/
helper_linux.go
119 lines (98 loc) · 2.92 KB
/
helper_linux.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
package helper
import (
"context"
"fmt"
"os/exec"
"strings"
"github.com/nais/device/internal/pb"
)
var wireguardBinary = ""
func New(helperConfig Config) *LinuxConfigurator {
return &LinuxConfigurator{
helperConfig: helperConfig,
}
}
type LinuxConfigurator struct {
helperConfig Config
}
var _ OSConfigurator = &LinuxConfigurator{}
func (c *LinuxConfigurator) Prerequisites() error {
var err error
wireguardBinary, err = exec.LookPath("wg")
if err != nil {
return fmt.Errorf("unable to find wg binary: %w", err)
}
if wireguardBinary == "" {
return fmt.Errorf("wg path is empty string")
}
return nil
}
func (c *LinuxConfigurator) SyncConf(ctx context.Context, cfg *pb.Configuration) error {
cmd := exec.CommandContext(
ctx,
wireguardBinary,
"syncconf",
c.helperConfig.Interface,
c.helperConfig.WireGuardConfigPath,
)
if b, err := cmd.CombinedOutput(); err != nil {
return fmt.Errorf("running syncconf: %w: %v", err, string(b))
}
return nil
}
func (c *LinuxConfigurator) SetupRoutes(ctx context.Context, gateways []*pb.Gateway) error {
for _, gw := range gateways {
// For Linux we can handle ipv4/6 addreses the same - the `ip` utility handles this for us
for _, cidr := range append(gw.GetRoutesIPv4(), gw.GetRoutesIPv6()...) {
if strings.HasPrefix(cidr, TunnelNetworkPrefix) {
// Don't add routes for the tunnel network, as the whole /21 net is already routed to utun
continue
}
cidr = strings.TrimSpace(cidr)
cmd := exec.CommandContext(
ctx,
"ip",
"route",
"add",
cidr,
"dev",
c.helperConfig.Interface,
)
output, err := cmd.CombinedOutput()
if exitErr, ok := err.(*exec.ExitError); ok {
if exitErr.ExitCode() == 2 && strings.Contains(string(output), "File exists") {
continue
}
return fmt.Errorf("executing %v: %w, stderr: %s", cmd, exitErr, string(output))
}
}
}
return nil
}
func (c *LinuxConfigurator) SetupInterface(ctx context.Context, cfg *pb.Configuration) error {
if c.interfaceExists(ctx) {
return nil
}
commands := [][]string{
{"ip", "link", "add", "dev", c.helperConfig.Interface, "type", "wireguard"},
{"ip", "link", "set", "mtu", "1360", "up", "dev", c.helperConfig.Interface},
{"ip", "address", "add", "dev", c.helperConfig.Interface, cfg.DeviceIPv4 + "/21"},
{"ip", "address", "add", "dev", c.helperConfig.Interface, cfg.DeviceIPv6 + "/64"},
}
return runCommands(ctx, commands)
}
func (c *LinuxConfigurator) TeardownInterface(ctx context.Context) error {
if !c.interfaceExists(ctx) {
return nil
}
cmd := exec.CommandContext(ctx, "ip", "link", "del", c.helperConfig.Interface)
out, err := cmd.CombinedOutput()
if err != nil {
return fmt.Errorf("teardown failed: %w, stderr: %s", err, string(out))
}
return nil
}
func (c *LinuxConfigurator) interfaceExists(ctx context.Context) bool {
cmd := exec.CommandContext(ctx, "ip", "link", "show", "dev", c.helperConfig.Interface)
return cmd.Run() == nil
}