Compare commits
No commits in common. "main" and "0.1" have entirely different histories.
@ -24,8 +24,6 @@ The program will convert IPv4-only wireguard-interfaces to IPv6. It converts and
|
|||||||
|
|
||||||
IPv6-Adresses are generated based on the IPv4-Adress.
|
IPv6-Adresses are generated based on the IPv4-Adress.
|
||||||
|
|
||||||
If not filtered out, then default routes (0.0.0.0/0) are handled specially and are converted to the IPv6 default route (::/0).
|
|
||||||
|
|
||||||
Beware: This program needs `NET_ADMIN` privileges for setting Adresses and to access the wireguard-daemon.
|
Beware: This program needs `NET_ADMIN` privileges for setting Adresses and to access the wireguard-daemon.
|
||||||
|
|
||||||
<br>
|
<br>
|
||||||
@ -53,8 +51,7 @@ Variable|Description|Default
|
|||||||
-|-|-
|
-|-|-
|
||||||
`INTERFACE`* | Wireguard-Interface Name |
|
`INTERFACE`* | Wireguard-Interface Name |
|
||||||
`IPV6_FORMAT` | Format to use for converting v4 to v6 <br> The CIDR-Mask gets translated using 128 - 24 - Mask <br> e.g. `10.0.100.5/16` -> `fc12::0a00:6405/96` | `fc12::%02x%02x:%02x%02x/%d`
|
`IPV6_FORMAT` | Format to use for converting v4 to v6 <br> The CIDR-Mask gets translated using 128 - 24 - Mask <br> e.g. `10.0.100.5/16` -> `fc12::0a00:6405/96` | `fc12::%02x%02x:%02x%02x/%d`
|
||||||
`FILTER_PREFIX` | Prefix to filter for IP-Networks | `100.100`
|
`RECHECK_INTERVAL` | Interval in seconds to recheck AllowedIPs entries in case something changed | 300
|
||||||
`RECHECK_INTERVAL` | Interval in go-time-format to recheck AllowedIPs entries in case something changed | 5m
|
|
||||||
|
|
||||||
*\* Required*
|
*\* Required*
|
||||||
|
|
||||||
@ -84,7 +81,7 @@ Restart=always
|
|||||||
RestartSec=30
|
RestartSec=30
|
||||||
|
|
||||||
Environment="INTERFACE=wt0"
|
Environment="INTERFACE=wt0"
|
||||||
Environment="RECHECK_INTERVAL=60s"
|
Environment="RECHECK_INTERVAL=60"
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
|||||||
@ -1,13 +0,0 @@
|
|||||||
# ---- Build ----
|
|
||||||
FROM golang:1.19-alpine AS build
|
|
||||||
WORKDIR /build
|
|
||||||
# Copy sources
|
|
||||||
ADD . .
|
|
||||||
# Get dependencies
|
|
||||||
RUN go get ./cmd/app
|
|
||||||
# Compile
|
|
||||||
RUN CGO_ENABLED=0 go build -a -o app ./cmd/app
|
|
||||||
|
|
||||||
# ---- Output ----
|
|
||||||
FROM scratch AS export-stage
|
|
||||||
COPY --from=build /build/app .
|
|
||||||
@ -1,9 +0,0 @@
|
|||||||
PLATFORM="linux/amd64,linux/arm64/v8,linux/arm/v7"
|
|
||||||
EXTRA_ARGS="$@"
|
|
||||||
|
|
||||||
docker buildx build \
|
|
||||||
--platform $PLATFORM \
|
|
||||||
-f $(dirname $0)/Dockerfile \
|
|
||||||
--output out \
|
|
||||||
$EXTRA_ARGS \
|
|
||||||
.
|
|
||||||
@ -1,7 +0,0 @@
|
|||||||
EXTRA_ARGS="$@"
|
|
||||||
|
|
||||||
docker build \
|
|
||||||
-f $(dirname $0)/Dockerfile \
|
|
||||||
--output out \
|
|
||||||
$EXTRA_ARGS \
|
|
||||||
.
