WireGuard config: Replace kernelMode with noKernelTun

https://github.com/XTLS/Xray-core/pull/3871#issuecomment-2420770309
2024-11-14 12:43:18 +00:00 · 2024-10-18 00:10:09 +00:00 · 2024-10-18 00:10:09 +00:00 · 9bdf72d658
parent b0272c172a
commit 9bdf72d658
6 changed files with 58 additions and 65 deletions
--- a/infra/conf/wireguard.go
+++ b/infra/conf/wireguard.go
@ -1,10 +1,8 @@
 package conf

 import (
-	"context"
 	"encoding/base64"
 	"encoding/hex"
-	"fmt"
 	"strings"

 	"github.com/xtls/xray-core/common/errors"
@ -53,8 +51,7 @@ func (c *WireGuardPeerConfig) Build() (proto.Message, error) {
 type WireGuardConfig struct {
 	IsClient bool `json:""`

-	KernelTun      *bool                  `json:"kernelTun"`
-	KernelMode     *bool                  `json:"kernelMode"`
+	NoKernelTun    bool                   `json:"noKernelTun"`
 	SecretKey      string                 `json:"secretKey"`
 	Address        []string               `json:"address"`
 	Peers          []*WireGuardPeerConfig `json:"peers"`
@ -121,26 +118,7 @@ func (c *WireGuardConfig) Build() (proto.Message, error) {
 	}

 	config.IsClient = c.IsClient
-	kernelTunSupported, err := wireguard.KernelTunSupported()
-	if err != nil {
-		errors.LogWarning(context.Background(), fmt.Sprintf("Failed to check kernel TUN support: %v. This may indicate that your OS doesn't support kernel TUN or you lack the necessary permissions. Please ensure you have the required privileges.", err))
-		config.KernelMode = false
-		return config, nil
-	}
-	if c.KernelMode == nil {
-		c.KernelMode = c.KernelTun
-	}
-	if c.KernelMode != nil {
-		config.KernelMode = *c.KernelMode
-		if config.KernelMode && !kernelTunSupported {
-			errors.LogWarning(context.Background(), "kernel TUN is not supported on your OS or permission is insufficient")
-		}
-	} else {
-		config.KernelMode = kernelTunSupported
-		if config.KernelMode {
-			errors.LogDebug(context.Background(), "kernel TUN is enabled as it's supported and permission is sufficient")
-		}
-	}
+	config.NoKernelTun = c.NoKernelTun

 	return config, nil
 }
--- a/infra/conf/wireguard_test.go
+++ b/infra/conf/wireguard_test.go
@ -26,7 +26,7 @@ func TestWireGuardConfig(t *testing.T) {
 				"mtu": 1300,
 				"workers": 2,
 				"domainStrategy": "ForceIPv6v4",
-				"kernelMode": false
+				"noKernelTun": false
 			}`,
 			Parser: loadJSON(creator),
 			Output: &wireguard.DeviceConfig{
@ -45,7 +45,7 @@ func TestWireGuardConfig(t *testing.T) {
 				Mtu:            1300,
 				NumWorkers:     2,
 				DomainStrategy: wireguard.DeviceConfig_FORCE_IP64,
-				KernelMode:     false,
+				NoKernelTun:    false,
 			},
 		},
 	})
--- a/proxy/wireguard/config.go
+++ b/proxy/wireguard/config.go
@ -1,5 +1,11 @@
 package wireguard

+import (
+	"context"
+
+	"github.com/xtls/xray-core/common/errors"
+)
+
 func (c *DeviceConfig) preferIP4() bool {
 	return c.DomainStrategy == DeviceConfig_FORCE_IP ||
 		c.DomainStrategy == DeviceConfig_FORCE_IP4 ||
@ -25,8 +31,17 @@ func (c *DeviceConfig) fallbackIP6() bool {
 }

