pangolin_mirror/newt
1
0
Fork 0
mirror of https://github.com/fosrl/newt.git synced 2026-03-06 10:46:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Netstack working

Browse Source
This commit is contained in:
Owen
2025-07-27 10:25:34 -07:00
parent e14d53087f
commit 8bf9c9795b
6 changed files with 232 additions and 145 deletions
Download Patch File Download Diff File Expand all files Collapse all files

125
clients.go Normal file
View File

@@ -0,0 +1,125 @@
package main
import (
"fmt"
"strings"
"github.com/fosrl/newt/logger"
"github.com/fosrl/newt/proxy"
"github.com/fosrl/newt/websocket"
"golang.zx2c4.com/wireguard/tun/netstack"
"github.com/fosrl/newt/wgnetstack"
"github.com/fosrl/newt/wgtester"
)
var wgService *wgnetstack.WireGuardService
var wgTesterServer *wgtester.Server
var ready bool
func setupClients(client *websocket.Client) {
var host = endpoint
if strings.HasPrefix(host, "http://") {
host = strings.TrimPrefix(host, "http://")
} else if strings.HasPrefix(host, "https://") {
host = strings.TrimPrefix(host, "https://")
}
host = strings.TrimSuffix(host, "/")
if useNativeInterface {
setupClientsNative(client, host)
} else {
setupClientsNetstack(client, host)
}
ready = true
}
func setupClientsNetstack(client *websocket.Client, host string) {
logger.Info("Setting up clients with netstack...")
// Create WireGuard service
wgService, err = wgnetstack.NewWireGuardService(interfaceName, mtuInt, generateAndSaveKeyTo, host, id, client, "8.8.8.8")
if err != nil {
logger.Fatal("Failed to create WireGuard service: %v", err)
}
// // Set up callback to restart wgtester with netstack when WireGuard is ready
wgService.SetOnNetstackReady(func(tnet *netstack.Net) {
wgTesterServer = wgtester.NewServerWithNetstack("0.0.0.0", wgService.Port, id, tnet) // TODO: maybe make this the same ip of the wg server?
err := wgTesterServer.Start()
if err != nil {
logger.Error("Failed to start WireGuard tester server: %v", err)
}
})
client.OnTokenUpdate(func(token string) {
wgService.SetToken(token)
})
}
func setDownstreamTNetstack(tnet *netstack.Net) {
if wgService != nil {
wgService.SetOthertnet(tnet)
}
}
func closeClients() {
logger.Info("Closing clients...")
if wgService != nil {
wgService.Close(!keepInterface)
wgService = nil
}
closeWgServiceNative()
if wgTesterServer != nil {
wgTesterServer.Stop()
wgTesterServer = nil
}
}
func clientsHandleNewtConnection(publicKey string, endpoint string) {
if !ready {
return
}
// split off the port from the endpoint
parts := strings.Split(endpoint, ":")
if len(parts) < 2 {
logger.Error("Invalid endpoint format: %s", endpoint)
return
}
endpoint = strings.Join(parts[:len(parts)-1], ":")
if wgService != nil {
wgService.StartHolepunch(publicKey, endpoint)
}
clientsHandleNewtConnectionNative(publicKey, endpoint)
}
func clientsOnConnect() {
if !ready {
return
}
if wgService != nil {
wgService.LoadRemoteConfig()
}
clientsOnConnectNative()
}
func clientsAddProxyTarget(pm *proxy.ProxyManager, tunnelIp string) {
if !ready {
return
}
// add a udp proxy for localost and the wgService port
// TODO: make sure this port is not used in a target
if wgService != nil {
pm.AddTarget("udp", tunnelIp, int(wgService.Port), fmt.Sprintf("127.0.0.1:%d", wgService.Port))
}
clientsAddProxyTargetNative(pm, tunnelIp)
}