|
|
||||||
241
cmd/app/main.go
241
cmd/app/main.go
@ -4,10 +4,11 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
"os"
|
"os"
|
||||||
|
"strconv"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
envChecks "git.ruekov.eu/ruakij/routingtabletowg/lib/environmentchecks"
|
envChecks "git.ruekov.eu/ruakij/routingtabletowg/lib/environmentchecks"
|
||||||
"git.ruekov.eu/ruakij/routingtabletowg/lib/wgchecks/netchecks"
|
"git.ruekov.eu/ruakij/routingtabletowg/lib/wgchecks/netchecks"
|
||||||
|
|
||||||
"github.com/vishvananda/netlink"
|
"github.com/vishvananda/netlink"
|
||||||
"golang.zx2c4.com/wireguard/wgctrl"
|
"golang.zx2c4.com/wireguard/wgctrl"
|
||||||
@ -17,162 +18,142 @@ import (
|
|||||||
var envRequired = []string{
|
var envRequired = []string{
|
||||||
"INTERFACE",
|
"INTERFACE",
|
||||||
}
|
}
|
||||||
|
|
||||||
var envDefaults = map[string]string{
|
var envDefaults = map[string]string{
|
||||||
"IPV6_FORMAT": "fc12::%02x%02x:%02x%02x/%d",
|
"IPV6_FORMAT": "fc12::%02x%02x:%02x%02x/%d",
|
||||||
"FILTER_PREFIX": "100.100",
|
"FILTER_PREFIX": "100.100",
|
||||||
"RECHECK_INTERVAL": "5m",
|
"RECHECK_INTERVAL": "300",
|
||||||
}
|
}
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
// Environment-vars
|
// Environment-vars
|
||||||
err := envChecks.HandleRequired(envRequired)
|
err := envChecks.HandleRequired(envRequired)
|
||||||
if err != nil {
|
if(err != nil){
|
||||||
logger.Error.Fatal(err)
|
logger.Error.Fatal(err)
|
||||||
}
|
}
|
||||||
envChecks.HandleDefaults(envDefaults)
|
envChecks.HandleDefaults(envDefaults)
|
||||||
|
|
||||||
// Get the network interface object
|
// Get the network interface object
|
||||||
iface := os.Getenv("INTERFACE")
|
iface := os.Getenv("INTERFACE")
|
||||||
netInterface, err := netlink.LinkByName(iface)
|
netInterface, err := netlink.LinkByName(iface)
|
||||||
|
if err != nil {
|
||||||
|
logger.Error.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
ipv6Format := os.Getenv("IPV6_FORMAT")
|
||||||
|
ipv6TestStr := *convertIPv4ToIPv6(&ipv6Format, &net.IPNet{IP: net.IPv4(1,1,1,1), Mask: net.CIDRMask(24, net.IPv4len)})
|
||||||
|
_, err = netlink.ParseIPNet(ipv6TestStr)
|
||||||
|
if err != nil {
|
||||||
|
logger.Error.Fatalf("IPV6_FORMAT is invalid: %s", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
filterPrefix := os.Getenv("FILTER_PREFIX")
|
||||||
|
|
||||||
|
checkIntervalStr := os.Getenv("RECHECK_INTERVAL")
|
||||||
|
checkIntervalSec, err := strconv.Atoi(checkIntervalStr)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Error.Fatal(err)
|
logger.Error.Fatalf("Couldn't read RECHECK_INTERVAL '%s': %s", checkIntervalStr, err)
|
||||||
}
|
}
|
||||||
|
checkInterval := time.Second * time.Duration(checkIntervalSec)
|
||||||
|
|
||||||
ipv6Format := os.Getenv("IPV6_FORMAT")
|
// Get the IPv4 address of the interface
|
||||||
ipv6TestStr := *convertIPv4ToIPv6(&ipv6Format, &net.IPNet{IP: net.IPv4(1, 1, 1, 1), Mask: net.CIDRMask(24, net.IPv4len)})
|
addrs, err := netlink.AddrList(netInterface, netlink.FAMILY_V4)
|
||||||
_, err = netlink.ParseIPNet(ipv6TestStr)
|
if err != nil {
|
||||||
if err != nil {
|
logger.Error.Fatal(err)
|
||||||
logger.Error.Fatalf("IPV6_FORMAT is invalid: %s", err)
|
}
|
||||||
}
|
if(len(addrs) == 0){
|
||||||
|
logger.Error.Fatal("Interface doesnt have IPv4-Adresses")
|
||||||
|
}
|
||||||
|
|
||||||
filterPrefix := os.Getenv("FILTER_PREFIX")
|
// Add the IPv6 address to the interface
|
||||||
|
ipv6Str := *convertIPv4ToIPv6(&ipv6Format, addrs[0].IPNet)
|
||||||
|
ipv6, err := netlink.ParseAddr(ipv6Str)
|
||||||
|
if err != nil {
|
||||||
|
logger.Error.Fatal(err)
|
||||||
|
}
|
||||||
|
logger.Info.Printf("Adding converted %s -> %s to interface", addrs[0].IPNet.String(), ipv6Str)
|
||||||
|
