diff options
Diffstat (limited to 'net/amnezia-tools')
| -rw-r--r-- | net/amnezia-tools/Makefile | 7 | ||||
| -rw-r--r-- | net/amnezia-tools/distinfo | 6 | ||||
| -rw-r--r-- | net/amnezia-tools/files/patch-config.c | 10 | ||||
| -rw-r--r-- | net/amnezia-tools/files/patch-containers.h | 6 | ||||
| -rw-r--r-- | net/amnezia-tools/files/patch-ipc-freebsd.h | 25 | ||||
| -rw-r--r-- | net/amnezia-tools/files/patch-ipc-uapi.h | 4 | ||||
| -rw-r--r-- | net/amnezia-tools/files/patch-man_wg.8 | 56 | ||||
| -rw-r--r-- | net/amnezia-tools/files/patch-set.c | 6 | ||||
| -rw-r--r-- | net/amnezia-tools/files/patch-show.c | 51 | ||||
| -rw-r--r-- | net/amnezia-tools/files/patch-wg-quick_freebsd.bash | 152 |
10 files changed, 251 insertions, 72 deletions
diff --git a/net/amnezia-tools/Makefile b/net/amnezia-tools/Makefile index f48a8948fd1f..0167f3c2172f 100644 --- a/net/amnezia-tools/Makefile +++ b/net/amnezia-tools/Makefile @@ -1,7 +1,6 @@ PORTNAME= amnezia DISTVERSIONPREFIX= v -DISTVERSION= 1.0.20241018 -PORTREVISION= 4 +DISTVERSION= 1.0.20250903 CATEGORIES= net net-vpn PKGNAMESUFFIX= -tools @@ -21,7 +20,9 @@ USE_RC_SUBR= ${PORTNAME} SHEBANG_FILES= wg-quick/freebsd.bash -MAKE_ARGS+= DEBUG=no \ +DEBUG?= no + +MAKE_ARGS+= DEBUG=${DEBUG} \ WITH_BASHCOMPLETION=yes \ WITH_SYSTEMDUNITS=no MAKE_ENV+= MANDIR="${PREFIX}/share/man" \ diff --git a/net/amnezia-tools/distinfo b/net/amnezia-tools/distinfo index 4121ea84aa23..33f5d4d3fc37 100644 --- a/net/amnezia-tools/distinfo +++ b/net/amnezia-tools/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1754646104 -SHA256 (amnezia-vpn-amneziawg-tools-v1.0.20241018_GH0.tar.gz) = 60f1cec1774fb871a2d8dc24e4f731625516d90f663d6e0d2c77d9247222f2f9 -SIZE (amnezia-vpn-amneziawg-tools-v1.0.20241018_GH0.tar.gz) = 156259 +TIMESTAMP = 1761344729 +SHA256 (amnezia-vpn-amneziawg-tools-v1.0.20250903_GH0.tar.gz) = d729a6f54aafcd55b2cbb7324f09ca8f0d2536772970652bf822a271d0c907d7 +SIZE (amnezia-vpn-amneziawg-tools-v1.0.20250903_GH0.tar.gz) = 160214 diff --git a/net/amnezia-tools/files/patch-config.c b/net/amnezia-tools/files/patch-config.c index 68d939b8e675..0b87c28f2ac3 100644 --- a/net/amnezia-tools/files/patch-config.c +++ b/net/amnezia-tools/files/patch-config.c @@ -1,6 +1,6 @@ ---- config.c.orig 2024-10-01 13:02:42 UTC +--- config.c.orig 2025-09-03 14:11:13 UTC +++ config.c -@@ -252,7 +252,7 @@ static inline bool parse_endpoint(struct sockaddr *end +@@ -259,7 +259,7 @@ static inline bool parse_endpoint(struct sockaddr *end * * So this is what we do, except FreeBSD removed EAI_NODATA some time ago, so that's conditional. */ @@ -9,7 +9,7 @@ #ifdef EAI_NODATA ret == EAI_NODATA || #endif -@@ -337,6 +337,20 @@ static bool validate_netmask(struct wgallowedip *allow +@@ -344,6 +344,20 @@ static bool validate_netmask(struct wgallowedip *allow return true; } @@ -30,7 +30,7 @@ static inline bool parse_allowedips(struct wgpeer *peer, struct wgallowedip **last_allowedip, const char *value) { struct wgallowedip *allowedip = *last_allowedip, *new_allowedip; -@@ -353,10 +367,18 @@ static inline bool parse_allowedips(struct