111
linux.go
View File

@@ -4,107 +4,74 @@ package main
import ( import (
"fmt" "fmt"
"strings" "os"
"runtime"
"github.com/fosrl/newt/logger" "github.com/fosrl/newt/logger"
"github.com/fosrl/newt/proxy" "github.com/fosrl/newt/proxy"
"github.com/fosrl/newt/websocket" "github.com/fosrl/newt/websocket"
"golang.zx2c4.com/wireguard/tun/netstack" "github.com/fosrl/newt/wg"
"github.com/fosrl/newt/wgnetstack"
"github.com/fosrl/newt/wgtester" "github.com/fosrl/newt/wgtester"
) )
var wgService *wgnetstack.WireGuardService var wgServiceNative *wg.WireGuardService
var wgTesterServer *wgtester.Server
func setupClients(client *websocket.Client) { func setupClientsNative(client *websocket.Client, host string) {
var host = endpoint
if strings.HasPrefix(host, "http://") { if runtime.GOOS != "linux" {
host = strings.TrimPrefix(host, "http://") logger.Fatal("Tunnel management is only supported on Linux right now!")
} else if strings.HasPrefix(host, "https://") { os.Exit(1)
host = strings.TrimPrefix(host, "https://")
} }
host = strings.TrimSuffix(host, "/") // make sure we are sudo
if os.Geteuid() != 0 {
logger.Fatal("You must run this program as root to manage tunnels on Linux.")
os.Exit(1)
}
if useNativeInterface { // Create WireGuard service
wgServiceNative, err = wg.NewWireGuardService(interfaceName, mtuInt, generateAndSaveKeyTo, host, id, client)
if err != nil {
logger.Fatal("Failed to create WireGuard service: %v", err)
}
} else { wgTesterServer = wgtester.NewServer("0.0.0.0", wgServiceNative.Port, id) // TODO: maybe make this the same ip of the wg server?
// Create WireGuard service err := wgTesterServer.Start()
wgService, err = wgnetstack.NewWireGuardService(interfaceName, mtuInt, generateAndSaveKeyTo, host, id, client, "8.8.8.8") if err != nil {
if err != nil { logger.Error("Failed to start WireGuard tester server: %v", err)
logger.Fatal("Failed to create WireGuard service: %v", err)
}
// // Set up callback to restart wgtester with netstack when WireGuard is ready
wgService.SetOnNetstackReady(func(tnet *netstack.Net) {
wgTesterServer = wgtester.NewServerWithNetstack("0.0.0.0", wgService.Port, id, tnet) // TODO: maybe make this the same ip of the wg server?
err := wgTesterServer.Start()
if err != nil {
logger.Error("Failed to start WireGuard tester server: %v", err)
}
// logger.Info("WireGuard netstack is ready, restarting wgtester with netstack")
// if err := wgTesterServer.RestartWithNetstack(tnet); err != nil {
// logger.Error("Failed to restart wgtester with netstack: %v", err)
// } else {
// logger.Info("WGTester successfully restarted with netstack")
// }
})
} }
client.OnTokenUpdate(func(token string) { client.OnTokenUpdate(func(token string) {
wgService.SetToken(token) wgServiceNative.SetToken(token)
}) })
} }
func setDownstreamTNetstack(tnet *netstack.Net) { func closeWgServiceNative() {
if wgService != nil { if wgServiceNative != nil {
wgService.SetOthertnet(tnet) wgServiceNative.Close(!keepInterface)
wgServiceNative = nil
} }
} }
func closeClients() { func clientsOnConnectNative() {
if wgService != nil { if wgServiceNative != nil {
wgService.Close(!keepInterface) wgServiceNative.LoadRemoteConfig()
wgService = nil
}
if wgTesterServer != nil {
wgTesterServer.Stop()
wgTesterServer = nil
} }
} }
func clientsHandleNewtConnection(publicKey string, endpoint string) { func clientsHandleNewtConnectionNative(publicKey, endpoint string) {
if wgService == nil { if wgServiceNative != nil {
return wgServiceNative.StartHolepunch(publicKey, endpoint)
} }
// split off the port from the endpoint
parts := strings.Split(endpoint, ":")
if len(parts) < 2 {
logger.Error("Invalid endpoint format: %s", endpoint)
return
}
endpoint = strings.Join(parts[:len(parts)-1], ":")
wgService.StartHolepunch(publicKey, endpoint)
} }
func clientsOnConnect() { func clientsAddProxyTargetNative(pm *proxy.ProxyManager, tunnelIp string) {
if wgService == nil { if !ready {
return
}
wgService.LoadRemoteConfig()
}
func clientsAddProxyTarget(pm *proxy.ProxyManager, tunnelIp string) {
if wgService == nil {
return return
} }
// add a udp proxy for localost and the wgService port // add a udp proxy for localost and the wgService port
// TODO: make sure this port is not used in a target // TODO: make sure this port is not used in a target
pm.AddTarget("udp", tunnelIp, int(wgService.Port), fmt.Sprintf("127.0.0.1:%d", wgService.Port)) if wgServiceNative != nil {
pm.AddTarget("udp", tunnelIp, int(wgServiceNative.Port), fmt.Sprintf("127.0.0.1:%d", wgServiceNative.Port))
}
} }

