WireGuard config: Replace kernelMode with noKernelTun

https://github.com/XTLS/Xray-core/pull/3871#issuecomment-2420770309
This commit is contained in:
RPRX 2024-10-18 00:10:09 +00:00 committed by GitHub
parent b0272c172a
commit 9bdf72d658
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 58 additions and 65 deletions

View file

@ -1,10 +1,8 @@
package conf package conf
import ( import (
"context"
"encoding/base64" "encoding/base64"
"encoding/hex" "encoding/hex"
"fmt"
"strings" "strings"
"github.com/xtls/xray-core/common/errors" "github.com/xtls/xray-core/common/errors"
@ -53,8 +51,7 @@ func (c *WireGuardPeerConfig) Build() (proto.Message, error) {
type WireGuardConfig struct { type WireGuardConfig struct {
IsClient bool `json:""` IsClient bool `json:""`
KernelTun *bool `json:"kernelTun"` NoKernelTun bool `json:"noKernelTun"`
KernelMode *bool `json:"kernelMode"`
SecretKey string `json:"secretKey"` SecretKey string `json:"secretKey"`
Address []string `json:"address"` Address []string `json:"address"`
Peers []*WireGuardPeerConfig `json:"peers"` Peers []*WireGuardPeerConfig `json:"peers"`
@ -121,26 +118,7 @@ func (c *WireGuardConfig) Build() (proto.Message, error) {
} }
config.IsClient = c.IsClient config.IsClient = c.IsClient
kernelTunSupported, err := wireguard.KernelTunSupported() config.NoKernelTun = c.NoKernelTun
if err != nil {
errors.LogWarning(context.Background(), fmt.Sprintf("Failed to check kernel TUN support: %v. This may indicate that your OS doesn't support kernel TUN or you lack the necessary permissions. Please ensure you have the required privileges.", err))
config.KernelMode = false
return config, nil
}
if c.KernelMode == nil {
c.KernelMode = c.KernelTun
}
if c.KernelMode != nil {
config.KernelMode = *c.KernelMode
if config.KernelMode && !kernelTunSupported {
errors.LogWarning(context.Background(), "kernel TUN is not supported on your OS or permission is insufficient")
}
} else {
config.KernelMode = kernelTunSupported
if config.KernelMode {
errors.LogDebug(context.Background(), "kernel TUN is enabled as it's supported and permission is sufficient")
}
}
return config, nil return config, nil
} }

View file

@ -26,7 +26,7 @@ func TestWireGuardConfig(t *testing.T) {
"mtu": 1300, "mtu": 1300,
"workers": 2, "workers": 2,
"domainStrategy": "ForceIPv6v4", "domainStrategy": "ForceIPv6v4",
"kernelMode": false "noKernelTun": false
}`, }`,
Parser: loadJSON(creator), Parser: loadJSON(creator),
Output: &wireguard.DeviceConfig{ Output: &wireguard.DeviceConfig{
@ -45,7 +45,7 @@ func TestWireGuardConfig(t *testing.T) {
Mtu: 1300, Mtu: 1300,
NumWorkers: 2, NumWorkers: 2,
DomainStrategy: wireguard.DeviceConfig_FORCE_IP64, DomainStrategy: wireguard.DeviceConfig_FORCE_IP64,
KernelMode: false, NoKernelTun: false,
}, },
}, },
}) })

View file

@ -1,5 +1,11 @@
package wireguard package wireguard
import (
"context"
"github.com/xtls/xray-core/common/errors"
)
func (c *DeviceConfig) preferIP4() bool { func (c *DeviceConfig) preferIP4() bool {
return c.DomainStrategy == DeviceConfig_FORCE_IP || return c.DomainStrategy == DeviceConfig_FORCE_IP ||
c.DomainStrategy == DeviceConfig_FORCE_IP4 || c.DomainStrategy == DeviceConfig_FORCE_IP4 ||
@ -25,8 +31,17 @@ func (c *DeviceConfig) fallbackIP6() bool {
} }
func (c *DeviceConfig) createTun() tunCreator { func (c *DeviceConfig) createTun() tunCreator {
if c.KernelMode { if c.NoKernelTun {
return createKernelTun return createGVisorTun
} }
return createGVisorTun kernelTunSupported, err := KernelTunSupported()
if err != nil {
errors.LogWarning(context.Background(), "Using gVisor TUN. Failed to check kernel TUN support:", err)
return createGVisorTun
}
if !kernelTunSupported {
errors.LogWarning(context.Background(), "Using gVisor TUN. Kernel TUN is not supported on your OS, or your permission is insufficient.)")
return createGVisorTun
}
return createKernelTun
} }

