WireGuard
internal/freebsd: add initial version of FreeBSD support
Thanks for your work on this. I will try to spin up a VM to test amd64 in the next couple of days.
Would it be possible to set up a FreeBSD case in https://github.com/WireGuard/wgctrl-go/blob/master/.cibuild.sh to configure a kernel device for use in CI?
Would it be possible to set up a FreeBSD case in https://github.com/WireGuard/wgctrl-go/blob/master/.cibuild.sh to configure a kernel device for use in CI?
Yes, thats done in my latest commit. We are currently missing only some Go unit tests as I couldnt take those from the OpenBSD client.
Oh no, the CI fails with:
ifconfig: SIOCIFCREATE2: Invalid argument
However, the same command succeeds on my VM. I dont know, maybe its due to a BSD jail? Or a kernel without WireGuard support compiled in?
@mdlayher Please ignore my previous comment. I jsut forgot to install the wireguard-kmod package from the FreeBSD ports.
Now most of the tests pass. I just got stuck with the following, which I believe is a bug in the FreeBSD kernel implementation:
=== RUN TestIntegrationClient/configure_many_IPs/wg0
client_integration_test.go:268: unexpected number of configured peer IPs (-want +got):
int(
- 1022,
+ 511,
)
Okay, all issues fixed. Test succeed in the CI and on my VM.
Currently, the FreeBSD kernel implementation does not support the PeerConfig UpdateOnly flag. I am now throwing an error if a user attempts to use it. I think this is a cleaner solution than trying to emulate it in userspace as this can be racy. We should wait for the kernel module to add this missing feature.
@mdlayher Feel free to merge it once you are happy. I am considering the PR complete.
Thanks so much. I'm a bit busy at the moment but will try to verify all of this in the next few days and get it merged.
Sorry for the delay, I have been focused on work but haven't forgotten about this! I am spinning up a VM this morning to give it a test run and will merge if all seems good. Thank you for your contribution.
I downloaded a FreeBSD 14.0-CURRENT image and spun it up in a VM.
EDIT: it seems like the full test suite does pass, but the "configure many peers" case seems to take a very long time in userspace. There is probably something fishy going on there.
[matt@freebsd ~/src/wgctrl-go]$ sudo WGCTRL_INTEGRATION=yesreallydoit time ./wgctrl.test -test.v [4/3144]
=== RUN TestClientClose
--- PASS: TestClientClose (0.00s)
=== RUN TestClientDevices
--- PASS: TestClientDevices (0.00s)
=== RUN TestClientDevice
=== RUN TestClientDevice/first_error
=== RUN TestClientDevice/not_found
=== RUN TestClientDevice/first_not_found
=== RUN TestClientDevice/first_ok
--- PASS: TestClientDevice (0.00s)
--- PASS: TestClientDevice/first_error (0.00s)
--- PASS: TestClientDevice/not_found (0.00s)
--- PASS: TestClientDevice/first_not_found (0.00s)
--- PASS: TestClientDevice/first_ok (0.00s)
=== RUN TestClientConfigureDevice
=== RUN TestClientConfigureDevice/first_error
=== RUN TestClientConfigureDevice/not_found
=== RUN TestClientConfigureDevice/first_not_found
=== RUN TestClientConfigureDevice/first_ok
--- PASS: TestClientConfigureDevice (0.00s)
--- PASS: TestClientConfigureDevice/first_error (0.00s)
--- PASS: TestClientConfigureDevice/not_found (0.00s)
--- PASS: TestClientConfigureDevice/first_not_found (0.00s)
--- PASS: TestClientConfigureDevice/first_ok (0.00s)
=== RUN TestIntegrationClient
=== RUN TestIntegrationClient/get
=== RUN TestIntegrationClient/get/wg0
client_integration_test.go:132: device: wg0: L+V9o0fNYkMVKNqsX7spBzD/9oSvxM/C7ZCZX1jLO3Q=
=== RUN TestIntegrationClient/configure
=== RUN TestIntegrationClient/configure/wg0
client_integration_test.go:156: before: wg0: L+V9o0fNYkMVKNqsX7spBzD/9oSvxM/C7ZCZX1jLO3Q=
client_integration_test.go:211: after: wg0: 7zuWtTgd8PwBGD442Qq/cMtUUJBg4vzfl5o48H54Xi0=
- peer: HKmIdsm4ppG8Oq9uUvrO3Qhqr6m9g3G8CEeDP2tciRI=, IPs: 192.0.2.0/32, 2001:db8::/128
=== RUN TestIntegrationClient/configure_many_IPs
=== RUN TestIntegrationClient/configure_many_IPs/wg0
client_integration_test.go:271: device: wg0: 1022 IPs
=== RUN TestIntegrationClient/configure_many_peers
=== RUN TestIntegrationClient/configure_many_peers/wg0
client_integration_test.go:331: device: wg0: 256 peers, 512 IPs
=== RUN TestIntegrationClient/configure_peers_update_only
=== RUN TestIntegrationClient/configure_peers_update_only/wg0
client_integration_test.go:370: FreeBSD kernel devices do not support UpdateOnly flag
=== RUN TestIntegrationClient/reset
=== RUN TestIntegrationClient/reset/wg0
--- PASS: TestIntegrationClient (83.07s)
--- PASS: TestIntegrationClient/get (0.00s)
--- PASS: TestIntegrationClient/get/wg0 (0.00s)
--- PASS: TestIntegrationClient/configure (0.00s)
--- PASS: TestIntegrationClient/configure/wg0 (0.00s)
--- PASS: TestIntegrationClient/configure_many_IPs (0.03s)
--- PASS: TestIntegrationClient/configure_many_IPs/wg0 (0.03s)
--- PASS: TestIntegrationClient/configure_many_peers (83.03s)
--- PASS: TestIntegrationClient/configure_many_peers/wg0 (83.03s)
--- PASS: TestIntegrationClient/configure_peers_update_only (0.00s)
--- SKIP: TestIntegrationClient/configure_peers_update_only/wg0 (0.00s)
--- PASS: TestIntegrationClient/reset (0.00s)
--- PASS: TestIntegrationClient/reset/wg0 (0.00s)
=== RUN TestIntegrationClientIsNotExist
--- PASS: TestIntegrationClientIsNotExist (0.00s)
PASS
83.08 real 82.59 user 0.50 sys
Either way this seems like a good starting point and I think we can iterate from here. Thank you!