9
main.go
View File

@@ -9,7 +9,6 @@ import (
"net/netip" "net/netip"
"os" "os"
"os/signal" "os/signal"
"runtime"
"strconv" "strconv"
"strings" "strings"
"syscall" "syscall"
@@ -141,7 +140,7 @@ func main() {
flag.StringVar(&interfaceName, "interface", "newt", "Name of the WireGuard interface") flag.StringVar(&interfaceName, "interface", "newt", "Name of the WireGuard interface")
} }
if generateAndSaveKeyTo == "" { if generateAndSaveKeyTo == "" {
flag.StringVar(&generateAndSaveKeyTo, "generateAndSaveKeyTo", "/tmp/newtkey", "Path to save generated private key") flag.StringVar(&generateAndSaveKeyTo, "generateAndSaveKeyTo", "", "Path to save generated private key")
} }
flag.BoolVar(&keepInterface, "keep-interface", false, "Keep the WireGuard interface") flag.BoolVar(&keepInterface, "keep-interface", false, "Keep the WireGuard interface")
flag.BoolVar(&useNativeInterface, "native", false, "Use native WireGuard interface (requires WireGuard kernel module) and linux") flag.BoolVar(&useNativeInterface, "native", false, "Use native WireGuard interface (requires WireGuard kernel module) and linux")
@@ -269,12 +268,6 @@ func main() {
var wgData WgData var wgData WgData
if acceptClients { if acceptClients {
// make sure we are running on linux
if runtime.GOOS != "linux" {
logger.Fatal("Tunnel management is only supported on Linux right now!")
os.Exit(1)
}
setupClients(client) setupClients(client)
} }

18
stub.go
View File

@@ -7,26 +7,26 @@ import (
"github.com/fosrl/newt/websocket" "github.com/fosrl/newt/websocket"
) )
func setupClients(client *websocket.Client) { func setupClientsNative(client *websocket.Client, host string) {
return // This function is not implemented for non-Linux systems. return // This function is not implemented for non-Linux systems.
} }
func closeClients() { func closeWgServiceNative() {
// This function is not implemented for non-Linux systems. // No-op for non-Linux systems
return return
} }
func clientsHandleNewtConnection(publicKey string) { func clientsOnConnectNative() {
// This function is not implemented for non-Linux systems. // No-op for non-Linux systems
return return
} }
func clientsOnConnect() { func clientsHandleNewtConnectionNative(publicKey, endpoint string) {
// This function is not implemented for non-Linux systems. // No-op for non-Linux systems
return return
} }
func clientsAddProxyTarget(pm *proxy.ProxyManager, tunnelIp string) { func clientsAddProxyTargetNative(pm *proxy.ProxyManager, tunnelIp string) {
// This function is not implemented for non-Linux systems. // No-op for non-Linux systems
return return
} }

40
wg/wg.go
View File

@@ -152,25 +152,27 @@ func NewWireGuardService(interfaceName string, mtu int, generateAndSaveKeyTo str
var key wgtypes.Key var key wgtypes.Key
// if generateAndSaveKeyTo is provided, generate a private key and save it to the file. if the file already exists, load the key from the file // if generateAndSaveKeyTo is provided, generate a private key and save it to the file. if the file already exists, load the key from the file
if _, err := os.Stat(generateAndSaveKeyTo); os.IsNotExist(err) { key, err = wgtypes.GeneratePrivateKey()
// generate a new private key if err != nil {
key, err = wgtypes.GeneratePrivateKey() return nil, fmt.Errorf("failed to generate private key: %v", err)
if err != nil { }
logger.Fatal("Failed to generate private key: %v", err)
} // Load or generate private key
// save the key to the file if generateAndSaveKeyTo != "" {
err = os.WriteFile(generateAndSaveKeyTo, []byte(key.String()), 0644) if _, err := os.Stat(generateAndSaveKeyTo); os.IsNotExist(err) {
if err != nil { keyData, err := os.ReadFile(generateAndSaveKeyTo)
logger.Fatal("Failed to save private key: %v", err) if err != nil {
} return nil, fmt.Errorf("failed to read private key: %v", err)
} else { }
keyData, err := os.ReadFile(generateAndSaveKeyTo) key, err = wgtypes.ParseKey(strings.TrimSpace(string(keyData)))
if err != nil { if err != nil {
logger.Fatal("Failed to read private key: %v", err) return nil, fmt.Errorf("failed to parse private key: %v", err)
} }
key, err = wgtypes.ParseKey(string(keyData)) } else {
if err != nil { err = os.WriteFile(generateAndSaveKeyTo, []byte(key.String()), 0644)
logger.Fatal("Failed to parse private key: %v", err) if err != nil {
return nil, fmt.Errorf("failed to save private key: %v", err)
}
} }
} }

