mirror of
https://github.com/XTLS/Xray-core.git
synced 2024-11-22 23:13:01 +00:00
WireGuard config: Replace kernelMode
with noKernelTun
https://github.com/XTLS/Xray-core/pull/3871#issuecomment-2420770309
This commit is contained in:
parent
b0272c172a
commit
9bdf72d658
@ -1,10 +1,8 @@
|
|||||||
package conf
|
package conf
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
"fmt"
|
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/xtls/xray-core/common/errors"
|
"github.com/xtls/xray-core/common/errors"
|
||||||
@ -53,8 +51,7 @@ func (c *WireGuardPeerConfig) Build() (proto.Message, error) {
|
|||||||
type WireGuardConfig struct {
|
type WireGuardConfig struct {
|
||||||
IsClient bool `json:""`
|
IsClient bool `json:""`
|
||||||
|
|
||||||
KernelTun *bool `json:"kernelTun"`
|
NoKernelTun bool `json:"noKernelTun"`
|
||||||
KernelMode *bool `json:"kernelMode"`
|
|
||||||
SecretKey string `json:"secretKey"`
|
SecretKey string `json:"secretKey"`
|
||||||
Address []string `json:"address"`
|
Address []string `json:"address"`
|
||||||
Peers []*WireGuardPeerConfig `json:"peers"`
|
Peers []*WireGuardPeerConfig `json:"peers"`
|
||||||
@ -121,26 +118,7 @@ func (c *WireGuardConfig) Build() (proto.Message, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
config.IsClient = c.IsClient
|
config.IsClient = c.IsClient
|
||||||
kernelTunSupported, err := wireguard.KernelTunSupported()
|
config.NoKernelTun = c.NoKernelTun
|
||||||
if err != nil {
|
|
||||||
errors.LogWarning(context.Background(), fmt.Sprintf("Failed to check kernel TUN support: %v. This may indicate that your OS doesn't support kernel TUN or you lack the necessary permissions. Please ensure you have the required privileges.", err))
|
|
||||||
config.KernelMode = false
|
|
||||||
return config, nil
|
|
||||||
}
|
|
||||||
if c.KernelMode == nil {
|
|
||||||
c.KernelMode = c.KernelTun
|
|
||||||
}
|
|
||||||
if c.KernelMode != nil {
|
|
||||||
config.KernelMode = *c.KernelMode
|
|
||||||
if config.KernelMode && !kernelTunSupported {
|
|
||||||
errors.LogWarning(context.Background(), "kernel TUN is not supported on your OS or permission is insufficient")
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
config.KernelMode = kernelTunSupported
|
|
||||||
if config.KernelMode {
|
|
||||||
errors.LogDebug(context.Background(), "kernel TUN is enabled as it's supported and permission is sufficient")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return config, nil
|
return config, nil
|
||||||
}
|
}
|
||||||
|
@ -26,7 +26,7 @@ func TestWireGuardConfig(t *testing.T) {
|
|||||||
"mtu": 1300,
|
"mtu": 1300,
|
||||||
"workers": 2,
|
"workers": 2,
|
||||||
"domainStrategy": "ForceIPv6v4",
|
"domainStrategy": "ForceIPv6v4",
|
||||||
"kernelMode": false
|
"noKernelTun": false
|
||||||
}`,
|
}`,
|
||||||
Parser: loadJSON(creator),
|
Parser: loadJSON(creator),
|
||||||
Output: &wireguard.DeviceConfig{
|
Output: &wireguard.DeviceConfig{
|
||||||
@ -45,7 +45,7 @@ func TestWireGuardConfig(t *testing.T) {
|
|||||||
Mtu: 1300,
|
Mtu: 1300,
|
||||||
NumWorkers: 2,
|
NumWorkers: 2,
|
||||||
DomainStrategy: wireguard.DeviceConfig_FORCE_IP64,
|
DomainStrategy: wireguard.DeviceConfig_FORCE_IP64,
|
||||||
KernelMode: false,
|
NoKernelTun: false,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
|
@ -1,5 +1,11 @@
|
|||||||
package wireguard
|
package wireguard
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
|
||||||
|
"github.com/xtls/xray-core/common/errors"
|
||||||
|
)
|
||||||
|
|
||||||
func (c *DeviceConfig) preferIP4() bool {
|
func (c *DeviceConfig) preferIP4() bool {
|
||||||
return c.DomainStrategy == DeviceConfig_FORCE_IP ||
|
return c.DomainStrategy == DeviceConfig_FORCE_IP ||
|
||||||
c.DomainStrategy == DeviceConfig_FORCE_IP4 ||
|
c.DomainStrategy == DeviceConfig_FORCE_IP4 ||
|
||||||
@ -25,8 +31,17 @@ func (c *DeviceConfig) fallbackIP6() bool {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (c *DeviceConfig) createTun() tunCreator {
|
func (c *DeviceConfig) createTun() tunCreator {
|
||||||
if c.KernelMode {
|
if c.NoKernelTun {
|
||||||
return createKernelTun
|
return createGVisorTun
|
||||||
}
|
}
|
||||||
return createGVisorTun
|
kernelTunSupported, err := KernelTunSupported()
|
||||||
|
if err != nil {
|
||||||
|
errors.LogWarning(context.Background(), "Using gVisor TUN. Failed to check kernel TUN support:", err)
|
||||||
|
return createGVisorTun
|
||||||
|
}
|
||||||
|
if !kernelTunSupported {
|
||||||
|
errors.LogWarning(context.Background(), "Using gVisor TUN. Kernel TUN is not supported on your OS, or your permission is insufficient.)")
