Adds WireGuard driver

Signed-off-by: b-m-f <[email protected]>
containers · Feb 20, 2023 · 8b2cbd2 · 8b2cbd2
1 parent 2e2e1ad
commit 8b2cbd2
Show file tree

Hide file tree

Showing 58 changed files with 2,190 additions and 369 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -14,10 +14,15 @@ build = "build.rs"
 
 [package.metadata.vendor-filter]
 # This list is not exhaustive.
-platforms = ["x86_64-unknown-linux-gnu", "aarch64-unknown-linux-gnu", "powerpc64le-unknown-linux-gnu", 
-             "s390x-unknown-linux-gnu", "riscv64gc-unknown-linux-gnu",
-             "x86_64-unknown-linux-musl", "aarch64-unknown-linux-musl",
-             ]
+platforms = [
+    "x86_64-unknown-linux-gnu",
+    "aarch64-unknown-linux-gnu",
+    "powerpc64le-unknown-linux-gnu",
+    "s390x-unknown-linux-gnu",
+    "riscv64gc-unknown-linux-gnu",
+    "x86_64-unknown-linux-musl",
+    "aarch64-unknown-linux-musl",
+]
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 [features]
@@ -41,12 +46,15 @@ zbus = { version = "3.10.0" }
 nix = "0.26.2"
 rand = "0.8.5"
 sha2 = "0.10.6"
-netlink-packet-route = "0.13"
-netlink-packet-core = "0.4.2"
+netlink-packet-route = "0.15"
+netlink-packet-core = "0.5.0"
+netlink-packet-wireguard = { git = "https://github.com/rust-netlink/netlink-packet-wireguard", version = "0.2.2" }
+netlink-packet-generic = "0.3.2"
 fs2 = "0.4.3"
 netlink-sys = "0.8.4"
-netavark_proxy = { git = "https://github.com/containers/netavark-dhcp-proxy"} 
+netavark_proxy = { git = "https://github.com/containers/netavark-dhcp-proxy" }
 tokio = { version = "1.25", features = ["rt"] }
+base64 = "0.13.1"
 
 [build-dependencies]
 chrono = { version = "0.4.22", default-features = false, features = ["clock"] }
diff --git a/src/network/bridge.rs b/src/network/bridge.rs
@@ -92,7 +92,7 @@ impl driver::NetworkDriver for Bridge<'_> {
 
     fn setup(
         &self,
-        netlink_sockets: (&mut netlink::Socket, &mut netlink::Socket),
+        netlink_sockets: (&mut netlink::LinkSocket, &mut netlink::LinkSocket),
     ) -> NetavarkResult<(StatusBlock, Option<AardvarkEntry>)> {
         let data = match &self.data {
             Some(d) => d,
@@ -228,7 +228,7 @@ impl driver::NetworkDriver for Bridge<'_> {
 
     fn teardown(
         &self,
-        netlink_sockets: (&mut netlink::Socket, &mut netlink::Socket),
+        netlink_sockets: (&mut netlink::LinkSocket, &mut netlink::LinkSocket),
     ) -> NetavarkResult<()> {
         let (host_sock, netns_sock) = netlink_sockets;
 
@@ -458,8 +458,8 @@ fn setup_ipv6_fw_sysctl() -> NetavarkResult<()> {
 
 /// returns the container veth mac address
 fn create_interfaces(
-    host: &mut netlink::Socket,
-    netns: &mut netlink::Socket,
+    host: &mut netlink::LinkSocket,
+    netns: &mut netlink::LinkSocket,
     data: &InternalData,
     internal: bool,
     hostns_fd: RawFd,
@@ -528,8 +528,8 @@ fn create_interfaces(
 
 /// return the container veth mac address
 fn create_veth_pair(
-    host: &mut netlink::Socket,
-    netns: &mut netlink::Socket,
+    host: &mut netlink::LinkSocket,
+    netns: &mut netlink::LinkSocket,
     data: &InternalData,
     primary_index: u32,
     internal: bool,
@@ -658,8 +658,8 @@ fn check_link_is_bridge(msg: LinkMessage, br_name: &str) -> NetavarkResult<LinkM
 }
 
 fn remove_link(
-    host: &mut netlink::Socket,
-    netns: &mut netlink::Socket,
+    host: &mut netlink::LinkSocket,
+    netns: &mut netlink::LinkSocket,
     br_name: &str,
     container_veth_name: &str,
 ) -> NetavarkResult<bool> {

diff --git a/src/network/constants.rs b/src/network/constants.rs
@@ -11,6 +11,7 @@ pub const IPAM_NONE: &str = "none";
 pub const DRIVER_BRIDGE: &str = "bridge";
 pub const DRIVER_IPVLAN: &str = "ipvlan";
 pub const DRIVER_MACVLAN: &str = "macvlan";
+pub const DRIVER_WIREGUARD: &str = "wireguard";
 