wgpeer *pee +@@ -360,10 +374,18 @@ static inline bool parse_allowedips(struct wgpeer *pee } sep = mutable; while ((mask = strsep(&sep, ","))) { @@ -49,7 +49,7 @@ ip = strsep(&mask, "/"); new_allowedip = calloc(1, sizeof(*new_allowedip)); -@@ -387,6 +409,7 @@ static inline bool parse_allowedips(struct wgpeer *pee +@@ -394,6 +416,7 @@ static inline bool parse_allowedips(struct wgpeer *pee else goto err; new_allowedip->cidr = cidr; diff --git a/net/amnezia-tools/files/patch-containers.h b/net/amnezia-tools/files/patch-containers.h index 88563f74058a..233c2465854b 100644 --- a/net/amnezia-tools/files/patch-containers.h +++ b/net/amnezia-tools/files/patch-containers.h @@ -1,6 +1,6 @@ ---- containers.h.orig 2024-10-01 13:02:42 UTC +--- containers.h.orig 2025-09-03 14:11:13 UTC +++ containers.h -@@ -29,6 +29,10 @@ struct timespec64 { +@@ -34,6 +34,10 @@ struct timespec64 { int64_t tv_nsec; }; @@ -11,7 +11,7 @@ struct wgallowedip { uint16_t family; union { -@@ -36,6 +40,7 @@ struct wgallowedip { +@@ -41,6 +45,7 @@ struct wgallowedip { struct in6_addr ip6; }; uint8_t cidr; diff --git a/net/amnezia-tools/files/patch-ipc-freebsd.h b/net/amnezia-tools/files/patch-ipc-freebsd.h index 22255c0bcca3..2737729233b5 100644 --- a/net/amnezia-tools/files/patch-ipc-freebsd.h +++ b/net/amnezia-tools/files/patch-ipc-freebsd.h @@ -1,4 +1,4 @@ ---- ipc-freebsd.h.orig 2024-10-01 13:02:42 UTC +--- ipc-freebsd.h.orig 2025-09-03 14:11:13 UTC +++ ipc-freebsd.h @@ -15,13 +15,13 @@ static int get_dgram_socket(void) { @@ -16,7 +16,28 @@ struct ifg_req *ifg; int s = get_dgram_socket(), ret = 0; -@@ -389,6 +389,8 @@ static int kernel_set_device(struct wgdevice *dev) +@@ -458,15 +458,15 @@ static int kernel_set_device(struct wgdevice *dev) + if (dev->flags & WGDEVICE_HAS_H4) + nvlist_add_binary(nvl_device, "h4", dev->transport_packet_magic_header, strlen(dev->transport_packet_magic_header) + 1); + if (dev->flags & WGDEVICE_HAS_I1) +- nvlist_add_binary(nvl_device, "i1", dev->i1, strlen(dev->i1) + 1); ++ nvlist_add_binary(nvl_device, "i1", dev->i1 ? dev->i1 : "", strlen(dev->i1 ? dev->i1 : "") + 1); + if (dev->flags & WGDEVICE_HAS_I2) +- nvlist_add_binary(nvl_device, "i2", dev->i2, strlen(dev->i2) + 1); ++ nvlist_add_binary(nvl_device, "i2", dev->i2 ? dev->i2 : "", strlen(dev->i2 ? dev->i2 : "") + 1); + if (dev->flags & WGDEVICE_HAS_I3) +- nvlist_add_binary(nvl_device, "i3", dev->i3, strlen(dev->i3) + 1); ++ nvlist_add_binary(nvl_device, "i3", dev->i3 ? dev->i3 : "", strlen(dev->i3 ? dev->i3 : "") + 1); + if (dev->flags & WGDEVICE_HAS_I4) +- nvlist_add_binary(nvl_device, "i4", dev->i4, strlen(dev->i4) + 1); ++ nvlist_add_binary(nvl_device, "i4", dev->i4 ? dev->i4 : "", strlen(dev->i4 ? dev->i4 : "") + 1); + if (dev->flags & WGDEVICE_HAS_I5) +- nvlist_add_binary(nvl_device, "i5", dev->i5, strlen(dev->i5) + 1); ++ nvlist_add_binary(nvl_device, "i5", dev->i5 ? dev->i5 : "", strlen(dev->i5 ? dev->i5 : "") + 1); + if (dev->flags & WGDEVICE_HAS_FWMARK) + nvlist_add_number(nvl_device, "user-cookie", dev->fwmark); + if (dev->flags & WGDEVICE_REPLACE_PEERS) +@@ -502,6 +502,8 @@ static int kernel_set_device(struct wgdevice *dev) nvl_aips[j] = nvlist_create(0); if (!nvl_aips[j]) goto err_peer; diff --git a/net/amnezia-tools/files/patch-ipc-uapi.h b/net/amnezia-tools/files/patch-ipc-uapi.h index 61df9f69e784..cbf4811ca8a7 100644 --- a/net/amnezia-tools/files/patch-ipc-uapi.h +++ b/net/amnezia-tools/files/patch-ipc-uapi.h @@ -1,6 +1,6 @@ ---- ipc-uapi.h.orig 2024-10-01 13:02:42 UTC +--- ipc-uapi.h.orig 2025-09-03 14:11:13 UTC +++ ipc-uapi.h -@@ -111,7 +111,7 @@ static int userspace_set_device(struct wgdevice *dev) +@@ -126,7 +126,7 @@ static int userspace_set_device(struct wgdevice *dev) continue; } else continue; diff --git a/net/amnezia-tools/files/patch-man_wg.8 b/net/amnezia-tools/files/patch-man_wg.8 index 87e018ff2856..5356f8d2069c 100644 --- a/net/amnezia-tools/files/patch-man_wg.8 +++ b/net/amnezia-tools/files/patch-man_wg.8 @@ -1,4 +1,4 @@ ---- man/wg.8.orig 2024-10-01 13:02:42 UTC +--- man/wg.8.orig 2025-09-03 14:11:13 UTC +++ man/wg.8 @@ -1,10 +1,10 @@ -.TH WG 8 "2015 August 13" ZX2C4 "WireGuard" @@ -67,7 +67,7 @@ is optional and is by default off; setting it to 0 or "off" disables it. Otherwise it represents, in seconds, between 1 and 65535 inclusive, how often to send an authenticated empty packet to the peer, for the purpose of keeping -@@ -119,11 +121,52 @@ A private key and a corresponding public key may be ge +@@ -119,11 +121,94 @@ A private key and a corresponding public key may be ge .br $ umask 077 .br @@ -103,25 +103,67 @@ +\fBs1\fP +Size of handshake initiation packet prepend junk. Should be the same on both ends. +.br -+0–1132 (recomended 15–150), s1 + 56 ≠ s2 ++0–1304 (recomended 15–150) + +.TP +\fBs2\fP +Size of handshake response packet prepend junk. Should be the same on both ends. +.br -+0–1188 (recomended 15–150), s1 + 56 ≠ s2 ++0–1360 (recomended 15–150) ++ ++.TP ++\fBs3\fP ++Size of handshake cookie packet prepend junk. Should be the same on both ends. ++.br ++0–1388 (recomended 15–150) ++ ++.TP ++\fBs4\fP ++Size of data transport packet prepend junk. Should be the same on both ends. ++Will effectively decrease maximum possible MTU of interface. ++.br ++0–160 (recomended 15-32) + +.TP +\fBh1-h4\fP +Custom identifiers for initiation/response/cookie/data packets. Should be the same on both ends. +.br -+The unique value in range of 5 - 4,294,967,295 (0x5 - 0xFFFFFFFF), h1 != h2 != h3 != h4 ++Should be either the unique value in range of 5 - 4294967295 (0x5 - 0xFFFFFFFF) ++.br ++Or should be either the range of two such values, via '-', like 2294967295-4294970000, when range is used a random number from the range selected for each packet. ++For range, first value should be less then second. ++.br ++Such ranges or values should not intersect/match each other. ++ ++.TP ++\fBi1-i5\fP ++Pre-crafted custom signature packets to be send before hadshake. May be configured on either side and may be different between sides. ++These packets are being send prior to every handshake, in the same way as Junk packets do. The sending order is