74
wgnetstack/wgnetstack.go
View File

@@ -166,21 +166,7 @@ func FindAvailableUDPPort(minPort, maxPort uint16) (uint16, error) {
continue // Port is in use or there was an error, try next port continue // Port is in use or there was an error, try next port
} }
// Check if port+1 is also available
addr2 := &net.UDPAddr{
IP: net.ParseIP("127.0.0.1"),
Port: int(port + 1),
}
conn2, err2 := net.ListenUDP("udp", addr2)
if err2 != nil {
// The next port is not available, so close the first connection and try again
conn1.Close()
continue
}
// Both ports are available, close connections and return the first port
conn1.Close() conn1.Close()
conn2.Close()
return port, nil return port, nil
} }
@@ -189,27 +175,29 @@ func FindAvailableUDPPort(minPort, maxPort uint16) (uint16, error) {
func NewWireGuardService(interfaceName string, mtu int, generateAndSaveKeyTo string, host string, newtId string, wsClient *websocket.Client, dns string) (*WireGuardService, error) { func NewWireGuardService(interfaceName string, mtu int, generateAndSaveKeyTo string, host string, newtId string, wsClient *websocket.Client, dns string) (*WireGuardService, error) {
var key wgtypes.Key var key wgtypes.Key
var err error
key, err = wgtypes.GeneratePrivateKey()
if err != nil {
return nil, fmt.Errorf("failed to generate private key: %v", err)
}
// Load or generate private key // Load or generate private key
if _, err := os.Stat(generateAndSaveKeyTo); os.IsNotExist(err) { if generateAndSaveKeyTo != "" {
// Generate a new private key if _, err := os.Stat(generateAndSaveKeyTo); os.IsNotExist(err) {
key, err = wgtypes.GeneratePrivateKey() keyData, err := os.ReadFile(generateAndSaveKeyTo)
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to generate private key: %v", err) return nil, fmt.Errorf("failed to read private key: %v", err)
} }
// Save the key to the file key, err = wgtypes.ParseKey(strings.TrimSpace(string(keyData)))
err = os.WriteFile(generateAndSaveKeyTo, []byte(key.String()), 0644) if err != nil {
if err != nil { return nil, fmt.Errorf("failed to parse private key: %v", err)
return nil, fmt.Errorf("failed to save private key: %v", err) }
} } else {
} else { err = os.WriteFile(generateAndSaveKeyTo, []byte(key.String()), 0644)
keyData, err := os.ReadFile(generateAndSaveKeyTo) if err != nil {
if err != nil { return nil, fmt.Errorf("failed to save private key: %v", err)
return nil, fmt.Errorf("failed to read private key: %v", err) }
}
key, err = wgtypes.ParseKey(strings.TrimSpace(string(keyData)))
if err != nil {
return nil, fmt.Errorf("failed to parse private key: %v", err)
} }
} }
@@ -632,6 +620,11 @@ func (s *WireGuardService) handleAddPeer(msg websocket.WSMessage) {
return return
} }
if s.device == nil {
logger.Info("WireGuard device is not initialized")
return
}
err = s.addPeerToDevice(peer) err = s.addPeerToDevice(peer)
if err != nil { if err != nil {
logger.Info("Error adding peer: %v", err) logger.Info("Error adding peer: %v", err)
@@ -658,6 +651,11 @@ func (s *WireGuardService) handleRemovePeer(msg websocket.WSMessage) {
return return
} }
if s.device == nil {
logger.Info("WireGuard device is not initialized")
return
}
if err := s.removePeer(request.PublicKey); err != nil { if err := s.removePeer(request.PublicKey); err != nil {
logger.Info("Error removing peer: %v", err) logger.Info("Error removing peer: %v", err)
return return
@@ -711,6 +709,11 @@ func (s *WireGuardService) handleUpdatePeer(msg websocket.WSMessage) {
return return
} }
if s.device == nil {
logger.Info("WireGuard device is not initialized")
return
}
// Build IPC configuration string to update the peer // Build IPC configuration string to update the peer
config := fmt.Sprintf("public_key=%s\nupdate_only=true", fixKey(pubKey.String())) config := fmt.Sprintf("public_key=%s\nupdate_only=true", fixKey(pubKey.String()))
@@ -935,12 +938,9 @@ func (s *WireGuardService) sendUDPHolePunch(serverAddr string) error {
return fmt.Errorf("failed to resolve server hostname") return fmt.Errorf("failed to resolve server hostname")
} }
// Get client IP based on route to server for local binding
clientIP := network.GetClientIP(serverIPAddr.IP)
// Create local UDP address using the same port as WireGuard // Create local UDP address using the same port as WireGuard
localAddr := &net.UDPAddr{ localAddr := &net.UDPAddr{
IP: clientIP, IP: net.IPv4zero,
Port: int(s.Port), Port: int(s.Port),
} }