Skip to content

Commit

Permalink
wireguard: some refactors
Browse files Browse the repository at this point in the history 
Signed-off-by: Mark Pashmfouroush <mark@markpash.me>
  • Loading branch information
@markpash
markpash committed Aug 3, 2024
1 parent 8f5cd89 commit 08088f2
Show file tree
Hide file tree
Showing 6 changed files with 270 additions and 135 deletions.
231 changes: 148 additions & 83 deletions app/app.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ import (
"github.com/bepass-org/warp-plus/iputils"
"github.com/bepass-org/warp-plus/psiphon"
"github.com/bepass-org/warp-plus/warp"
"github.com/bepass-org/warp-plus/wireguard/tun"
"github.com/bepass-org/warp-plus/wireguard/tun/netstack"
"github.com/bepass-org/warp-plus/wiresocks"
)

Expand Down Expand Up @@ -80,7 +82,7 @@ func RunWarp(ctx context.Context, l *slog.Logger, opts WarpOptions) error {
return err
}

l.Info("scan results", "endpoints", res)
l.Debug("scan results", "endpoints", res)

endpoints = make([]string, len(res))
for i := 0; i < len(res); i++ {
Expand Down Expand Up @@ -122,7 +124,7 @@ func runWireguard(ctx context.Context, l *slog.Logger, opts WarpOptions) error {
// Enable trick and keepalive on all peers in config
for i, peer := range conf.Peers {
peer.Trick = true
peer.KeepAlive = 3
peer.KeepAlive = 5

// Try resolving if the endpoint is a domain
addr, err := iputils.ParseResolveAddressPort(peer.Endpoint, false, opts.DnsAddr.String())
Expand All @@ -134,35 +136,56 @@ func runWireguard(ctx context.Context, l *slog.Logger, opts WarpOptions) error {
}

if opts.Tun {
// Create a new tun interface
tunDev, err := newNormalTun([]netip.Addr{opts.DnsAddr})
if err != nil {
return err
}

// Establish wireguard tunnel on tun interface
if err := establishWireguard(l, conf, tunDev, true, opts.FwMark); err != nil {
return err
var werr error
var tunDev tun.Device
for _, t := range []string{"t1", "t2"} {
// Create a new tun interface
tunDev, werr = newNormalTun([]netip.Addr{opts.DnsAddr})
if werr != nil {
continue
}

werr = establishWireguard(l, conf, tunDev, true, opts.FwMark, t)
if werr != nil {
continue
}
break
}
if werr != nil {
return werr
}

l.Info("serving tun", "interface", "warp0")
return nil
}

// Create userspace tun network stack
tunDev, tnet, err := newUsermodeTun(conf)
if err != nil {
return err
}

// Establish wireguard on userspace stack
if err := establishWireguard(l, conf, tunDev, false, opts.FwMark); err != nil {
return err
}
var werr error
var tnet *netstack.Net
var tunDev tun.Device
for _, t := range []string{"t1", "t2"} {
// Create userspace tun network stack
tunDev, tnet, werr = netstack.CreateNetTUN(conf.Interface.Addresses, conf.Interface.DNS, conf.Interface.MTU)
if err != nil {
continue
}

werr = establishWireguard(l, conf, tunDev, false, opts.FwMark, t)
if werr != nil {
continue
}

// // Test wireguard connectivity
// if err := usermodeTunTest(ctx, l, tnet); err != nil {
// return err
// }
// Test wireguard connectivity
werr = usermodeTunTest(ctx, l, tnet)
if werr != nil {
continue
}
break
}
if werr != nil {
return werr
}

// Run a proxy on the userspace stack
_, err = wiresocks.StartProxy(ctx, l, tnet, opts.Bind)
Expand Down Expand Up @@ -194,7 +217,7 @@ func runWarp(ctx context.Context, l *slog.Logger, opts WarpOptions, endpoint str
for i, peer := range conf.Peers {
peer.Endpoint = endpoint
peer.Trick = true
peer.KeepAlive = 3
peer.KeepAlive = 5

if opts.Reserved != "" {
r, err := wiresocks.ParseReserved(opts.Reserved)
Expand All @@ -208,35 +231,55 @@ func runWarp(ctx context.Context, l *slog.Logger, opts WarpOptions, endpoint str
}

if opts.Tun {
// Create a new tun interface
tunDev, err := newNormalTun([]netip.Addr{opts.DnsAddr})
if err != nil {
return err
}