View file

@ -165,7 +165,7 @@ type DeviceConfig struct {
Reserved []byte `protobuf:"bytes,6,opt,name=reserved,proto3" json:"reserved,omitempty"` Reserved []byte `protobuf:"bytes,6,opt,name=reserved,proto3" json:"reserved,omitempty"`
DomainStrategy DeviceConfig_DomainStrategy `protobuf:"varint,7,opt,name=domain_strategy,json=domainStrategy,proto3,enum=xray.proxy.wireguard.DeviceConfig_DomainStrategy" json:"domain_strategy,omitempty"` DomainStrategy DeviceConfig_DomainStrategy `protobuf:"varint,7,opt,name=domain_strategy,json=domainStrategy,proto3,enum=xray.proxy.wireguard.DeviceConfig_DomainStrategy" json:"domain_strategy,omitempty"`
IsClient bool `protobuf:"varint,8,opt,name=is_client,json=isClient,proto3" json:"is_client,omitempty"` IsClient bool `protobuf:"varint,8,opt,name=is_client,json=isClient,proto3" json:"is_client,omitempty"`
KernelMode bool `protobuf:"varint,9,opt,name=kernel_mode,json=kernelMode,proto3" json:"kernel_mode,omitempty"` NoKernelTun bool `protobuf:"varint,9,opt,name=no_kernel_tun,json=noKernelTun,proto3" json:"no_kernel_tun,omitempty"`
} }
func (x *DeviceConfig) Reset() { func (x *DeviceConfig) Reset() {
@ -254,9 +254,9 @@ func (x *DeviceConfig) GetIsClient() bool {
return false return false
} }
func (x *DeviceConfig) GetKernelMode() bool { func (x *DeviceConfig) GetNoKernelTun() bool {
if x != nil { if x != nil {
return x.KernelMode return x.NoKernelTun
} }
return false return false
} }
@ -278,7 +278,7 @@ var file_proxy_wireguard_config_proto_rawDesc = []byte{
0x76, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x6b, 0x65, 0x65, 0x70, 0x41, 0x6c, 0x76, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x6b, 0x65, 0x65, 0x70, 0x41, 0x6c,
0x69, 0x76, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x5f, 0x69, 0x69, 0x76, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x5f, 0x69,
0x70, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x70, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65,
0x64, 0x49, 0x70, 0x73, 0x22, 0xc8, 0x03, 0x0a, 0x0c, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x43, 0x64, 0x49, 0x70, 0x73, 0x22, 0xcb, 0x03, 0x0a, 0x0c, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x43,
0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x5f, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x5f,
0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x65, 0x63, 0x72, 0x65, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x65, 0x63, 0x72, 0x65,
0x74, 0x4b, 0x65, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x74, 0x4b, 0x65, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74,
@ -299,21 +299,21 @@ var file_proxy_wireguard_config_proto_rawDesc = []byte{
0x65, 0x67, 0x79, 0x52, 0x0e, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x52, 0x0e, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x74, 0x72, 0x61, 0x74,
0x65, 0x67, 0x79, 0x12, 0x1b, 0x0a, 0x09, 0x69, 0x73, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x65, 0x67, 0x79, 0x12, 0x1b, 0x0a, 0x09, 0x69, 0x73, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74,
0x18, 0x08, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x69, 0x73, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x69, 0x73, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74,
0x12, 0x1f, 0x0a, 0x0b, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x12, 0x22, 0x0a, 0x0d, 0x6e, 0x6f, 0x5f, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x5f, 0x74, 0x75,
0x09, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x4d, 0x6f, 0x64, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x6e, 0x6f, 0x4b, 0x65, 0x72, 0x6e, 0x65,
0x65, 0x22, 0x5c, 0x0a, 0x0e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x74, 0x72, 0x61, 0x74, 0x6c, 0x54, 0x75, 0x6e, 0x22, 0x5c, 0x0a, 0x0e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x74,
0x65, 0x67, 0x79, 0x12, 0x0c, 0x0a, 0x08, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x5f, 0x49, 0x50, 0x10, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x12, 0x0c, 0x0a, 0x08, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x5f,
0x00, 0x12, 0x0d, 0x0a, 0x09, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x5f, 0x49, 0x50, 0x34, 0x10, 0x01, 0x49, 0x50, 0x10, 0x00, 0x12, 0x0d, 0x0a, 0x09, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x5f, 0x49, 0x50,
0x12, 0x0d, 0x0a, 0x09, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x5f, 0x49, 0x50, 0x36, 0x10, 0x02, 0x12, 0x34, 0x10, 0x01, 0x12, 0x0d, 0x0a, 0x09, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x5f, 0x49, 0x50, 0x36,
0x0e, 0x0a, 0x0a, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x5f, 0x49, 0x50, 0x34, 0x36, 0x10, 0x03, 0x12, 0x10, 0x02, 0x12, 0x0e, 0x0a, 0x0a, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x5f, 0x49, 0x50, 0x34, 0x36,
0x0e, 0x0a, 0x0a, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x5f, 0x49, 0x50, 0x36, 0x34, 0x10, 0x04, 0x42, 0x10, 0x03, 0x12, 0x0e, 0x0a, 0x0a, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x5f, 0x49, 0x50, 0x36, 0x34,
0x5e, 0x0a, 0x18, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x10, 0x04, 0x42, 0x5e, 0x0a, 0x18, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70,
0x79, 0x2e, 0x77, 0x69, 0x72, 0x65, 0x67, 0x75, 0x61, 0x72, 0x64, 0x50, 0x01, 0x5a, 0x29, 0x67, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x77, 0x69, 0x72, 0x65, 0x67, 0x75, 0x61, 0x72, 0x64, 0x50, 0x01,
0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x5a, 0x29, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c,
0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x77, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78,
0x69, 0x72, 0x65, 0x67, 0x75, 0x61, 0x72, 0x64, 0xaa, 0x02, 0x14, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x79, 0x2f, 0x77, 0x69, 0x72, 0x65, 0x67, 0x75, 0x61, 0x72, 0x64, 0xaa, 0x02, 0x14, 0x58, 0x72,
0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x57, 0x69, 0x72, 0x65, 0x47, 0x75, 0x61, 0x72, 0x64, 0x62, 0x61, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x57, 0x69, 0x72, 0x65, 0x47, 0x75, 0x61,
0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, 0x72, 0x64, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
} }
var ( var (