err = netlink.AddrAdd(netInterface, ipv6)
|
||||||
|
if err != nil {
|
||||||
|
switch {
|
||||||
|
case os.IsExist(err):
|
||||||
|
logger.Warn.Println("Address is already set on interface")
|
||||||
|
default:
|
||||||
|
logger.Error.Fatalf("Failed to set address on interface: %v", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
checkIntervalStr := os.Getenv("RECHECK_INTERVAL")
|
// Create a WireGuard client
|
||||||
checkInterval, err := time.ParseDuration(checkIntervalStr)
|
client, err := wgctrl.New()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Error.Fatalf("Couldn't parse RECHECK_INTERVAL '%s': %s", checkIntervalStr, err)
|
logger.Error.Fatal(err)
|
||||||
}
|
}
|
||||||
|
defer client.Close()
|
||||||
|
|
||||||
// Create a WireGuard client
|
// Loop indefinitely
|
||||||
client, err := wgctrl.New()
|
for {
|
||||||
if err != nil {
|
// Get the WireGuard peers on the interface
|
||||||
logger.Error.Fatal(err)
|
wgDevice, err := client.Device(iface)
|
||||||
}
|
if err != nil {
|
||||||
defer client.Close()
|
logger.Error.Fatalf("getting WireGuard device from interface '%s' failed: %s", iface, err)
|
||||||
|
}
|
||||||
// Loop indefinitely
|
|
||||||
for {
|
|
||||||
// Get the IPv4 addresses of the interface
|
|
||||||
addrs, err := netlink.AddrList(netInterface, netlink.FAMILY_V4)
|
|
||||||
if err != nil {
|
|
||||||
logger.Error.Fatal(err)
|
|
||||||
}
|
|
||||||
processedCount := 0
|
|
||||||
filteredCount := 0
|
|
||||||
for _, addr := range addrs {
|
|
||||||
// Check filter
|
|
||||||
if addr.String()[:len(filterPrefix)] != filterPrefix {
|
|
||||||
filteredCount++
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
|
|
||||||
// Add the IPv6 address to the interface
|
|
||||||
ipv6Str := *convertIPv4ToIPv6(&ipv6Format, addr.IPNet)
|
|
||||||
ipv6, err := netlink.ParseAddr(ipv6Str)
|
|
||||||
if err != nil {
|
|
||||||
logger.Warn.Printf("failed parsing converted %s -> %s : %s", addr.IPNet.String(), ipv6Str, err)
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
|
|
||||||
logger.Info.Printf("Adding converted %s -> %s to interface", addr.IPNet.String(), ipv6Str)
|
|
||||||
err = netlink.AddrAdd(netInterface, ipv6)
|
|
||||||
if err != nil {
|
|
||||||
switch {
|
|
||||||
case os.IsExist(err):
|
|
||||||
logger.Warn.Println("Address is already set on interface")
|
|
||||||
default:
|
|
||||||
logger.Error.Fatalf("Failed to set address on interface: %v", err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
processedCount++
|
|
||||||
}
|
|
||||||
if processedCount != len(addrs) {
|
|
||||||
logger.Warn.Printf("Not all Interface-Addresses were processed. Summary: %d processed, %d filtered, %d failed", processedCount, filteredCount, len(addrs)-processedCount-filteredCount)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Get the WireGuard peers on the interface
|
|
||||||
wgDevice, err := client.Device(iface)
|
|
||||||
if err != nil {
|
|
||||||
logger.Error.Fatalf("getting WireGuard device from interface '%s' failed: %s", iface, err)
|
|
||||||
}
|
|
||||||
|
|
||||||
var wgConfig wgtypes.Config
|
var wgConfig wgtypes.Config
|
||||||
wgConfig.Peers = make([]wgtypes.PeerConfig, 0, len(wgDevice.Peers))
|
wgConfig.Peers = make([]wgtypes.PeerConfig, 0, len(wgDevice.Peers))
|
||||||
|
|
||||||
for _, peer := range wgDevice.Peers {
|
for _, peer := range wgDevice.Peers {
|
||||||
// Create slice for 1 expected addition
|
// Create slice for 1 expected addition
|
||||||
addAllowedIPs := make([]net.IPNet, 0, 1)
|
var addAllowedIPs = make([]net.IPNet, 0, 1)
|
||||||
|
|
||||||
// Loop through the allowed-ips and add the ones starting with 100.100
|
// Loop through the allowed-ips and add the ones starting with 100.100
|
||||||
for _, allowedIP := range peer.AllowedIPs {
