admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(wireguard): WIREGUARD_MTU enviromnent variable (#1571)

Browse Source
This commit is contained in:
Lars Haalck
2023-05-21 15:11:07 +02:00
committed by GitHub
parent 63303bc311
commit 1dd38bc658
8 changed files with 63 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
internal/wireguard/constructor_test.go
View File

@@ -6,6 +6,7 @@ import (
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"golang.zx2c4.com/wireguard/device"
)
func Test_New(t *testing.T) {
@@ -48,6 +49,7 @@ func Test_New(t *testing.T) {
netip.PrefixFrom(netip.AddrFrom4([4]byte{5, 6, 7, 8}), 32),
},
FirewallMark: 100,
MTU: device.DefaultMTU,
IPv6: ptr(false),
Implementation: "auto",
},

10
internal/wireguard/run.go
View File

@@ -74,7 +74,7 @@ func (w *Wireguard) Run(ctx context.Context, waitError chan<- error, ready chan<
defer closers.cleanup(w.logger)
link, waitAndCleanup, err := setupFunction(ctx,
w.settings.InterfaceName, w.netlink, &closers, w.logger)
w.settings.InterfaceName, w.netlink, w.settings.MTU, &closers, w.logger)
if err != nil {
waitError <- err
return
@@ -158,12 +158,12 @@ func (w *Wireguard) setupIPv6(link netlink.Link, closers *closers) (err error) {
type waitAndCleanupFunc func() error
func setupKernelSpace(ctx context.Context,
interfaceName string, netLinker NetLinker,
interfaceName string, netLinker NetLinker, mtu uint16,
closers *closers, logger Logger) (
link netlink.Link, waitAndCleanup waitAndCleanupFunc, err error) {
linkAttrs := netlink.LinkAttrs{
Name: interfaceName,
MTU: device.DefaultMTU, // TODO
MTU: int(mtu),
}
link = &netlink.Wireguard{
LinkAttrs: linkAttrs,
@@ -186,10 +186,10 @@ func setupKernelSpace(ctx context.Context,
}
func setupUserSpace(ctx context.Context,
interfaceName string, netLinker NetLinker,
interfaceName string, netLinker NetLinker, mtu uint16,
closers *closers, logger Logger) (
link netlink.Link, waitAndCleanup waitAndCleanupFunc, err error) {
tun, err := tun.CreateTUN(interfaceName, device.DefaultMTU)
tun, err := tun.CreateTUN(interfaceName, int(mtu))
if err != nil {
return nil, nil, fmt.Errorf("%w: %s", ErrCreateTun, err)
}

17
internal/wireguard/settings.go
View File

@@ -7,6 +7,7 @@ import (
"regexp"
"strings"
"golang.zx2c4.com/wireguard/device"
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
)
@@ -28,6 +29,9 @@ type Settings struct {
// FirewallMark to be used in routing tables and IP rules.
// It defaults to 51820 if left to 0.
FirewallMark int
// Maximum Transmission Unit (MTU) setting for the network interface.
// It defaults to device.DefaultMTU from wireguard-go which is 1420
MTU uint16
// RulePriority is the priority for the rule created with the
// FirewallMark.
RulePriority int
@@ -55,6 +59,10 @@ func (s *Settings) SetDefaults() {
s.FirewallMark = defaultFirewallMark
}
if s.MTU == 0 {
s.MTU = device.DefaultMTU
}
if s.IPv6 == nil {
ipv6 := false // this should be injected from host
s.IPv6 = &ipv6
@@ -78,6 +86,7 @@ var (
ErrAddressMissing = errors.New("interface address is missing")
ErrAddressNotValid = errors.New("interface address is not valid")
ErrFirewallMarkMissing = errors.New("firewall mark is missing")
ErrMTUMissing = errors.New("MTU is missing")
ErrImplementationInvalid = errors.New("invalid implementation")
)
@@ -127,6 +136,10 @@ func (s *Settings) Check() (err error) {
return fmt.Errorf("%w", ErrFirewallMarkMissing)
}
if s.MTU == 0 {
return fmt.Errorf("%w", ErrMTUMissing)
}
switch s.Implementation {
case "auto", "kernelspace", "userspace":
default:
@@ -209,6 +222,10 @@ func (s Settings) ToLines(settings ToLinesSettings) (lines []string) {
lines = append(lines, fieldPrefix+"Firewall mark: "+fmt.Sprint(s.FirewallMark))
}
if s.MTU != 0 {
lines = append(lines, fieldPrefix+"MTU: "+fmt.Sprint(s.MTU))
}
if s.RulePriority != 0 {
lines = append(lines, fieldPrefix+"Rule priority: "+fmt.Sprint(s.RulePriority))
}

20
internal/wireguard/settings_test.go
View File

@@ -7,6 +7,7 @@ import (
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"golang.zx2c4.com/wireguard/device"
)
func ptr[T any](v T) *T { return &v }
@@ -22,6 +23,7 @@ func Test_Settings_SetDefaults(t *testing.T) {
expected: Settings{
InterfaceName: "wg0",
FirewallMark: 51820,
MTU: device.DefaultMTU,
IPv6: ptr(false),
Implementation: "auto",
},
@@ -34,6 +36,7 @@ func Test_Settings_SetDefaults(t *testing.T) {
InterfaceName: "wg0",
FirewallMark: 51820,
Endpoint: netip.AddrPortFrom(netip.AddrFrom4([4]byte{1, 2, 3, 4}), 51820),
MTU: device.DefaultMTU,
IPv6: ptr(false),
Implementation: "auto",
},
@@ -43,6 +46,7 @@ func Test_Settings_SetDefaults(t *testing.T) {
InterfaceName: "wg1",
FirewallMark: 999,
Endpoint: netip.AddrPortFrom(netip.AddrFrom4([4]byte{1, 2, 3, 4}), 9999),
MTU: device.DefaultMTU,
IPv6: ptr(true),
Implementation: "userspace",
},
@@ -50,6 +54,7 @@ func Test_Settings_SetDefaults(t *testing.T) {
InterfaceName: "wg1",
FirewallMark: 999,
Endpoint: netip.AddrPortFrom(netip.AddrFrom4([4]byte{1, 2, 3, 4}), 9999),
MTU: device.DefaultMTU,
IPv6: ptr(true),
Implementation: "userspace",
},
@@ -174,6 +179,19 @@ func Test_Settings_Check(t *testing.T) {
},
err: ErrFirewallMarkMissing,
},
"missing_MTU": {
settings: Settings{
InterfaceName: "wg0",
PrivateKey: validKey1,
PublicKey: validKey2,
Endpoint: netip.AddrPortFrom(netip.AddrFrom4([4]byte{1, 2, 3, 4}), 51820),
Addresses: []netip.Prefix{
netip.PrefixFrom(netip.AddrFrom4([4]byte{1, 2, 3, 4}), 24),
},
FirewallMark: 999,
},
err: ErrMTUMissing,
},
"invalid implementation": {
settings: Settings{
InterfaceName: "wg0",
@@ -184,6 +202,7 @@ func Test_Settings_Check(t *testing.T) {
netip.PrefixFrom(netip.AddrFrom4([4]byte{1, 2, 3, 4}), 24),
},
FirewallMark: 999,
MTU: 1420,
Implementation: "x",
},
err: errors.New("invalid implementation: x"),
@@ -198,6 +217,7 @@ func Test_Settings_Check(t *testing.T) {
netip.PrefixFrom(netip.AddrFrom4([4]byte{1, 2, 3, 4}), 24),
},
FirewallMark: 999,
MTU: 1420,
Implementation: "userspace",
},
},