|
||||||
|
return createGVisorTun
|
||||||
|
}
|
||||||
|
return createKernelTun
|
||||||
}
|
}
|
||||||
|
@ -165,7 +165,7 @@ type DeviceConfig struct {
|
|||||||
Reserved []byte `protobuf:"bytes,6,opt,name=reserved,proto3" json:"reserved,omitempty"`
|
Reserved []byte `protobuf:"bytes,6,opt,name=reserved,proto3" json:"reserved,omitempty"`
|
||||||
DomainStrategy DeviceConfig_DomainStrategy `protobuf:"varint,7,opt,name=domain_strategy,json=domainStrategy,proto3,enum=xray.proxy.wireguard.DeviceConfig_DomainStrategy" json:"domain_strategy,omitempty"`
|
DomainStrategy DeviceConfig_DomainStrategy `protobuf:"varint,7,opt,name=domain_strategy,json=domainStrategy,proto3,enum=xray.proxy.wireguard.DeviceConfig_DomainStrategy" json:"domain_strategy,omitempty"`
|
||||||
IsClient bool `protobuf:"varint,8,opt,name=is_client,json=isClient,proto3" json:"is_client,omitempty"`
|
IsClient bool `protobuf:"varint,8,opt,name=is_client,json=isClient,proto3" json:"is_client,omitempty"`
|
||||||
KernelMode bool `protobuf:"varint,9,opt,name=kernel_mode,json=kernelMode,proto3" json:"kernel_mode,omitempty"`
|
NoKernelTun bool `protobuf:"varint,9,opt,name=no_kernel_tun,json=noKernelTun,proto3" json:"no_kernel_tun,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (x *DeviceConfig) Reset() {
|
func (x *DeviceConfig) Reset() {
|
||||||
@ -254,9 +254,9 @@ func (x *DeviceConfig) GetIsClient() bool {
|
|||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
func (x *DeviceConfig) GetKernelMode() bool {
|
func (x *DeviceConfig) GetNoKernelTun() bool {
|
||||||
if x != nil {
|
if x != nil {
|
||||||
return x.KernelMode
|
return x.NoKernelTun
|
||||||
}
|
}
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
@ -278,7 +278,7 @@ var file_proxy_wireguard_config_proto_rawDesc = []byte{
|
|||||||
0x76, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x6b, 0x65, 0x65, 0x70, 0x41, 0x6c,
|
0x76, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x6b, 0x65, 0x65, 0x70, 0x41, 0x6c,
|
||||||
0x69, 0x76, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x5f, 0x69,
|
0x69, 0x76, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x5f, 0x69,
|
||||||
0x70, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65,
|
0x70, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65,
|
||||||
0x64, 0x49, 0x70, 0x73, 0x22, 0xc8, 0x03, 0x0a, 0x0c, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x43,
|
0x64, 0x49, 0x70, 0x73, 0x22, 0xcb, 0x03, 0x0a, 0x0c, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x43,
|
||||||
0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x5f,
|
0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x5f,
|
||||||
0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x65, 0x63, 0x72, 0x65,
|
0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x65, 0x63, 0x72, 0x65,
|
||||||
0x74, 0x4b, 0x65, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74,
|
0x74, 0x4b, 0x65, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74,
|
||||||
@ -299,21 +299,21 @@ var file_proxy_wireguard_config_proto_rawDesc = []byte{
|
|||||||
0x65, 0x67, 0x79, 0x52, 0x0e, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x74, 0x72, 0x61, 0x74,
|