i1, i2, i3, i4, i5. If there is no value specified, the packet is skipped. ++.br ++Value is a sequence of tags specified below: + ++.br ++\fB<b 0x[seq]>\fP - static bytes tag. Dumps [seq] as-is to the packet. [seq] is hex-encoded sequence which represents bytes sequence (2 hex numbers per byte) and is always even-sized ++ ++.br ++\fB<r [size]>\fP - random bytes tag. Dumps [size] amount of randomly-generated bytes to the packet ++ ++.br ++\fB<rd [size]>\fP - random digits tag. Dumps [size] amount of randomly-generated bytes from [0-9] set to the packet ++ ++.br ++\fB<rc [size]>\fP - random chars tag. Dumps [size] amount of randomly-generated bytes from [a-zA-Z] set to the packet ++ ++.br ++\fB<t>\fP - timestamp tag. Dumps 4-bytes long current system time in UNIX format ++ ++.br ++\fB<c>\fP - packet counter tag. Dumps 4-bytes long amount of packets sent by AWG + .SH CONFIGURATION FILE FORMAT The configuration file format is based on \fIINI\fP. There are two top level sections -- \fIInterface\fP and \fIPeer\fP. Multiple \fIPeer\fP sections may be specified, but -@@ -224,7 +267,7 @@ on a per-interface basis by using +@@ -224,7 +309,7 @@ on a per-interface basis by using on a per-interface basis by using .BR ifconfig (1): @@ -130,7 +172,7 @@ On userspace implementations, it is customary to set the \fILOG_LEVEL\fP environment variable to \fIverbose\fP. -@@ -240,19 +283,18 @@ If set to an integer or to \fIinfinity\fP, DNS resolut +@@ -240,19 +325,18 @@ If set to an integer or to \fIinfinity\fP, DNS resolut If set to an integer or to \fIinfinity\fP, DNS resolution for each peer's endpoint will be retried that many times for non-permanent errors, with an increasing delay between retries. If unset, the default is 15 retries. .SH SEE ALSO diff --git a/net/amnezia-tools/files/patch-set.c b/net/amnezia-tools/files/patch-set.c index 61e1ec5314d0..060312414f44 100644 --- a/net/amnezia-tools/files/patch-set.c +++ b/net/amnezia-tools/files/patch-set.c @@ -1,11 +1,11 @@ ---- set.c.orig 2024-10-01 13:02:42 UTC +--- set.c.orig 2025-09-03 14:11:13 UTC +++ set.c @@ -18,7 +18,7 @@ int set_main(int argc, const char *argv[]) int ret = 1; if (argc < 3) { -- fprintf(stderr, "Usage: %s %s <interface> [listen-port <port>] [fwmark <mark>] [private-key <file path>] [peer <base64 public key> [remove] [preshared-key <file path>] [endpoint <ip>:<port>] [persistent-keepalive <interval seconds>] [allowed-ips <ip1>/<cidr1>[,<ip2>/<cidr2>] [advanced-security <on|off>]...] ]...\n", PROG_NAME, argv[0]); -+ fprintf(stderr, "Usage: %s %s <interface> [listen-port <port>] [fwmark <mark>] [private-key <file path>] [peer <base64 public key> [remove] [preshared-key <file path>] [endpoint <ip>:<port>] [persistent-keepalive <interval seconds>] [allowed-ips [+|-]<ip1>/<cidr1>[,[+|-]<ip2>/<cidr2>] [advanced-security <on|off>]...] ]...