|
for _, allowedIP := range peer.AllowedIPs {
|
||||||
if allowedIP.String()[:len(filterPrefix)] == filterPrefix {
|
if allowedIP.String()[:len(filterPrefix)] == filterPrefix {
|
||||||
// Convert the IPv4 allowed-ip to an IPv6 address
|
// Convert the IPv4 allowed-ip to an IPv6 address
|
||||||
ipv6Str := *convertIPv4ToIPv6(&ipv6Format, &allowedIP)
|
ipv6Str := *convertIPv4ToIPv6(&ipv6Format, &allowedIP)
|
||||||
logger.Info.Printf("AllowedIP %s -> %s to peer %s", allowedIP.String(), ipv6Str, peer.PublicKey)
|
logger.Info.Printf("AllowedIP %s -> %s to peer %s", allowedIP.String(), ipv6Str, peer.PublicKey)
|
||||||
ipv6, err := netlink.ParseIPNet(ipv6Str)
|
ipv6, err := netlink.ParseIPNet(ipv6Str)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Warn.Printf("Couldnt parse IPv6 address %s of peer %s: %s", ipv6Str, peer.PublicKey, err)
|
logger.Warn.Printf("Couldnt parse IPv6 address %s of peer %s: %s", ipv6Str, peer.PublicKey, err)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if already set
|
// Check if already set
|
||||||
if i, _ := netchecks.IPNetIndexByIPNet(&peer.AllowedIPs, ipv6); i != -1 {
|
if i, _ := netchecks.IPNetIndexByIPNet(&peer.AllowedIPs, ipv6); i != -1 {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
// Add the IPv6 allowed-ip to the peer
|
// Add the IPv6 allowed-ip to the peer
|
||||||
addAllowedIPs = append(addAllowedIPs, *ipv6)
|
addAllowedIPs = append(addAllowedIPs, *ipv6)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(addAllowedIPs) > 0 {
|
if(len(addAllowedIPs) > 0){
|
||||||
// Create peer-config
|
// Create peer-config
|
||||||
peerConfig := wgtypes.PeerConfig{
|
peerConfig := wgtypes.PeerConfig{
|
||||||
PublicKey: peer.PublicKey,
|
PublicKey: peer.PublicKey,
|
||||||
AllowedIPs: append(peer.AllowedIPs, addAllowedIPs...),
|
AllowedIPs: append(peer.AllowedIPs, addAllowedIPs...),
|
||||||
}
|
}
|
||||||
|
|
||||||
// Add entry
|
// Add entry
|
||||||
wgConfig.Peers = append(wgConfig.Peers, peerConfig)
|
wgConfig.Peers = append(wgConfig.Peers, peerConfig)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(wgConfig.Peers) == 0 {
|
if(len(wgConfig.Peers) == 0){
|
||||||
logger.Info.Println("No changes, skipping")
|
logger.Info.Println("No changes, skipping")
|
||||||
} else {
|
} else {
|
||||||
err = client.ConfigureDevice(iface, wgConfig)
|
err = client.ConfigureDevice(iface, wgConfig)
|
||||||
if err != nil {
|
if(err != nil){
|
||||||
logger.Error.Fatalf("Error configuring wg-device '%s': %s", iface, err)
|
logger.Error.Fatalf("Error configuring wg-device '%s': %s", iface, err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Sleep for x seconds before running the loop again
|
// Sleep for x seconds before running the loop again
|
||||||
time.Sleep(checkInterval)
|
time.Sleep(checkInterval)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func convertIPv4ToIPv6(ipv6Format *string, ipv4 *net.IPNet) *string {
|
func convertIPv4ToIPv6(ipv6Format *string, ipv4 *net.IPNet) (*string) {
|
||||||
// Check if this is a default route (0.0.0.0/0)
|
CIDR, _ := ipv4.Mask.Size()
|
||||||
if ipv4.IP.Equal(net.IPv4zero) {
|
// Run format
|
||||||
if ones, _ := ipv4.Mask.Size(); ones == 0 {
|
ipv6Str := fmt.Sprintf(*ipv6Format, (*ipv4).IP[0], (*ipv4).IP[1], (*ipv4).IP[2], (*ipv4).IP[3], net.IPv6len*8-(net.IPv4len*8-CIDR))
|
||||||
defaultRoute := "::/0"
|
return &ipv6Str
|
||||||
return &defaultRoute
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
CIDR, _ := ipv4.Mask.Size()
|
|
||||||
// Run format
|
|
||||||
ipv6Str := fmt.Sprintf(*ipv6Format, (*ipv4).IP[0], (*ipv4).IP[1], (*ipv4).IP[2], (*ipv4).IP[3], net.IPv6len*8-(net.IPv4len*8-CIDR))
|
|
||||||
return &ipv6Str
|
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user