wgctrl-go icon indicating copy to clipboard operation
wgctrl-go copied to clipboard

Published 20 hours ago verified publisher icon WireGuard

internal/wgfreebsd: support for new FreeBSD kernel interface

Open mdlayher opened this issue 4 years ago • 10 comments

@mattmacy is working on a FreeBSD kernel implementation of WireGuard at https://github.com/mattmacy/wg-fbsd and the repo is going to be moved to https://git.zx2c4.com/wireguard-freebsd/about/ soon. We should support this interface.

mdlayher avatar Jun 09 '20 13:06 mdlayher

@mdlayher Is there still no support for FreeBSD with wgctrl-go? Just ran into an issue trying to retrieve the interface while attempting to integrate on FreeBSD.

afeiszli avatar Nov 09 '21 23:11 afeiszli

No work has been done on FreeBSD kernel interfaces at this point. Userspace should work fine.

mdlayher avatar Nov 10 '21 18:11 mdlayher

@mdlayher is there any way to tell wgctrl to use userspace when calling wgctrl.New? If not, is there a way to trick it into thinking it should be using userspace? I think that would be sufficient for our purposes.

afeiszli avatar Nov 10 '21 18:11 afeiszli

You shouldn't need to care about the underlying implementation. If wireguard-go or similar is running and exposes a control socket, it should be picked up automatically. We look for sockets using https://github.com/WireGuard/wgctrl-go/blob/master/internal/wguser/conn_unix.go#L19-L26. If they exist at a different path, that path would need to be added too.

mdlayher avatar Nov 10 '21 18:11 mdlayher

I'm definitely missing something. Not sure which path sockets get added to, but wireguard was installed on freebsd using:

pkg install wireguard

There is an active, functioning interface, but no /var/run/wireguard

root@freebsd-machine:~ # wg
interface: wg0
  public key: XXXXXXXXXXXXX
  private key: (hidden)
  listening port: 51821

peer: YYYYYYYYYYYYYY
  endpoint: 1.2.3.4:51821
  allowed ips: 10.101.0.1/32
  latest handshake: 29 seconds ago
  transfer: 5.09 KiB received, 20.28 KiB sent
  persistent keepalive: every 20 seconds

root@freebsd-machine:~ # sockstat -l
?        ?          ?     ?  udp6   *:51821               *:*
?        ?          ?     ?  udp4   *:51821               *:*

and wgctrl.New() returns no devices.

afeiszli avatar Nov 10 '21 19:11 afeiszli

Based on https://www.freshports.org/net/wireguard, you're probably using the kernel module implementation, which is not supported yet.

mdlayher avatar Nov 10 '21 19:11 mdlayher

I've started with implementation. Much of the code is similar to the OpenBSD kernel interface with the exception of the encoding which uses FreeBSD's nv(9) library.

I am currently using CGo to link against libnv which might not be optimal but got me started the fastest.

@mdlayher Is it acceptable to use CGo for wgctrl-go? Or do we need to implement a pure Go implementation of libnv?

There is already an incompatible Golang implementation for OpenZFS nvlist here: https://pkg.go.dev/git.dolansoft.org/lorenz/go-zfs/nvlist

stv0g avatar Oct 09 '22 18:10 stv0g

Nice work! I have no objections to starting with cgo. Presumably that library is widely used on freebsd anyway?

mdlayher avatar Oct 10 '22 00:10 mdlayher

I have no objections to starting with cgo.

Thanks. I will try to finish the the ConfigureDevice() today and add some tests.

Presumably that library is widely used on freebsd anyway?

Yes, it ships with the standard installation.

stv0g avatar Oct 10 '22 07:10 stv0g

@mdlayher I just pushed a version to #126 which implements the full client interface.

I've tested it with my own code on an ARM64 FreeBSD VM running on my M1 Mac with Parallels.

stv0g avatar Oct 10 '22 21:10 stv0g