0x65, 0x67, 0x79, 0x52, 0x0e, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x74, 0x72, 0x61, 0x74,
|
||||||
0x65, 0x67, 0x79, 0x12, 0x1b, 0x0a, 0x09, 0x69, 0x73, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74,
|
0x65, 0x67, 0x79, 0x12, 0x1b, 0x0a, 0x09, 0x69, 0x73, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74,
|
||||||
0x18, 0x08, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x69, 0x73, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74,
|
0x18, 0x08, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x69, 0x73, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74,
|
||||||
0x12, 0x1f, 0x0a, 0x0b, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18,
|
0x12, 0x22, 0x0a, 0x0d, 0x6e, 0x6f, 0x5f, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x5f, 0x74, 0x75,
|
||||||
0x09, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x4d, 0x6f, 0x64,
|
0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x6e, 0x6f, 0x4b, 0x65, 0x72, 0x6e, 0x65,
|
||||||
0x65, 0x22, 0x5c, 0x0a, 0x0e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x74, 0x72, 0x61, 0x74,
|
0x6c, 0x54, 0x75, 0x6e, 0x22, 0x5c, 0x0a, 0x0e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x74,
|
||||||
0x65, 0x67, 0x79, 0x12, 0x0c, 0x0a, 0x08, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x5f, 0x49, 0x50, 0x10,
|
0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x12, 0x0c, 0x0a, 0x08, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x5f,
|
||||||
0x00, 0x12, 0x0d, 0x0a, 0x09, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x5f, 0x49, 0x50, 0x34, 0x10, 0x01,
|
0x49, 0x50, 0x10, 0x00, 0x12, 0x0d, 0x0a, 0x09, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x5f, 0x49, 0x50,
|
||||||
0x12, 0x0d, 0x0a, 0x09, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x5f, 0x49, 0x50, 0x36, 0x10, 0x02, 0x12,
|
0x34, 0x10, 0x01, 0x12, 0x0d, 0x0a, 0x09, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x5f, 0x49, 0x50, 0x36,
|
||||||
0x0e, 0x0a, 0x0a, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x5f, 0x49, 0x50, 0x34, 0x36, 0x10, 0x03, 0x12,
|
0x10, 0x02, 0x12, 0x0e, 0x0a, 0x0a, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x5f, 0x49, 0x50, 0x34, 0x36,
|
||||||
0x0e, 0x0a, 0x0a, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x5f, 0x49, 0x50, 0x36, 0x34, 0x10, 0x04, 0x42,
|
0x10, 0x03, 0x12, 0x0e, 0x0a, 0x0a, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x5f, 0x49, 0x50, 0x36, 0x34,
|
||||||
0x5e, 0x0a, 0x18, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78,
|
0x10, 0x04, 0x42, 0x5e, 0x0a, 0x18, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70,
|
||||||
0x79, 0x2e, 0x77, 0x69, 0x72, 0x65, 0x67, 0x75, 0x61, 0x72, 0x64, 0x50, 0x01, 0x5a, 0x29, 0x67,
|
0x72, 0x6f, 0x78, 0x79, 0x2e, 0x77, 0x69, 0x72, 0x65, 0x67, 0x75, 0x61, 0x72, 0x64, 0x50, 0x01,
|
||||||
0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78,
|
0x5a, 0x29, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c,
|
||||||
0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x77,
|
0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78,
|
||||||
0x69, 0x72, 0x65, 0x67, 0x75, 0x61, 0x72, 0x64, 0xaa, 0x02, 0x14, 0x58, 0x72, 0x61, 0x79, 0x2e,
|
0x79, 0x2f, 0x77, 0x69, 0x72, 0x65, 0x67, 0x75, 0x61, 0x72, 0x64, 0xaa, 0x02, 0x14, 0x58, 0x72,
