From a90ecb5fd417c06617574e00f8105e2f3eae638a Mon Sep 17 00:00:00 2001 From: Mikael Magnusson Date: Thu, 19 Mar 2020 23:26:49 +0100 Subject: WIP add wg gvisor config --- tunnel/tools/libwg-go/api-android.go | 169 +++++++++++++++++++++++++++++++++++ 1 file changed, 169 insertions(+) (limited to 'tunnel') diff --git a/tunnel/tools/libwg-go/api-android.go b/tunnel/tools/libwg-go/api-android.go index 7a393cae..145c3644 100644 --- a/tunnel/tools/libwg-go/api-android.go +++ b/tunnel/tools/libwg-go/api-android.go @@ -22,8 +22,16 @@ import ( "os" "os/signal" "runtime" + "strconv" "strings" "unsafe" + "gvisor.dev/gvisor/pkg/tcpip/config" + "gvisor.dev/gvisor/pkg/tcpip/network/arp" + "gvisor.dev/gvisor/pkg/tcpip/network/ipv4" + "gvisor.dev/gvisor/pkg/tcpip/network/ipv6" + "gvisor.dev/gvisor/pkg/tcpip/stack" + "gvisor.dev/gvisor/pkg/tcpip/transport/tcp" + "gvisor.dev/gvisor/pkg/tcpip/transport/udp" ) type AndroidLogger struct { @@ -61,6 +69,128 @@ func init() { }() } +func getConfig() string { + str := `network: + version: 2 + renderer: gvisor + ethernets: + lo: + addresses: + - 127.0.0.1/8 + - ::1/128 + - 10.1.0.1/24 + - 2001:470:de6f:5310::1/64 + routes: + - to: 10.1.15.0/24 + - to: 2001:470:de6f:531f::/64 + wireguards: + wg2: + name: wg2 + addresses: + - 10.49.124.111/32 + - 2001:470:dfae:6300::111/128 + - 2001:470:dfae:6300::1:111/128 + - fe80::111/64 + listen_port: 51820 + private_key: cCBLRrAKF0oqLua2IGYr6ngQRLdgCSTa8hzDLQvezUI= + peers: + - public_key: 5Q5KIFIeskMh/QanwH9/5lHQ9NhWBsY16kwaS0ELQyg= + endpoint: 10.49.50.215:51820 + allowed_ips: + - 2001:470:dfae:6300::1:3/128 + - ::/0 + - 0.0.0.0/0 + persistent_keepalive: 3600 + nameservers: + addresses: + - 8.8.8.8 + - 8.8.4.4 + routes: + - to: 10.49.124.0/24 + - to: 0.0.0.0/0 + - to: ::/0 + - to: 2001:470:dfae:6300::/64 + macaddress: aa:00:01:01:02:04 + tuntaps: + tun: + name: tun1 + mode: tun + mtu: 1280 + fd: @FD@ +# name: tap1 +# mode: tap + addresses: + - 10.1.1.2/24 + - 2001:470:de6f:5311::2/64 + nameservers: + addresses: + - 8.8.8.8 + - 8.8.4.4 +# routes: +# - to: 0.0.0.0/0 +# via: 10.1.1.1 +# metric: 200 +# - to: ::/0 +# via: 2001:470:de6f:5311::1 +# metric: 200 + macaddress: aa:00:01:01:02:01 +` + +// tunnels: +// tun1: +// mode: udp +// local: 0.0.0.0:10002 +// remote: 127.0.0.1:10001 +// #FIXME detect MTU +// mtu: 1280 #1500 +// addresses: +// - 10.1.2.1/24 +// - 2001:470:de6f:5312::1/64 +// routes: +// # - to: 0.0.0.0/0 +// # via: 10.1.2.2 +// # metric: 100 +// # - to: ::/0 +// # via: 2001:470:de6f:5312::2 +// # metric: 100 +// macaddress: aa:00:01:01:02:02 + +// wireguards: +// # wg1: +// # name: wg1 +// # addresses: +// # - 10.1.3.2/24 +// # - 2001:470:de6f:5313::2/64 +// # listen_port: 51820 +// # private_key: cCBLRrAKF0oqLua2IGYr6ngQRLdgCSTa8hzDLQvezUI= +// # peers: +// # - public_key: igb6I+JFOEXPN4JjZvSslxNDPQK1/Ofi6310RzH2HAk= +// # endpoint: 10.49.50.1:51820 +// # allowed_ips: +// # - 10.1.2.3/32 +// # - 0.0.0.0/0 +// # - ::/0 +// # # persistent_keepalive: 3600 +// # nameservers: +// # addresses: +// # - 8.8.8.8 +// # - 8.8.4.4 +// # routes: +// # - to: 0.0.0.0/0 +// # via: 10.1.3.1 +// # metric: 100 +// # mark: 1 +// # mask: 255 +// # - to: ::/0 +// # via: 2001:470:de6f:5313::1 +// # metric: 100 +// # mark: 1 +// # mask: 255 +// # macaddress: aa:00:01:01:02:03 + + return str +} + //export wgTurnOn func wgTurnOn(ifnameRef string, tunFd int32, settings string) int32 { interfaceName := string([]byte(ifnameRef)) @@ -71,8 +201,44 @@ func wgTurnOn(ifnameRef string, tunFd int32, settings string) int32 { Error: log.New(&AndroidLogger{level: C.ANDROID_LOG_ERROR, interfaceName: interfaceName}, "", 0), } + // Use DEBUG as default logger + log.SetOutput(logger.Debug.Writer()) + // Don't add date and time already added by android + log.SetFlags(0) + logger.Debug.Println("Debug log enabled") + log.Println("Test stdout") + yaml := strings.Replace(getConfig(), "@FD@", strconv.Itoa(int(tunFd)), 1) + logger.Debug.Println("Loading config ", yaml) + cfg := config.New(logger) + err := cfg.LoadFromBytes([]byte(yaml)) + if err != nil { + logger.Debug.Println("LoadFromBytes failed") + unix.Close(int(tunFd)) + logger.Error.Println(err) + return -1 + } + + logger.Debug.Println("Start gvisor stack") + s := stack.New(stack.Options{ + NetworkProtocols: []stack.NetworkProtocol{ipv4.NewProtocol(), ipv6.NewProtocol(), arp.NewProtocol()}, + TransportProtocols: []stack.TransportProtocol{ + tcp.NewProtocol(), + udp.NewProtocol(), + //icmp.NewProtocol6(), + }, + //NDPConfigs: stack.DefaultNDPConfigurations(), + //NDPDisp: &routes, + }) + + logger.Debug.Println("Stack started") + + cfg.Setup(s) + + logger.Debug.Println("Test gvisor TCP/IP", cfg) + + if false { tun, name, err := tun.CreateUnmonitoredTUNFromFD(int(tunFd)) if err != nil { unix.Close(int(tunFd)) @@ -114,6 +280,7 @@ func wgTurnOn(ifnameRef string, tunFd int32, settings string) int32 { } device.Up() + logger.Info.Println("Device started") var i int32 @@ -128,6 +295,8 @@ func wgTurnOn(ifnameRef string, tunFd int32, settings string) int32 { } tunnelHandles[i] = TunnelHandle{device: device, uapi: uapi} return i + } + return 0 } //export wgTurnOff -- cgit v1.2.3