// Establish wireguard tunnel on tun interface
if err := establishWireguard(l, &conf, tunDev, true, opts.FwMark); err != nil {
return err
var werr error
var tunDev tun.Device
for _, t := range []string{"t1", "t2"} {
// Create a new tun interface
tunDev, werr = newNormalTun([]netip.Addr{opts.DnsAddr})
if werr != nil {
continue
}

// Create userspace tun network stack
werr = establishWireguard(l, &conf, tunDev, true, opts.FwMark, t)
if werr != nil {
continue
}
break
}
if werr != nil {
return werr
}
l.Info("serving tun", "interface", "warp0")
return nil
}

// Create userspace tun network stack
tunDev, tnet, err := newUsermodeTun(&conf)
if err != nil {
return err
}

// Establish wireguard on userspace stack
if err := establishWireguard(l, &conf, tunDev, false, opts.FwMark); err != nil {
return err
}
var werr error
var tnet *netstack.Net
var tunDev tun.Device
for _, t := range []string{"t1", "t2"} {
tunDev, tnet, werr = netstack.CreateNetTUN(conf.Interface.Addresses, conf.Interface.DNS, conf.Interface.MTU)
if werr != nil {
continue
}

// // Test wireguard connectivity
// if err := usermodeTunTest(ctx, l, tnet); err != nil {
// return err
// }
werr = establishWireguard(l, &conf, tunDev, false, opts.FwMark, t)
if werr != nil {
continue
}

// Test wireguard connectivity
werr = usermodeTunTest(ctx, l, tnet)
if werr != nil {
continue
}
break
}
if werr != nil {
return werr
}

// Run a proxy on the userspace stack
_, err = wiresocks.StartProxy(ctx, l, tnet, opts.Bind)
Expand Down Expand Up @@ -267,7 +310,7 @@ func runWarpInWarp(ctx context.Context, l *slog.Logger, opts WarpOptions, endpoi
for i, peer := range conf.Peers {
peer.Endpoint = endpoints[0]
peer.Trick = true
peer.KeepAlive = 3
peer.KeepAlive = 5

if opts.Reserved != "" {
r, err := wiresocks.ParseReserved(opts.Reserved)
Expand All @@ -280,24 +323,35 @@ func runWarpInWarp(ctx context.Context, l *slog.Logger, opts WarpOptions, endpoi
conf.Peers[i] = peer
}

// Create userspace tun network stack
tunDev, tnet, err := newUsermodeTun(&conf)
if err != nil {
return err
}

// Establish wireguard on userspace stack and bind the wireguard sockets to the default interface and apply
if err := establishWireguard(l.With("gool", "outer"), &conf, tunDev, opts.Tun, opts.FwMark); err != nil {
return err
}
var werr error
var tnet1 *netstack.Net
var tunDev tun.Device
for _, t := range []string{"t1", "t2"} {
// Create userspace tun network stack
tunDev, tnet1, werr = netstack.CreateNetTUN(conf.Interface.Addresses, conf.Interface.DNS, conf.Interface.MTU)
if werr != nil {
continue
}

// // Test wireguard connectivity
// if err := usermodeTunTest(ctx, l, tnet); err != nil {
// return err
// }
werr = establishWireguard(l.With("gool", "outer"), &conf, tunDev, opts.Tun, opts.FwMark, t)
if werr != nil {
continue
}

// Test wireguard connectivity
werr = usermodeTunTest(ctx, l, tnet1)
if werr != nil {
continue
}
break
}
if werr != nil {
return werr
}

