Enable wgctrl to control wireguard interface created on gvisor's netstack.

WireGuard / wgctrl-go

Package wgctrl enables control of WireGuard interfaces on multiple platforms.

https://godoc.org/golang.zx2c4.com/wireguard/wgctrl

MIT License

727 stars 85 forks source link

Enable wgctrl to control wireguard interface created on gvisor's netstack. #129

Open ntnj opened 1 year ago

ntnj commented 1 year ago

I'm creating a wireguard interface using the netstack package. I'm able to use the text based protocol to configure the device using device.IpcSet.

But wgctrl-go is unable to see the interface created in gvisor stack, and I don't see any customization in public API to use custom Dial functions needed by gvisor.

stv0g commented 9 months ago

I am not sure if I understand your issue. wgctrl-go uses a unix domain socket for configuring userspace devices. You only need to ensure that you open a socket in the correct location.

See: https://github.com/WireGuard/wgctrl-go/blob/925a1e7659e675c94c1a659d39daa9141e450c7d/internal/wguser/conn_unix.go#L20-L26

ntnj commented 9 months ago

Wireguard on netstack does not run in "userspace" as a userspace wireguard implementation. gvisor's netstack has its own IP stack implemented in userspace on top of which wireguard runs, so there is no unix domain socket to connect to.

gvisor implements linux syscalls in userspace and is written in go. Wireguard-go supports it (https://pkg.go.dev/golang.zx2c4.com/wireguard/tun/netstack)

I don't remember the context on what I specifically wanted in this issue though.