summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2021-01-21 00:02:32 +0100
committerJason A. Donenfeld <Jason@zx2c4.com>2021-01-21 00:16:59 +0100
commit1d4eb2727a3ad6086229f45354933e84d85fc4e3 (patch)
treede1b00c7f44bd3ea4fd021a9bd398cdd7fe5eb76
parent294d3bedf959c9c496aaa877919a762acf07c684 (diff)
netstack: introduce new module for gvisor tcp tun adapter
The Go linker isn't smart enough to prevent gvisor from being pulled into modules that use other parts of tun/, due to the types exposed. So, we put this into its own standalone module. We use this as an opportunity to introduce some example code as well. I'm still not happy that this not only clutters this repo's go.sum, but all the other projects that consume it, but it seems like making a new module inside of this repo will lead to even greater confusion. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
-rw-r--r--tun/netstack/examples/http_client.go50
-rw-r--r--tun/netstack/examples/http_server.go48
-rw-r--r--tun/netstack/tun.go (renamed from tun/tun_net.go)14
3 files changed, 106 insertions, 6 deletions
diff --git a/tun/netstack/examples/http_client.go b/tun/netstack/examples/http_client.go
new file mode 100644
index 0000000..2c1f8f4
--- /dev/null
+++ b/tun/netstack/examples/http_client.go
@@ -0,0 +1,50 @@
+// +build ignore
+
+/* SPDX-License-Identifier: MIT
+ *
+ * Copyright (C) 2019-2021 WireGuard LLC. All Rights Reserved.
+ */
+
+package main
+
+import (
+ "io"
+ "log"
+ "net"
+ "net/http"
+
+ "golang.zx2c4.com/wireguard/device"
+ "golang.zx2c4.com/wireguard/tun/netstack"
+)
+
+func main() {
+ tun, tnet, err := netstack.CreateNetTUN(
+ []net.IP{net.ParseIP("192.168.4.29")},
+ []net.IP{net.ParseIP("8.8.8.8")},
+ 1420)
+ if err != nil {
+ log.Panic(err)
+ }
+ dev := device.NewDevice(tun, &device.Logger{log.Default(), log.Default(), log.Default()})
+ dev.IpcSet(`private_key=a8dac1d8a70a751f0f699fb14ba1cff7b79cf4fbd8f09f44c6e6a90d0369604f
+public_key=25123c5dcd3328ff645e4f2a3fce0d754400d3887a0cb7c56f0267e20fbf3c5b
+endpoint=163.172.161.0:12912
+allowed_ip=0.0.0.0/0
+`)
+ dev.Up()
+
+ client := http.Client{
+ Transport: &http.Transport{
+ DialContext: tnet.DialContext,
+ },
+ }
+ resp, err := client.Get("https://www.zx2c4.com/ip")
+ if err != nil {
+ log.Panic(err)
+ }
+ body, err := io.ReadAll(resp.Body)
+ if err != nil {
+ log.Panic(err)
+ }
+ log.Println(string(body))
+}
diff --git a/tun/netstack/examples/http_server.go b/tun/netstack/examples/http_server.go
new file mode 100644
index 0000000..e627e55
--- /dev/null
+++ b/tun/netstack/examples/http_server.go
@@ -0,0 +1,48 @@
+// +build ignore
+
+/* SPDX-License-Identifier: MIT
+ *
+ * Copyright (C) 2019-2021 WireGuard LLC. All Rights Reserved.