 func (c *DeviceConfig) createTun() tunCreator {
-	if c.KernelMode {
-		return createKernelTun
+	if c.NoKernelTun {
+		return createGVisorTun
 	}
-	return createGVisorTun
+	kernelTunSupported, err := KernelTunSupported()
+	if err != nil {
+		errors.LogWarning(context.Background(), "Using gVisor TUN. Failed to check kernel TUN support:", err)
+		return createGVisorTun
+	}
+	if !kernelTunSupported {
+		errors.LogWarning(context.Background(), "Using gVisor TUN. Kernel TUN is not supported on your OS, or your permission is insufficient.)")
+		return createGVisorTun
+	}
+	return createKernelTun
 }
--- a/proxy/wireguard/config.pb.go
+++ b/proxy/wireguard/config.pb.go
@ -165,7 +165,7 @@ type DeviceConfig struct {
 	Reserved       []byte                      `protobuf:"bytes,6,opt,name=reserved,proto3" json:"reserved,omitempty"`
 	DomainStrategy DeviceConfig_DomainStrategy `protobuf:"varint,7,opt,name=domain_strategy,json=domainStrategy,proto3,enum=xray.proxy.wireguard.DeviceConfig_DomainStrategy" json:"domain_strategy,omitempty"`
 	IsClient       bool                        `protobuf:"varint,8,opt,name=is_client,json=isClient,proto3" json:"is_client,omitempty"`
-	KernelMode     bool                        `protobuf:"varint,9,opt,name=kernel_mode,json=kernelMode,proto3" json:"kernel_mode,omitempty"`
+	NoKernelTun    bool                        `protobuf:"varint,9,opt,name=no_kernel_tun,json=noKernelTun,proto3" json:"no_kernel_tun,omitempty"`
 }

 func (x *DeviceConfig) Reset() {
@ -254,9 +254,9 @@ func (x *DeviceConfig) GetIsClient() bool {
 	return false
 }

-func (x *DeviceConfig) GetKernelMode() bool {
+func (x *DeviceConfig) GetNoKernelTun() bool {
 	if x != nil {
-		return x.KernelMode
+		return x.NoKernelTun
 	}
 	return false
 }
@ -278,7 +278,7 @@ var file_proxy_wireguard_config_proto_rawDesc = []byte{
 	0x76, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x6b, 0x65, 0x65, 0x70, 0x41, 0x6c,
 	0x69, 0x76, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x5f, 0x69,
 	0x70, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65,
-	0x64, 0x49, 0x70, 0x73, 0x22, 0xc8, 0x03, 0x0a, 0x0c, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x43,
+	0x64, 0x49, 0x70, 0x73, 0x22, 0xcb, 0x03, 0x0a, 0x0c, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x43,
 	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x5f,
 	0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x65, 0x63, 0x72, 0x65,
 	0x74, 0x4b, 0x65, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74,
@ -299,21 +299,21 @@ var file_proxy_wireguard_config_proto_rawDesc = []byte{
 	0x65, 0x67, 0x79, 0x52, 0x0e, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x74, 0x72, 0x61, 0x74,
 	0x65, 0x67, 0x79, 0x12, 0x1b, 0x0a, 0x09, 0x69, 0x73, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74,
 	0x18, 0x08, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x69, 0x73, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74,
-	0x12, 0x1f, 0x0a, 0x0b, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18,
-	0x09, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x4d, 0x6f, 0x64,
-	0x65, 0x22, 0x5c, 0x0a, 0x0e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x74, 0x72, 0x61, 0x74,
-	0x65, 0x67, 0x79, 0x12, 0x0c, 0x0a, 0x08, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x5f, 0x49, 0x50, 0x10,
-	0x00, 0x12, 0x0d, 0x0a, 0x09, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x5f, 0x49, 0x50, 0x34, 0x10, 0x01,
-	0x12, 0x0d, 0x0a, 0x09, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x5f, 0x49, 0x50, 0x36, 0x10, 0x02, 0x12,
-	0x0e, 0x0a, 0x0a, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x5f, 0x49, 0x50, 0x34, 0x36, 0x10, 0x03, 0x12,
-	0x0e, 0x0a, 0x0a, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x5f, 0x49, 0x50, 0x36, 0x34, 0x10, 0x04, 0x42,
-	0x5e, 0x0a, 0x18, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78,
-	0x79, 0x2e, 0x77, 0x69, 0x72, 0x65, 0x67, 0x75, 0x61, 0x72, 0x64, 0x50, 0x01, 0x5a, 0x29, 0x67,
-	0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78,
-	0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x77,
-	0x69, 0x72, 0x65, 0x67, 0x75, 0x61, 0x72, 0x64, 0xaa, 0x02, 0x14, 0x58, 0x72, 0x61, 0x79, 0x2e,
-	0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x57, 0x69, 0x72, 0x65, 0x47, 0x75, 0x61, 0x72, 0x64, 0x62,
-	0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x12, 0x22, 0x0a, 0x0d, 0x6e, 0x6f, 0x5f, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x5f, 0x74, 0x75,
+	0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x6e, 0x6f, 0x4b, 0x65, 0x72, 0x6e, 0x65,
+	0x6c, 0x54, 0x75, 0x6e, 0x22, 0x5c, 0x0a, 0x0e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x74,
+	0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x12, 0x0c, 0x0a, 0x08, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x5f,
+	0x49, 0x50, 0x10, 0x00, 0x12, 0x0d, 0x0a, 0x09, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x5f, 0x49, 0x50,
+	0x34, 0x10, 0x01, 0x12, 0x0d, 0x0a, 0x09, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x5f, 0x49, 0x50, 0x36,
+	0x10, 0x02, 0x12, 0x0e, 0x0a, 0x0a, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x5f, 0x49, 0x50, 0x34, 0x36,
+	0x10, 0x03, 0x12, 0x0e, 0x0a, 0x0a, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x5f, 0x49, 0x50, 0x36, 0x34,
+	0x10, 0x04, 0x42, 0x5e, 0x0a, 0x18, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70,
+	0x72, 0x6f, 0x78, 0x79, 0x2e, 0x77, 0x69, 0x72, 0x65, 0x67, 0x75, 0x61, 0x72, 0x64, 0x50, 0x01,
+	0x5a, 0x29, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c,
+	0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78,
+	0x79, 0x2f, 0x77, 0x69, 0x72, 0x65, 0x67, 0x75, 0x61, 0x72, 0x64, 0xaa, 0x02, 0x14, 0x58, 0x72,
+	0x61, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x57, 0x69, 0x72, 0x65, 0x47, 0x75, 0x61,
+	0x72, 0x64, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }

 var (
--- a/proxy/wireguard/config.proto
+++ b/proxy/wireguard/config.proto
@ -30,5 +30,5 @@ message DeviceConfig {
  bytes reserved = 6;
  DomainStrategy domain_strategy = 7;
  bool is_client = 8;
-  bool kernel_mode = 9;
+  bool no_kernel_tun = 9;
 }
--- a/testing/scenarios/wireguard_test.go
+++ b/testing/scenarios/wireguard_test.go
@ -48,13 +48,13 @@ func TestWireguard(t *testing.T) {
 					Listen:   net.NewIPOrDomain(net.LocalHostIP),
 				}),
 				ProxySettings: serial.ToTypedMessage(&wireguard.DeviceConfig{
-					IsClient: false,
-					KernelMode: false,
-					Endpoint: []string{"10.0.0.1"},
-					Mtu: 1420,
-					SecretKey: serverPrivate,
+					IsClient:    false,
+					NoKernelTun: false,
+					Endpoint:    []string{"10.0.0.1"},
+					Mtu:         1420,
+					SecretKey:   serverPrivate,
 					Peers: []*wireguard.PeerConfig{{
-						PublicKey: serverPublic,
+						PublicKey:  serverPublic,
 						AllowedIps: []string{"0.0.0.0/0", "::0/0"},
 					}},
 				}),
@ -82,8 +82,8 @@ func TestWireguard(t *testing.T) {
 					Listen:   net.NewIPOrDomain(net.LocalHostIP),
 				}),
 				ProxySettings: serial.ToTypedMessage(&dokodemo.Config{
-					Address: net.NewIPOrDomain(dest.Address),
-					Port:    uint32(dest.Port),
+					Address:  net.NewIPOrDomain(dest.Address),
+					Port:     uint32(dest.Port),
 					Networks: []net.Network{net.Network_TCP},
 				}),
 			},
@ -91,14 +91,14 @@ func TestWireguard(t *testing.T) {
 		Outbound: []*core.OutboundHandlerConfig{
 			{
 				ProxySettings: serial.ToTypedMessage(&wireguard.DeviceConfig{
-					IsClient: true,
-					KernelMode: false,
-					Endpoint: []string{"10.0.0.2"},
-					Mtu: 1420,
-					SecretKey: clientPrivate,
+					IsClient:    true,
+					NoKernelTun: false,
+					Endpoint:    []string{"10.0.0.2"},
+					Mtu:         1420,
+					SecretKey:   clientPrivate,
 					Peers: []*wireguard.PeerConfig{{
-						Endpoint: "127.0.0.1:" + serverPort.String(),
-						PublicKey: clientPublic,
+						Endpoint:   "127.0.0.1:" + serverPort.String(),
+						PublicKey:  clientPublic,
 						AllowedIps: []string{"0.0.0.0/0", "::0/0"},
 					}},
 				}),
@ -119,4 +119,4 @@ func TestWireguard(t *testing.T) {
 	// if err := errg.Wait(); err != nil {
 	// 	t.Error(err)
 	// }
-}
+}