7
github.com/google/go-cmp v0.5.9
github.com/mdlayher/genetlink v1.2.0
github.com/mdlayher/netlink v1.6.0
github.com/mdlayher/netlink v1.6.2
github.com/mikioh/ipaddr v0.0.0-20190404000644-d465c8ab6721
golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4
golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
golang.zx2c4.com/wireguard v0.0.0-20220407013110-ef5c587f782d
golang.org/x/crypto v0.1.0
golang.org/x/sys v0.1.0
golang.zx2c4.com/wireguard v0.0.0-20220920152132-bb719d3a6e2c
)

require (
github.com/josharian/native v1.0.0 // indirect
github.com/mdlayher/socket v0.2.3 // indirect
golang.org/x/net v0.0.0-20220418201149-a630d4f3e7a2 // indirect
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
golang.org/x/net v0.1.0 // indirect
golang.org/x/sync v0.1.0 // indirect
)
35 changes: 17 additions & 18 deletions go.sum
Original file line number Diff line number Diff line change
@@ -1,51 +1,50 @@
github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o=
github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/josharian/native v1.0.0 h1:Ts/E8zCSEsG17dUqv7joXJFybuMLjQfWE04tsBODTxk=
github.com/josharian/native v1.0.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
github.com/mdlayher/genetlink v1.2.0 h1:4yrIkRV5Wfk1WfpWTcoOlGmsWgQj3OtQN9ZsbrE+XtU=
github.com/mdlayher/genetlink v1.2.0/go.mod h1:ra5LDov2KrUCZJiAtEvXXZBxGMInICMXIwshlJ+qRxQ=
github.com/mdlayher/netlink v1.6.0 h1:rOHX5yl7qnlpiVkFWoqccueppMtXzeziFjWAjLg6sz0=
github.com/mdlayher/netlink v1.6.0/go.mod h1:0o3PlBmGst1xve7wQ7j/hwpNaFaH4qCRyWCdcZk8/vA=
github.com/mdlayher/netlink v1.6.2 h1:D2zGSkvYsJ6NreeED3JiVTu1lj2sIYATqSaZlhPzUgQ=
github.com/mdlayher/netlink v1.6.2/go.mod h1:O1HXX2sIWSMJ3Qn1BYZk1yZM+7iMki/uYGGiwGyq/iU=
github.com/mdlayher/socket v0.1.1/go.mod h1:mYV5YIZAfHh4dzDVzI8x8tWLWCliuX8Mon5Awbj+qDs=
github.com/mdlayher/socket v0.2.3 h1:XZA2X2TjdOwNoNPVPclRCURoX/hokBY8nkTmRZFEheM=
github.com/mdlayher/socket v0.2.3/go.mod h1:bz12/FozYNH/VbvC3q7TRIK/Y6dH1kCKsXaUeXi/FmY=
github.com/mikioh/ipaddr v0.0.0-20190404000644-d465c8ab6721 h1:RlZweED6sbSArvlE924+mUcZuXKLBHA35U7LN621Bws=
github.com/mikioh/ipaddr v0.0.0-20190404000644-d465c8ab6721/go.mod h1:Ickgr2WtCLZ2MDGd4Gr0geeCH5HybhRJbonOgQpvSxc=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 h1:kUhD7nTDoI3fVd9G4ORWrbV5NY0liEs/Jg2pv5f+bBA=
golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU=
golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20210928044308-7d9f5e0b762b/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
golang.org/x/net v0.0.0-20220418201149-a630d4f3e7a2 h1:6mzvA99KwZxbOrxww4EvWVQUnN1+xEu9tafK5ZxkYeA=
golang.org/x/net v0.0.0-20220418201149-a630d4f3e7a2/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=
golang.org/x/net v0.0.0-20220923203811-8be639271d50/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0=
golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220923202941-7f9b1623fab7/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211103235746-7861aae1554b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220315194320-039c03cc5b86/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220412211240-33da011f77ad h1:ntjMns5wyP/fN65tdBD4g8J5w8n015+iIIs9rtjXkY0=
golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U=
golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.zx2c4.com/wintun v0.0.0-20211104114900-415007cec224/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI=
golang.zx2c4.com/wireguard v0.0.0-20220407013110-ef5c587f782d h1:q4JksJ2n0fmbXC0Aj0eOs6E0AcPqnKglxWXWFqGD6x0=
golang.zx2c4.com/wireguard v0.0.0-20220407013110-ef5c587f782d/go.mod h1:bVQfyl2sCM/QIIGHpWbFGfHPuDvqnCNkT6MQLTCjO/U=
golang.zx2c4.com/wireguard v0.0.0-20220920152132-bb719d3a6e2c h1:Okh6a1xpnJslG9Mn84pId1Mn+Q8cvpo4HCeeFWHo0cA=
golang.zx2c4.com/wireguard v0.0.0-20220920152132-bb719d3a6e2c/go.mod h1:enML0deDxY1ux+B6ANGiwtg0yAJi1rctkTpcHNAVPyg=
Loading

0 comments on commit 97bc4ad

Please sign in to comment.