switch to boringtun

.drone.yml

@@ -19,15 +19,15 @@ steps:
    image: alpine/git
    commands:
     - git submodule update --recursive --remote --init    
- - name: wireguard-go
+ - name: boringtun
    image: plugins/docker
    settings:
     repo: repo.shimun.net/shimun/wireguard-user
-    tag: build-wireguard-go
+    tag: build-boringtun
     registry: repo.shimun.net
-    cache_from: ["repo.shimun.net/shimun/wireguard-user:build-wireguard-go", "repo.shimun.net/shimun/wireguard-user:build-event-gen"]
+    cache_from: ["repo.shimun.net/shimun/wireguard-user:build-boringtun", "repo.shimun.net/shimun/wireguard-user:build-event-gen"]
     storage_path: "/drone/docker"
-    target: build
+    target: boringbuild
     username:
      from_secret: docker_username
     password:
@@ -37,7 +37,7 @@ steps:
    settings:
     repo: repo.shimun.net/shimun/wireguard-user
     registry: repo.shimun.net
-    cache_from: ["repo.shimun.net/shimun/wireguard-user:build-wireguard-go", "repo.shimun.net/shimun/wireguard-user:build-event-gen", "repo.shimun.net/shimun/wireguard-user"]
+    cache_from: ["repo.shimun.net/shimun/wireguard-user:build-boringtun", "repo.shimun.net/shimun/wireguard-user:build-event-gen", "repo.shimun.net/shimun/wireguard-user"]
     storage_path: "/drone/docker"
     username:
      from_secret: docker_username

.gitmodules

@@ -1,3 +1,3 @@
-[submodule "wireguard-go"]
+[submodule "boringtun"]
-	path = wireguard-go
+	path = boringtun
-	url = https://git.zx2c4.com/wireguard-go
+	url = https://github.com/cloudflare/boringtun.git

Dockerfile

@@ -1,11 +1,13 @@
-FROM rust:1.32-slim AS eventbuild
+FROM rust:1.33-slim AS rustbuild
+
+FROM rustbuild AS eventbuild
 
 WORKDIR /build
 
-COPY wg-event-gen/Cargo.* /build/
-
 RUN rustup target add x86_64-unknown-linux-musl
 
+COPY wg-event-gen/Cargo.* /build/
+
 RUN mkdir -p src && echo "fn main() {}" > src/main.rs && cargo build --release --target x86_64-unknown-linux-musl
 
 COPY wg-event-gen/ /build
@@ -18,15 +20,20 @@ COPY --from=eventbuild /build/target/x86_64-unknown-linux-musl/debug/wg-event-ge
 
 RUN echo "d41d8cd98f00b204e9800998ecf8427e  -" > test.md5 && wg-event-gen | md5sum -c test.md5
 
-FROM golang AS build
+FROM rustbuild AS boringbuild
 
-COPY wireguard-go /go/src/wireguard
+WORKDIR /build
 
-WORKDIR /go/src/wireguard
+RUN rustup target add x86_64-unknown-linux-musl
 
-RUN echo "package main" > ./donotuseon_linux.go && go get
+COPY boringtun/Cargo.* /build/
+
+RUN mkdir -p src && echo "fn main() {}" > src/main.rs && touch src/lib.rs && cargo build --release #--target x86_64-unknown-linux-musl #Ring won't compile https://github.com/briansmith/ring/issues/713
+
+COPY boringtun/ /build
+
+RUN cargo build --release #--target x86_64-unknown-linux-musl
 
-RUN go build
 
 FROM frolvlad/alpine-glibc
 
@@ -34,13 +41,13 @@ RUN echo http://nl.alpinelinux.org/alpine/edge/testing >> /etc/apk/repositories
 
 ENV WG_I_PREFER_BUGGY_USERSPACE_TO_POLISHED_KMOD=1
 
-COPY --from=build /go/bin/wireguard /usr/bin/wireguard-go
-
 COPY --from=eventbuild /build/target/x86_64-unknown-linux-musl/debug/wg-event-gen /usr/bin/
 
+COPY --from=boringbuild /build/target/release/boringtun /usr/bin/
+
 COPY init.sh /init.sh
 
-RUN chmod +x /init.sh
+RUN chmod +x /init.sh && echo 'alias nload="nload ${WG_INTERFACE:-wg0}"' >> /root/.bashrc
 
 VOLUME /etc/wireguard/
 

init.sh

@@ -27,7 +27,7 @@ function setup_iptables() {
  iptables -t nat -$1 POSTROUTING -s $ADDRESS -o $PHY_IF -j MASQUERADE;
 }
 
-/usr/bin/wireguard-go $WG_IF
+/usr/bin/boringtun $WG_IF
 
 if [ ! -f "/etc/wireguard/$WG_IF.conf" ]; then
  mkdir -p /etc/wireguard/keys

wg-event-gen/Cargo.toml

@@ -16,4 +16,6 @@ lto = true
 
 [features]
 
+default = ["addrem"]
+
 addrem = []

wg-event-gen/src/gen.rs

@@ -1,15 +1,7 @@
 use crate::listener::*;
 use crate::*;
 use std::collections::{HashMap, HashSet};
-use std::env;
+use std::time;
-use std::fmt;
-use std::io::prelude::*;
-use std::io::{BufRead, BufReader, Error, ErrorKind, Result};
-use std::net::SocketAddr;
-use std::os::unix::net::UnixStream;
-use std::path::PathBuf;
-use std::rc::Rc;
-use std::{thread, time};
 
 pub(crate) fn gen_events(
     state: &HashMap<String, Peer>,
@@ -115,7 +107,7 @@ mod test {
                 .push(format!("rem {}", peer.public_key));
         }
 