\n", PROG_NAME, argv[0]); +- fprintf(stderr, "Usage: %s %s <interface> [listen-port <port>] [fwmark <mark>] [private-key <file path>] [jc <junk_count>] [jmin <min_value>] [jmax <max_value>] [s1 <init_junk>] [s2 <resp_junk>] [s3 <cookie_junk>] [s4 <trans_junk>] [h1 <init_header>] [h2 <resp_header>] [h3 <cookie_header>] [h4 <transp_header>] [i1 \"<taged_junk>\"] [i2 \"<taged_junk>\"] [i3 \"<taged_junk>\"] [i4 \"<taged_junk>\"] [i5 \"<taged_junk>\"] [peer <base64 public key> [remove] [preshared-key <file path>] [endpoint <ip>:<port>] [persistent-keepalive <interval seconds>] [allowed-ips <ip1>/<cidr1>[,<ip2>/<cidr2>] [advanced-security <on|off>]...] ]...\n", PROG_NAME, argv[0]); ++ fprintf(stderr, "Usage: %s %s <interface> [listen-port <port>] [fwmark <mark>] [private-key <file path>] [jc <junk_count>] [jmin <min_value>] [jmax <max_value>] [s1 <init_junk>] [s2 <resp_junk>] [s3 <cookie_junk>] [s4 <trans_junk>] [h1 <init_header>] [h2 <resp_header>] [h3 <cookie_header>] [h4 <transp_header>] [i1 \"<taged_junk>\"] [i2 \"<taged_junk>\"] [i3 \"<taged_junk>\"] [i4 \"<taged_junk>\"] [i5 \"<taged_junk>\"] [peer <base64 public key> [remove] [preshared-key <file path>] [endpoint <ip>:<port>] [persistent-keepalive <interval seconds>] [allowed-ips [+|-]<ip1>/<cidr1>[,[+|-]<ip2>/<cidr2>] [advanced-security <on|off>]...] ]...\n", PROG_NAME, argv[0]); return 1; } diff --git a/net/amnezia-tools/files/patch-show.c b/net/amnezia-tools/files/patch-show.c new file mode 100644 index 000000000000..fb6f765c71dc --- /dev/null +++ b/net/amnezia-tools/files/patch-show.c @@ -0,0 +1,51 @@ +--- show.c.orig 2025-09-03 14:11:13 UTC ++++ show.c +@@ -401,39 +401,39 @@ static bool ugly_print(struct wgdevice *device, const + } else if (!strcmp(param, "h1")) { + if (with_interface) + printf("%s\t", device->name); +- printf("%s\n", device->init_packet_magic_header); ++ printf("%s\n", device->init_packet_magic_header?:"0"); + } else if (!strcmp(param, "h2")) { + if (with_interface) + printf("%s\t", device->name); +- printf("%s\n", device->response_packet_magic_header); ++ printf("%s\n", device->response_packet_magic_header?:"0"); + } else if (!strcmp(param, "h3")) { + if (with_interface) + printf("%s\t", device->name); +- printf("%s\n", device->underload_packet_magic_header); ++ printf("%s\n", device->underload_packet_magic_header?:"0"); + } else if (!strcmp(param, "h4")) { + if (with_interface) + printf("%s\t", device->name); +- printf("%s\n", device->transport_packet_magic_header); ++ printf("%s\n", device->transport_packet_magic_header?:"0"); + } else if (!strcmp(param, "i1")) { + if (with_interface) + printf("%s\t", device->name); +- printf("%s\n", device->i1); ++ printf("%s\n", device->i1?:""); + } else if (!strcmp(param, "i2")) { + if (with_interface) + printf("%s\t", device->name); +- printf("%s\n", device->i2); ++ printf("%s\n", device->i2?:""); + } else if (!strcmp(param, "i3")) { + if (with_interface) + printf("%s\t", device->name); +- printf("%s\n", device->i3); ++ printf("%s\n", device->i3?:""); + } else if (!strcmp(param, "i4")) { + if (with_interface) + printf("%s\t", device->name); +- printf("%s\n", device->i4); ++ printf("%s\n", device->i4?:""); + } else if (!strcmp(param, "i5")) { + if (with_interface) + printf("%s\t", device->name); +- printf("%s\n", device->i5); ++ printf("%s\n", device->i5?:""); + } else if (!strcmp(param, "endpoints")) { + for_each_wgpeer(device, peer) { + if (with_interface) diff --git a/net/amnezia-tools/files/patch-wg-quick_freebsd.bash b/net/amnezia-tools/files/patch-wg-quick_freebsd.bash index e4f2cfe40c0a..cc582319c260 100644 --- a/net/amnezia-tools/files/patch-wg-quick_freebsd.bash +++ b/net/amnezia-tools/files/patch-wg-quick_freebsd.bash @@ -1,6 +1,6 @@ ---- wg-quick/freebsd.bash.orig 2025-12-03 19:32:16 UTC +--- wg-quick/freebsd.bash.orig 2025-12-12 22:28:42 UTC +++ wg-quick/freebsd.bash -@@ -25,11 +25,20 @@ CONFIG_FILE="" +@@ -25,11 +25,18 @@ CONFIG_FILE="" POST_DOWN=( ) SAVE_CONFIG=0 CONFIG_FILE="" @@ -11,17 +11,15 @@ PROGRAM="${0##*/}" ARGS=( "$@" ) - IS_ASESCURITY_ON=0 + IS_AWG_ON=0 -+ +declare -A ROUTES +declare -A ENDPOINTS_MAP + -+ cmd() { echo "[#] $*" >&3 "$@" -@@ -40,7 +49,7 @@ die() { +@@ -40,7 +47,7 @@ die() { exit 1 } @@ -30,7 +28,7 @@ unset ORIGINAL_TMPDIR make_temp() { -@@ -64,7 +73,7 @@ parse_options() { +@@ -64,7 +71,7 @@ parse_options() { } parse_options() { @@ -39,7 +37,7 @@ CONFIG_FILE="$1" if [[ $CONFIG_FILE =~ ^[a-zA-Z0-9_=+.-]{1,15}$ ]]; then for path in "${CONFIG_SEARCH_PATHS[@]}"; do -@@ -82,7 +91,7 @@ parse_options() { +@@ -82,7 +89,7 @@ parse_options() { stripped="${line%%\#*}" key="${stripped%%=*}"; key="${key##*([[:space:]])}"; key="${key%%*([[:space:]])}" value="${stripped#*=}"; value="${value##*([[:space:]])}"; value="${value%%*([[:space:]])}" @@ -48,7 +46,7 @@ [[ $key == "[Interface]" ]] && interface_section=1 if [[ $interface_section -eq 1 ]]; then case "$key" in -@@ -96,9 +105,14 @@ parse_options() { +@@ -96,9 +103,14 @@ parse_options() { PreDown) PRE_DOWN+=( "$value" ); continue ;; PostUp) POST_UP+=( "$value" ); continue ;; PostDown) POST_DOWN+=( "$value" ); continue ;; @@ -63,9 +61,9 @@ Jc);& Jmin);& Jmax);& -@@ -109,6 +123,17 @@ parse_options() { - H3);& - H4) IS_ASESCURITY_ON=1;; +@@ -116,6 +128,17 @@ parse_options() { + I4);& + I5) IS_AWG_ON=1;; esac + else + case "$key" in @@ -81,44 +79,105 @@ fi WG_CONFIG+="$line"$'\n' done < "$CONFIG_FILE" -@@ -129,19 +154,22 @@ add_if() { +@@ -136,20 +159,24 @@ add_if() { add_if() { local ret rc - local cmd="ifconfig wg create name "$INTERFACE"" -- if [[ $IS_ASESCURITY_ON == 1 ]]; then -+ local cmd="ifconfig amn create name "$INTERFACE"" -+ if [[ $USERLAND == 1 ]]; then - cmd="amneziawg-go "$INTERFACE""; - fi +- if [[ $IS_AWG_ON == 1 ]]; then +- cmd="amneziawg-go "$INTERFACE""; +- fi - if ret="$(cmd $cmd 2>&1 >/dev/null)"; then - return 0 -+ if [ -n "$DESCRIPTION" ]; then -+ ret="$(cmd $cmd description "$DESCRIPTION" 2>&1 >/dev/null)" && return 0 -+ else -+ -+ ret="$(cmd $cmd 2>&1 >/dev/null)" && return 0 - fi - rc=$? - if [[ $ret == *"ifconfig: ioctl SIOCSIFNAME (set name): File exists"* ]]; then - echo "$ret" >&3 - return $rc - fi +- fi +- rc=$? +- if [[ $ret == *"ifconfig: ioctl SIOCSIFNAME (set name): File exists"* ]]; then +- echo "$ret" >&3 +- return $rc +- fi - echo "[!] Missing WireGuard kernel support ($ret). Falling back to slow userspace implementation." >&3 ++ local cmd="ifconfig amn create name "$INTERFACE"" ++ if [[ $USERLAND == 0 ]]; then ++ if [ -n "$DESCRIPTION" ]; then ++ ret="$(cmd $cmd description "$DESCRIPTION" 2>&1 >/dev/null)" && return 0 ++ else ++ ret="$(cmd $cmd 2>&1 >/dev/null)" && return 0 ++ fi ++ rc=$? ++ if [[ $ret == *"ifconfig: ioctl SIOCSIFNAME (set name): File exists"* ]]; then ++ echo "$ret" >&3 ++ return $rc ++ fi ++ fi + echo "[!] Missing Amnezia kernel support ($ret). Falling back to slow userspace implementation." >&3 cmd "${WG_QUICK_USERSPACE_IMPLEMENTATION:-amneziawg-go}" "$INTERFACE" ++ if [ -n "$DESCRIPTION" ]; then ++ cmd ifconfig $INTERFACE description "$DESCRIPTION" ++ fi + } + + del_routes() { +@@ -181,9 +208,9 @@ del_if() { + if [[ -S /var/run/amneziawg/$INTERFACE.sock ]]; then + cmd rm -f "/var/run/amneziawg/$INTERFACE.sock" + else +- cmd ifconfig "$INTERFACE" destroy ++ cmd ifconfig -n "$INTERFACE" destroy + fi +- while ifconfig "$INTERFACE" >/dev/null 2>&1; do ++ while ifconfig -n "$INTERFACE" >/dev/null 2>&1; do + # HACK: it would be nice to `route monitor` here and wait for RTM_IFANNOUNCE + # but it turns out that the announcement is made before the interface + # disappears so we sometimes get a hang. So, we're instead left with polling +@@ -193,21 +220,21 @@ up_if() { } -@@ -209,7 +237,7 @@ set_mtu() { + up_if() { +- cmd ifconfig "$INTERFACE" up ++ cmd ifconfig -n "$INTERFACE" up + } + + add_addr() { + if [[ $1 == *:* ]]; then +- cmd ifconfig "$INTERFACE" inet6 "$1" alias ++ cmd ifconfig -n "$INTERFACE" inet6 "$1" alias + else +- cmd ifconfig "$INTERFACE" inet "$1" alias ++ cmd ifconfig -n "$INTERFACE" inet "$1" alias + fi + } + + set_mtu() { + local mtu=0 endpoint output family + if [[ -n $MTU ]]; then +- cmd ifconfig "$INTERFACE" mtu "$MTU" ++ cmd ifconfig -n "$INTERFACE" mtu "$MTU" + return + fi + while read -r _ endpoint; do +@@ -215,14 +242,16 @@ set_mtu() { + family=inet [[ ${BASH_REMATCH[1]} == *:* ]] && family=inet6 output="$(route -n get "-$family" "${BASH_REMATCH[1]}" || true)" - [[ $output =~ interface:\ ([^ ]+)$'\n' && $(ifconfig "${BASH_REMATCH[1]}") =~ mtu\ ([0-9]+) && ${BASH_REMATCH[1]} -gt $mtu ]] && mtu="${BASH_REMATCH[1]}" +- [[ $output =~ interface:\ ([^ ]+)$'\n' && $(ifconfig "${BASH_REMATCH[1]}") =~ mtu\ ([0-9]+) && ${BASH_REMATCH[1]} -gt $mtu ]] && mtu="${BASH_REMATCH[1]}" - done < <(wg show "$INTERFACE" endpoints) ++ [[ $output =~ interface:\ ([^ ]+)$'\n' && $(ifconfig -n "${BASH_REMATCH[1]}") =~ mtu\ ([0-9]+) && ${BASH_REMATCH[1]} -gt $mtu ]] && mtu="${BASH_REMATCH[1]}" + done < <(awg show "$INTERFACE" endpoints) if [[ $mtu -eq 0 ]]; then read -r output < <(route -n get default || true) || true - [[ $output =~ interface:\ ([^ ]+)$'\n' && $(ifconfig "${BASH_REMATCH[1]}") =~ mtu\ ([0-9]+) && ${BASH_REMATCH[1]} -gt $mtu ]] && mtu="${BASH_REMATCH[1]}" -@@ -242,7 +270,7 @@ collect_endpoints() { +- [[ $output =~ interface:\ ([^ ]+)$'\n' && $(ifconfig "${BASH_REMATCH[1]}") =~ mtu\ ([0-9]+) && ${BASH_REMATCH[1]} -gt $mtu ]] && mtu="${BASH_REMATCH[1]}" ++ [[ $output =~ interface:\ ([^ ]+)$'\n' && $(ifconfig -n "${BASH_REMATCH[1]}") =~ mtu\ ([0-9]+) && ${BASH_REMATCH[1]} -gt $mtu ]] && mtu="${BASH_REMATCH[1]}" + fi +- [[ $mtu -gt 0 ]] || mtu=1500 +- cmd ifconfig "$INTERFACE" mtu $(( mtu - 80 )) ++ if [[ $mtu -gt 0 && $mtu -lt 1420 ]]; then ++ # setup MTU only if discovered MTU is less then default ++ cmd ifconfig -n "$INTERFACE" mtu $(( mtu - 80 )) || true ++ fi + } + + +@@ -249,7 +278,7 @@ collect_endpoints() { while read -r _ endpoint; do [[ $endpoint =~ ^\[?([a-z0-9:.]+)\]?:[0-9]+$ ]] || continue ENDPOINTS+=( "${BASH_REMATCH[1]}" ) @@ -127,7 +186,7 @@ } set_endpoint_direct_route() { -@@ -297,18 +325,25 @@ monitor_daemon() { +@@ -304,25 +333,108 @@ monitor_daemon() { } monitor_daemon() { @@ -153,10 +212,11 @@ # endpoints change. while read -u 19 -r event; do - [[ $event == RTM_* ]] || continue - ifconfig "$INTERFACE" >/dev/null 2>&1 || break +- ifconfig "$INTERFACE" >/dev/null 2>&1 || break ++ ifconfig -n "$INTERFACE" >/dev/null 2>&1 || break [[ $AUTO_ROUTE4 -eq 1 || $AUTO_ROUTE6 -eq 1 ]] && set_endpoint_direct_route # TODO: set the mtu as well, but only if up -@@ -316,6 +351,82 @@ monitor_daemon() { + done kill $pid) & disown } @@ -239,7 +299,7 @@ HAVE_SET_DNS=0 set_dns() { [[ ${#DNS[@]} -gt 0 ]] || return 0 -@@ -354,7 +465,7 @@ set_config() { +@@ -361,7 +473,7 @@ set_config() { } set_config() { @@ -248,7 +308,7 @@ } save_config() { -@@ -386,7 +497,7 @@ save_config() { +@@ -393,7 +505,7 @@ save_config() { done old_umask="$(umask)" umask 077 @@ -257,7 +317,7 @@ trap 'rm -f "$CONFIG_FILE.tmp"; clean_temp; exit' INT TERM EXIT echo "${current_config/\[Interface\]$'\n'/$new_config}" > "$CONFIG_FILE.tmp" || die "Could not write configuration file" sync "$CONFIG_FILE.tmp" -@@ -412,7 +523,7 @@ cmd_usage() { +@@ -419,7 +531,7 @@ cmd_usage() { followed by \`.conf'. Otherwise, INTERFACE is an interface name, with configuration found at: ${CONFIG_SEARCH_PATHS[@]/%//INTERFACE.conf}. @@ -266,7 +326,7 @@ of the following additions to the [Interface] section, which are handled by $PROGRAM: -@@ -429,10 +540,24 @@ cmd_usage() { +@@ -436,13 +548,27 @@ cmd_usage() { - SaveConfig: if set to \`true', the configuration is saved from the current state of the interface upon shutdown. @@ -291,8 +351,12 @@ + cmd_up() { local i - [[ -z $(ifconfig "$INTERFACE" 2>/dev/null) ]] || die "\`$INTERFACE' already exists" -@@ -446,26 +571,31 @@ cmd_up() { +- [[ -z $(ifconfig "$INTERFACE" 2>/dev/null) ]] || die "\`$INTERFACE' already exists" ++ [[ -z $(ifconfig -n "$INTERFACE" 2>/dev/null) ]] || die "\`$INTERFACE' already exists" + trap 'del_if; del_routes; clean_temp; exit' INT TERM EXIT + add_if + execute_hooks "${PRE_UP[@]}" +@@ -453,26 +579,31 @@ cmd_up() { set_mtu up_if set_dns @@ -328,7 +392,7 @@ save_config } -@@ -473,6 +603,10 @@ cmd_strip() { +@@ -480,6 +611,10 @@ cmd_strip() { echo "$WG_CONFIG" } @@ -339,7 +403,7 @@ # ~~ function override insertion point ~~ make_temp -@@ -496,6 +630,18 @@ elif [[ $# -eq 2 && $1 == strip ]]; then +@@ -503,6 +638,18 @@ elif [[ $# -eq 2 && $1 == strip ]]; then auto_su parse_options "$2" cmd_strip |