 pub const OPTION_ISOLATE: &str = "isolate";
 pub const OPTION_MTU: &str = "mtu";

diff --git a/src/network/core_utils.rs b/src/network/core_utils.rs
@@ -308,7 +308,7 @@ pub struct NamespaceOptions {
     /// as long as the File object is valid
     pub file: File,
     pub fd: RawFd,
-    pub netlink: netlink::Socket,
+    pub netlink: netlink::LinkSocket,
 }
 
 pub fn open_netlink_sockets(
@@ -317,13 +317,13 @@ pub fn open_netlink_sockets(
     let netns = open_netlink_socket(netns_path).wrap("open container netns")?;
     let hostns = open_netlink_socket("/proc/self/ns/net").wrap("open host netns")?;
 
-    let host_socket = netlink::Socket::new().wrap("host netlink socket")?;
+    let host_socket = netlink::LinkSocket::new().wrap("host netlink socket")?;
 
     exec_netns!(
         hostns.1,
         netns.1,
         res,
-        netlink::Socket::new().wrap("netns netlink socket")
+        netlink::LinkSocket::new().wrap("netns netlink socket")
     );
 
     let netns_sock = res?;
@@ -341,14 +341,31 @@ pub fn open_netlink_sockets(
     ))
 }
 
+pub fn open_generic_netlink_sockets_from_fd(
+    host_fd: i32,
+    netns_fd: i32,
+) -> NetavarkResult<(netlink::GenericSocket, netlink::GenericSocket)> {
+    let host_socket = netlink::GenericSocket::new().wrap("host netlink socket")?;
+
+    exec_netns!(
+        host_fd,
+        netns_fd,
+        res,
+        netlink::GenericSocket::new().wrap("netns netlink socket")
+    );
+
+    let netns_sock = res?;
+    Ok((host_socket, netns_sock))
+}
+
 fn open_netlink_socket(netns_path: &str) -> NetavarkResult<(File, RawFd)> {
     let ns = wrap!(File::open(netns_path), format!("open {}", netns_path))?;
     let ns_fd = ns.as_raw_fd();
     Ok((ns, ns_fd))
 }
 
 pub fn add_default_routes(
-    sock: &mut netlink::Socket,
+    sock: &mut netlink::LinkSocket,
     gws: &[ipnet::IpNet],
     metric: Option<u32>,
 ) -> NetavarkResult<()> {

diff --git a/src/network/driver.rs b/src/network/driver.rs
@@ -11,6 +11,7 @@ use super::{
     constants, netlink,
     types::{Network, PerNetworkOptions, PortMapping, StatusBlock},
     vlan::Vlan,
+    wireguard::WireGuard,
 };
 use std::os::unix::io::RawFd;
 
@@ -34,12 +35,12 @@ pub trait NetworkDriver {
     /// setup the network interfaces/firewall rules for this driver
     fn setup(
         &self,
-        netlink_sockets: (&mut netlink::Socket, &mut netlink::Socket),
+        netlink_sockets: (&mut netlink::LinkSocket, &mut netlink::LinkSocket),
     ) -> NetavarkResult<(StatusBlock, Option<AardvarkEntry>)>;
     /// teardown the network interfaces/firewall rules for this driver
     fn teardown(
         &self,
-        netlink_sockets: (&mut netlink::Socket, &mut netlink::Socket),
+        netlink_sockets: (&mut netlink::LinkSocket, &mut netlink::LinkSocket),
     ) -> NetavarkResult<()>;
 
     /// return the network name
@@ -50,6 +51,7 @@ pub fn get_network_driver(info: DriverInfo) -> NetavarkResult<Box<dyn NetworkDri
     match info.network.driver.as_str() {
         constants::DRIVER_BRIDGE => Ok(Box::new(Bridge::new(info))),
         constants::DRIVER_IPVLAN | constants::DRIVER_MACVLAN => Ok(Box::new(Vlan::new(info))),
+        constants::DRIVER_WIREGUARD => Ok(Box::new(WireGuard::new(info))),
 
         _ => Err(NetavarkError::Message(format!(
             "unknown network driver {}",

diff --git a/src/network/mod.rs b/src/network/mod.rs
@@ -17,6 +17,7 @@ pub mod internal_types;
 mod macvlan_dhcp;
 pub mod netlink;
 pub mod vlan;
+pub mod wireguard;
 
 impl types::NetworkOptions {
     pub fn load(path: Option<String>) -> NetavarkResult<types::NetworkOptions> {