+ */
+
+package main
+
+import (
+ "golang.zx2c4.com/wireguard/device"
+ "golang.zx2c4.com/wireguard/tun/netstack"
+ "io"
+ "log"
+ "net"
+ "net/http"
+)
+
+func main() {
+ tun, tnet, err := netstack.CreateNetTUN(
+ []net.IP{net.ParseIP("192.168.4.29")},
+ []net.IP{net.ParseIP("8.8.8.8"), net.ParseIP("8.8.4.4")},
+ 1420,
+ )
+ if err != nil {
+ log.Panic(err)
+ }
+ dev := device.NewDevice(tun, &device.Logger{log.Default(), log.Default(), log.Default()})
+ dev.IpcSet(`private_key=a8dac1d8a70a751f0f699fb14ba1cff7b79cf4fbd8f09f44c6e6a90d0369604f
+public_key=25123c5dcd3328ff645e4f2a3fce0d754400d3887a0cb7c56f0267e20fbf3c5b
+endpoint=163.172.161.0:12912
+allowed_ip=0.0.0.0/0
+persistent_keepalive_interval=25
+ `)
+ dev.Up()
+ listener, err := tnet.ListenTCP(&net.TCPAddr{Port: 80})
+ if err != nil {
+ log.Panicln(err)
+ }
+ http.HandleFunc("/", func(writer http.ResponseWriter, request *http.Request) {
+ log.Printf("> %s - %s - %s", request.RemoteAddr, request.URL.String(), request.UserAgent())
+ io.WriteString(writer, "Hello from userspace TCP!")
+ })
+ err = http.Serve(listener, nil)
+ if err != nil {
+ log.Panicln(err)
+ }
+}
diff --git a/tun/tun_net.go b/tun/netstack/tun.go
index 9a6f26f..6bdea23 100644
--- a/tun/tun_net.go
+++ b/tun/netstack/tun.go
@@ -3,7 +3,7 @@
* Copyright (C) 2019-2021 WireGuard LLC. All Rights Reserved.
*/
-package tun
+package netstack
import (
"context"
@@ -18,6 +18,8 @@ import (
"strings"
"time"
+ "golang.zx2c4.com/wireguard/tun"
+
"golang.org/x/net/dns/dnsmessage"
"gvisor.dev/gvisor/pkg/tcpip"
"gvisor.dev/gvisor/pkg/tcpip/adapters/gonet"
@@ -33,7 +35,7 @@ import (
type netTun struct {
stack *stack.Stack
dispatcher stack.NetworkDispatcher
- events chan Event
+ events chan tun.Event
incomingPacket chan buffer.VectorisedView
mtu int
dnsServers []net.IP
@@ -88,7 +90,7 @@ func (*endpoint) ARPHardwareType() header.ARPHardwareType {
func (e *endpoint) AddHeader(local, remote tcpip.LinkAddress, protocol tcpip.NetworkProtocolNumber, pkt *stack.PacketBuffer) {
}
-func CreateNetTUN(localAddresses []net.IP, dnsServers []net.IP, mtu int) (Device, *Net, error) {
+func CreateNetTUN(localAddresses []net.IP, dnsServers []net.IP, mtu int) (tun.Device, *Net, error) {
opts := stack.Options{
NetworkProtocols: []stack.NetworkProtocolFactory{ipv4.NewProtocol, ipv6.NewProtocol},
TransportProtocols: []stack.TransportProtocolFactory{tcp.NewProtocol, udp.NewProtocol},
@@ -96,7 +98,7 @@ func CreateNetTUN(localAddresses []net.IP, dnsServers []net.IP, mtu int) (Device
}
dev := &netTun{
stack: stack.New(opts),
- events: make(chan Event, 10),
+ events: make(chan tun.Event, 10),
incomingPacket: make(chan buffer.VectorisedView),
dnsServers: dnsServers,
mtu: mtu,
@@ -127,7 +129,7 @@ func CreateNetTUN(localAddresses []net.IP, dnsServers []net.IP, mtu int) (Device
dev.stack.AddRoute(tcpip.Route{Destination: header.IPv6EmptySubnet, NIC: 1})
}
- dev.events <- EventUp
+ dev.events <- tun.EventUp
return dev, (*Net)(dev), nil
}
@@ -139,7 +141,7 @@ func (tun *netTun) File() *os.File {
return nil
}
-func (tun *netTun) Events() chan Event {
+func (tun *netTun) Events() chan tun.Event {
return tun.events
}