-        fn roaming<'a>(&self, peer: &'a Peer, previous_addr: SocketAddr) {
+        fn roaming<'a>(&self, peer: &'a Peer, _previous_addr: SocketAddr) {
             self.calls
                 .borrow_mut()
                 .push(format!("rom {}", peer.public_key));
@@ -227,7 +219,7 @@ mod test {
 
         calls.borrow_mut().clear();
 
-        let mut peer_prev = peer.clone();
+        let peer_prev = peer.clone();
 
         peer_cur.last_handshake = Some(time::Duration::from_secs(5));
 

wg-event-gen/src/listener.rs

@@ -84,7 +84,7 @@ impl ScriptListener {
         ScriptListener { script }
     }
 
-    fn peer_props<'a>(&self,peer: &'a Peer) -> String {
+    fn peer_props<'a>(&self, peer: &'a Peer) -> String {
         format!(
             "{id} {allowed_ips} {endpoint} {last_handshake} {persistent_keepalive} {traffic}",
             id = peer.public_key,

wg-event-gen/src/main.rs

@@ -5,8 +5,7 @@ mod gen;
 mod listener;
 mod opts;
 
-use crate::gen::*;
+use listener::*;
-use crate::listener::*;
 
 use base64;
 use hex;
@@ -19,6 +18,7 @@ use std::io::{BufRead, BufReader, Error, ErrorKind, Result};
 use std::net::{IpAddr, SocketAddr};
 use std::os::unix::net::UnixStream;
 use std::path::PathBuf;
+use std::process::exit;
 use std::thread;
 use std::time::Duration;
 use structopt::StructOpt;
@@ -139,35 +139,9 @@ impl State {
             .next()
     }
 
-    pub fn addr(&self) -> Option<SocketAddr> {
-        self.kv()
-            .iter()
-            .filter(|(key, _)| key == &"endpoint")
-            .map(|(_, value)| value.parse::<SocketAddr>().unwrap())
-            .next()
-    }
-
-    pub fn last_handshake(&self) -> Option<u64> {
-        self.kv()
-            .iter()
-            .filter(|(key, _)| key == &"last_handshake_time_nsec")
-            .map(|(_, value)| value.parse::<u64>().unwrap())
-            .next()
-    }
-
     pub fn push(&mut self, key: String, value: String) {
         self.kv_mut().push((key, value));
     }
-
-    pub fn delta(&self, other: Self) -> Vec<KV> {
-        let kv = self.kv();
-        other
-            .kv()
-            .iter()
-            .filter(|pair| !kv.contains(pair))
-            .map(|p| p.clone())
-            .collect::<Vec<KV>>()
-    }
 }
 
 impl fmt::Display for State {
@@ -202,10 +176,13 @@ impl Socket {
             let key = iter.by_ref().take_while(|c| c != &'=').collect::<String>();
             let value = iter.collect::<String>();
             match key.as_ref() {
-                "errno" if value != "0" => Err(Error::new(
+                "errno" if value != "0" => {
-                    ErrorKind::Other,
+                    Err(Error::new(
-                    format!("Socket said error: {}", value),
+                        ErrorKind::Other,
-                ))?,
+                        format!("Socket said error: {}", value),
+                    ))?;
+                    break;
+                }
                 "public_key" | "private_key" => {
                     state.push(cur);
                     cur = if key == "private_key" {
@@ -266,6 +243,9 @@ fn main() {
             Ok(state) => state,
             Err(err) => {
                 eprintln!("Failed to read from socket: {}", err);
+                if !opts.ignore_socket_errors {
+                    exit(1);
+                }
                 continue;
             }
         };

wg-event-gen/src/opts.rs

@@ -4,15 +4,33 @@ use structopt::StructOpt;
 #[derive(StructOpt, Debug)]
 #[structopt(name = "event-gen")]
 pub struct Opts {
-    #[structopt(short = "t", long = "timeout", default_value = "120", env = "WG_EVENT_TIMEOUT")]
+    #[structopt(
+        short = "t",
+        long = "timeout",
+        default_value = "120",
+        env = "WG_EVENT_TIMEOUT"
+    )]
     pub timeout: u64,
 
-    #[structopt(short = "p", long = "poll-interval", default_value = "3000", env = "WG_EVENT_INTERVAL")]
+    #[structopt(
+        short = "p",
+        long = "poll-interval",
+        default_value = "3000",
+        env = "WG_EVENT_INTERVAL"
+    )]
     pub poll: u64,
 
-    #[structopt(short = "e", long = "event-handler", parse(from_os_str), env = "WG_EVENT_HANDLER")]
+    #[structopt(
+        short = "e",
+        long = "event-handler",
+        parse(from_os_str),
+        env = "WG_EVENT_HANDLER"
+    )]
     pub events: Option<PathBuf>,
 
+    #[structopt(short = "I", long = "ignore-socket-err", env = "WG_IGNORE_SOCKET_ERR")]
+    pub ignore_socket_errors: bool,
+
     #[structopt(name = "SOCKET", parse(from_os_str), env = "WG_EVENT_SOCKET")]
     pub socket: PathBuf,
 }