|
||||||
0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x57, 0x69, 0x72, 0x65, 0x47, 0x75, 0x61, 0x72, 0x64, 0x62,
|
0x61, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x57, 0x69, 0x72, 0x65, 0x47, 0x75, 0x61,
|
||||||
0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
|
0x72, 0x64, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
|
||||||
}
|
}
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
@ -30,5 +30,5 @@ message DeviceConfig {
|
|||||||
bytes reserved = 6;
|
bytes reserved = 6;
|
||||||
DomainStrategy domain_strategy = 7;
|
DomainStrategy domain_strategy = 7;
|
||||||
bool is_client = 8;
|
bool is_client = 8;
|
||||||
bool kernel_mode = 9;
|
bool no_kernel_tun = 9;
|
||||||
}
|
}
|
@ -48,13 +48,13 @@ func TestWireguard(t *testing.T) {
|
|||||||
Listen: net.NewIPOrDomain(net.LocalHostIP),
|
Listen: net.NewIPOrDomain(net.LocalHostIP),
|
||||||
}),
|
}),
|
||||||
ProxySettings: serial.ToTypedMessage(&wireguard.DeviceConfig{
|
ProxySettings: serial.ToTypedMessage(&wireguard.DeviceConfig{
|
||||||
IsClient: false,
|
IsClient: false,
|
||||||
KernelMode: false,
|
NoKernelTun: false,
|
||||||
Endpoint: []string{"10.0.0.1"},
|
Endpoint: []string{"10.0.0.1"},
|
||||||
Mtu: 1420,
|
Mtu: 1420,
|
||||||
SecretKey: serverPrivate,
|
SecretKey: serverPrivate,
|
||||||
Peers: []*wireguard.PeerConfig{{
|
Peers: []*wireguard.PeerConfig{{
|
||||||
PublicKey: serverPublic,
|
PublicKey: serverPublic,
|
||||||
AllowedIps: []string{"0.0.0.0/0", "::0/0"},
|
AllowedIps: []string{"0.0.0.0/0", "::0/0"},
|
||||||
}},
|
}},
|
||||||
}),
|
}),
|
||||||
@ -82,8 +82,8 @@ func TestWireguard(t *testing.T) {
|
|||||||
Listen: net.NewIPOrDomain(net.LocalHostIP),
|
Listen: net.NewIPOrDomain(net.LocalHostIP),
|
||||||
}),
|
}),
|
||||||
ProxySettings: serial.ToTypedMessage(&dokodemo.Config{
|
ProxySettings: serial.ToTypedMessage(&dokodemo.Config{
|
||||||
Address: net.NewIPOrDomain(dest.Address),
|
Address: net.NewIPOrDomain(dest.Address),
|
||||||
Port: uint32(dest.Port),
|
Port: uint32(dest.Port),
|
||||||
Networks: []net.Network{net.Network_TCP},
|
Networks: []net.Network{net.Network_TCP},
|
||||||
}),
|
}),
|
||||||
},
|
},
|
||||||
@ -91,14 +91,14 @@ func TestWireguard(t *testing.T) {
|
|||||||
Outbound: []*core.OutboundHandlerConfig{
|
Outbound: []*core.OutboundHandlerConfig{
|
||||||
{
|
{
|
||||||
ProxySettings: serial.ToTypedMessage(&wireguard.DeviceConfig{
|
ProxySettings: serial.ToTypedMessage(&wireguard.DeviceConfig{
|
||||||
IsClient: true,
|
IsClient: true,
|
||||||
KernelMode: false,
|
NoKernelTun: false,
|
||||||
Endpoint: []string{"10.0.0.2"},
|
Endpoint: []string{"10.0.0.2"},
|
||||||
Mtu: 1420,
|
Mtu: 1420,
|
||||||
SecretKey: clientPrivate,
|
SecretKey: clientPrivate,
|
||||||
Peers: []*wireguard.PeerConfig{{
|
Peers: []*wireguard.PeerConfig{{
|
||||||
Endpoint: "127.0.0.1:" + serverPort.String(),
|
Endpoint: "127.0.0.1:" + serverPort.String(),
|
||||||
PublicKey: clientPublic,
|
PublicKey: clientPublic,
|
||||||
AllowedIps: []string{"0.0.0.0/0", "::0/0"},
|
AllowedIps: []string{"0.0.0.0/0", "::0/0"},
|
||||||
}},
|
}},
|
||||||
}),
|
}),
|
||||||
|
Loading…
Reference in New Issue
Block a user