Re: [PATCH] freebsd: Implement selection of FIB (routing table) for tunneled packets
Am 17.04.2021 um 17:00 schrieb Jason A. Donenfeld: Does this actually fix or change anything? Don't new sockets have fib==0 right out of the gate already? New sockets inherit the fib from the current process. If you create the wg interface from a process with different fib, that fib will also be used for this socket. Probably the difference in code is not very important for the case of a system default boot. But that may vary for jails/vnets with different default fibs. In my test case the sequence > setfib 1 ifconfig wg0 create > ifconfig wg0 tunnelfib 0 failed. Frank -- Frank Behrens Osterwieck, Germany
Re: [PATCH] freebsd: Implement selection of FIB (routing table) for tunneled packets
Hi Jason! Am 13.04.2021 um 04:57 schrieb Jason A. Donenfeld: Can you let me know if this fixes the issue? https://git.zx2c4.com/wireguard-freebsd/commit/?id=cdb18ebf44a5babb57cddccd6b33e9f19cfdf365 It looks better, but a little too much optimized. ;-) The fix is in https://git.zx2c4.com/wireguard-freebsd/log/?h=fb/fib3 Best regards, Frank -- Frank Behrens Osterwieck, Germany
Re: [PATCH] freebsd: Implement selection of FIB (routing table) for tunneled packets
Hello Jason! Am 31.03.2021 um 21:11 schrieb Jason A. Donenfeld: Thanks for the patch. Does the line `so4->so_fibnum = so6->so_fibnum = sc->sc_socket.so_fibnum;` also need to be changed too in initiation, or is that one fine? Thanks for the pointer. That part has to be changed as well. I updated my branch. Kind regards, Frank -- Frank Behrens Osterwieck, Germany
Re: [PATCH] freebsd: Implement selection of FIB (routing table) for tunneled packets
Hello Jason! Am 31.03.2021 um 21:11 schrieb Jason A. Donenfeld: Hi Frank, Thanks for the patch. Does the line `so4->so_fibnum = so6->so_fibnum = sc->sc_socket.so_fibnum;` also need to be changed too in initiation, or is that one fine? Good catch! I'll check this in the next few days (and update the branch if necessary). Frank -- Frank Behrens Osterwieck, Germany
Re: [PATCH] freebsd: Implement selection of FIB (routing table) for tunneled packets
Hello! Am 23.03.2021 um 06:51 schrieb Frank Behrens: Am 22.03.2021 um 19:14 schrieb Jason A. Donenfeld: Applied to git with some small modifications: https://git.zx2c4.com/wireguard-freebsd/commit/?id=0a5c6abdfaa1f4f09269a222c1720e2ff3b8aa02 Thanky you! That looks very good. I'm sorry, that I didn't test this in detail. Unfortunately it does not work, I made a patch in branch fb/fib2. Kind regards, Frank -- Frank Behrens Osterwieck, Germany
Re: [PATCH] freebsd: Implement selection of FIB (routing table) for tunneled packets
Hi Jason! Am 22.03.2021 um 19:14 schrieb Jason A. Donenfeld: Applied to git with some small modifications: https://git.zx2c4.com/wireguard-freebsd/commit/?id=0a5c6abdfaa1f4f09269a222c1720e2ff3b8aa02 Thanky you! That looks very good. -- Frank Behrens Osterwieck, Germany
Re: [PATCH] freebsd: Implement selection of FIB (routing table) for tunneled packets
Hi Jason, thanks for your response. Am 19.03.2021 schrieb Jason A. Donenfeld: In other words, you have push access to all branches beginning with fb/ . That works, thanks. Meanwhile I pushed my branch to fb/fib. Right now we have the `wg set wg0 fwmark ...` mapped to SO_USER_COOKIE, as I'm sure you saw there. But maybe FIB would be a better thing to use for that? We could adjust wireguard-go to do the same with the tuntap ioctl. I believe we have different, orthogonal things: 1. The selection of routing table (fib) for received, decrypted packets. -> Already implemented in wg_deliver_in() #2098 and controlled by "ifconfig wg0 fib 1" 2. The selection of routing table for outgoing, encrypted packets. -> That is addressed by my patch and controlled by "ifconfig wg0 tunnelfib 1". Maybe wg(8) should receive also an option for that purpose, if other OS use equivalent functions. 3. The setting of special marks, useable in packet filter/firewall processing. I guess, that is the meaning for "wg.. fwmark". I'm not sure, how best to implement that for FreeBSD. For ipfw(4) there is some functionality using socket cookies, as already implemented. For pf(4) packet filter the documentation mentions mbuf_tags(9). Apparently we need some input from a FreeBSD packet filter developer. Kind regards, Frank -- Frank Behrens Osterwieck, Germany
[PATCH] freebsd: Implement selection of FIB (routing table) for tunneled packets
Hello Jason, hello community, although I regret the recent removal of FreeBSD kernel driver I can live with the present development model. With the current sources in the external repository I could create a working VPN for the first time with my Android phone. It works well, thanks to all contributors. The setup was done only with ifconfig(8), I have the now removed parts still in place. :-) For my setup I needed a different route for the encapsulated packets and so I implemented the missing parts. With this message I give that part to the community (matching the existing BSD-2-Clause-FreeBSD license). For the sake of simplicity I created an own branch on github, the commit is https://github.com/frbehrens/wireguard-freebsd/commit/f0445be7b5b30a98da11bf2e209739a2155a59bb or use for direct patch download: https://github.com/frbehrens/wireguard-freebsd/commit/f0445be7b5b30a98da11bf2e209739a2155a59bb.patch Kind regards, Frank -- Frank Behrens Osterwieck, Germany
Wireguard for FreeBSD without iflib
Hello Jason, I read your messages from the last days in the freebsd lists. In the version before removal from freebsd and in your current repository at https://git.zx2c4.com/wireguard-freebsd/ I see a problem. I can't load the module, because I get the error: Mar 17 20:07:53 moon kernel: link_elf_obj: symbol qgroup_if_io_tqg undefined Mar 17 20:07:53 moon kernel: linker_load_file: /usr/local/src/wg/src/if_wg.ko - unsupported file type I guess that is caused my the fact, that I do not have iflib in the kernel and you have only a TASKQGROUP_DECLARE(if_io_tqg) in the source and not TASKQGROUP_DEFINE(..). Kind regards, Frank -- Frank Behrens Osterwieck, Germany