// Create a UDP port forward between localhost and the remote endpoint
addr, err := wiresocks.NewVtunUDPForwarder(ctx, netip.MustParseAddrPort("127.0.0.1:0"), endpoints[0], tnet, singleMTU)
addr, err := wiresocks.NewVtunUDPForwarder(ctx, netip.MustParseAddrPort("127.0.0.1:0"), endpoints[0], tnet1, singleMTU)
if err != nil {
return err
}
Expand All @@ -319,7 +373,7 @@ func runWarpInWarp(ctx context.Context, l *slog.Logger, opts WarpOptions, endpoi
// Enable keepalive on all peers in config
for i, peer := range conf.Peers {
peer.Endpoint = addr.String()
peer.KeepAlive = 10
peer.KeepAlive = 20

if opts.Reserved != "" {
r, err := wiresocks.ParseReserved(opts.Reserved)
Expand All @@ -341,30 +395,30 @@ func runWarpInWarp(ctx context.Context, l *slog.Logger, opts WarpOptions, endpoi

// Establish wireguard tunnel on tun interface but don't bind
// wireguard sockets to default interface and don't apply fwmark.
if err := establishWireguard(l.With("gool", "inner"), &conf, tunDev, false, opts.FwMark); err != nil {
if err := establishWireguard(l.With("gool", "inner"), &conf, tunDev, false, opts.FwMark, "t0"); err != nil {
return err
}
l.Info("serving tun", "interface", "warp0")
return nil
}

// Create userspace tun network stack
tunDev, tnet, err = newUsermodeTun(&conf)
tunDev, tnet2, err := netstack.CreateNetTUN(conf.Interface.Addresses, conf.Interface.DNS, conf.Interface.MTU)
if err != nil {
return err
}

// Establish wireguard on userspace stack
if err := establishWireguard(l.With("gool", "inner"), &conf, tunDev, false, opts.FwMark); err != nil {
if err := establishWireguard(l.With("gool", "inner"), &conf, tunDev, false, opts.FwMark, "t0"); err != nil {
return err
}

// // Test wireguard connectivity
// if err := usermodeTunTest(ctx, l, tnet); err != nil {
// return err
// }
// Test wireguard connectivity
if err := usermodeTunTest(ctx, l, tnet2); err != nil {
return err
}

_, err = wiresocks.StartProxy(ctx, l, tnet, opts.Bind)
_, err = wiresocks.StartProxy(ctx, l, tnet2, opts.Bind)
if err != nil {
return err
}
Expand Down Expand Up @@ -392,7 +446,7 @@ func runWarpWithPsiphon(ctx context.Context, l *slog.Logger, opts WarpOptions, e
for i, peer := range conf.Peers {
peer.Endpoint = endpoint
peer.Trick = true
peer.KeepAlive = 3
peer.KeepAlive = 5

if opts.Reserved != "" {
r, err := wiresocks.ParseReserved(opts.Reserved)
Expand All @@ -405,21 +459,32 @@ func runWarpWithPsiphon(ctx context.Context, l *slog.Logger, opts WarpOptions, e
conf.Peers[i] = peer
}

// Create userspace tun network stack
tunDev, tnet, err := newUsermodeTun(&conf)
if err != nil {
return err
}

// Establish wireguard on userspace stack
if err := establishWireguard(l, &conf, tunDev, false, opts.FwMark); err != nil {
return err
}
var werr error
var tnet *netstack.Net
var tunDev tun.Device
for _, t := range []string{"t1", "t2"} {
// Create userspace tun network stack
tunDev, tnet, werr = netstack.CreateNetTUN(conf.Interface.Addresses, conf.Interface.DNS, conf.Interface.MTU)
if werr != nil {
continue
}

// // Test wireguard connectivity
// if err := usermodeTunTest(ctx, l, tnet); err != nil {
// return err
// }
werr = establishWireguard(l, &conf, tunDev, false, opts.FwMark, t)
if werr != nil {
continue
}

// Test wireguard connectivity
werr = usermodeTunTest(ctx, l, tnet)
if werr != nil {
continue
}
break
}
if werr != nil {
return werr
}

// Run a proxy on the userspace stack
warpBind, err := wiresocks.StartProxy(ctx, l, tnet, netip.MustParseAddrPort("127.0.0.1:0"))
Expand Down
Loading

0 comments on commit 08088f2

Please sign in to comment.