View file

@ -30,5 +30,5 @@ message DeviceConfig {
bytes reserved = 6; bytes reserved = 6;
DomainStrategy domain_strategy = 7; DomainStrategy domain_strategy = 7;
bool is_client = 8; bool is_client = 8;
bool kernel_mode = 9; bool no_kernel_tun = 9;
} }

View file

@ -48,13 +48,13 @@ func TestWireguard(t *testing.T) {
Listen: net.NewIPOrDomain(net.LocalHostIP), Listen: net.NewIPOrDomain(net.LocalHostIP),
}), }),
ProxySettings: serial.ToTypedMessage(&wireguard.DeviceConfig{ ProxySettings: serial.ToTypedMessage(&wireguard.DeviceConfig{
IsClient: false, IsClient: false,
KernelMode: false, NoKernelTun: false,
Endpoint: []string{"10.0.0.1"}, Endpoint: []string{"10.0.0.1"},
Mtu: 1420, Mtu: 1420,
SecretKey: serverPrivate, SecretKey: serverPrivate,
Peers: []*wireguard.PeerConfig{{ Peers: []*wireguard.PeerConfig{{
PublicKey: serverPublic, PublicKey: serverPublic,
AllowedIps: []string{"0.0.0.0/0", "::0/0"}, AllowedIps: []string{"0.0.0.0/0", "::0/0"},
}}, }},
}), }),
@ -82,8 +82,8 @@ func TestWireguard(t *testing.T) {
Listen: net.NewIPOrDomain(net.LocalHostIP), Listen: net.NewIPOrDomain(net.LocalHostIP),
}), }),
ProxySettings: serial.ToTypedMessage(&dokodemo.Config{ ProxySettings: serial.ToTypedMessage(&dokodemo.Config{
Address: net.NewIPOrDomain(dest.Address), Address: net.NewIPOrDomain(dest.Address),
Port: uint32(dest.Port), Port: uint32(dest.Port),
Networks: []net.Network{net.Network_TCP}, Networks: []net.Network{net.Network_TCP},
}), }),
}, },
@ -91,14 +91,14 @@ func TestWireguard(t *testing.T) {
Outbound: []*core.OutboundHandlerConfig{ Outbound: []*core.OutboundHandlerConfig{
{ {
ProxySettings: serial.ToTypedMessage(&wireguard.DeviceConfig{ ProxySettings: serial.ToTypedMessage(&wireguard.DeviceConfig{
IsClient: true, IsClient: true,
KernelMode: false, NoKernelTun: false,
Endpoint: []string{"10.0.0.2"}, Endpoint: []string{"10.0.0.2"},
Mtu: 1420, Mtu: 1420,
SecretKey: clientPrivate, SecretKey: clientPrivate,
Peers: []*wireguard.PeerConfig{{ Peers: []*wireguard.PeerConfig{{
Endpoint: "127.0.0.1:" + serverPort.String(), Endpoint: "127.0.0.1:" + serverPort.String(),
PublicKey: clientPublic, PublicKey: clientPublic,
AllowedIps: []string{"0.0.0.0/0", "::0/0"}, AllowedIps: []string{"0.0.0.0/0", "::0/0"},
}}, }},
}), }),
@ -119,4 +119,4 @@ func TestWireguard(t *testing.T) {
// if err := errg.Wait(); err != nil { // if err := errg.Wait(); err != nil {
// t.Error(err) // t.Error(err)
// } // }
} }