Hey guys,

I've noticed that around 60% of emails and IRC messages I get about
WireGuard issues are due to:

1) forgetting to `rmmod wireguard && modprobe wireguard` after updating
2) installing new kernel headers, removing old kernel headers, updating
   wireguard, and then having the module built for the newer kernel and
   forgetting to reboot
3) not having any headers installed

I don't really know the best generic solution for (3), since different
distros and distro-derivatives (armbian,raspian,archlinuxarm,etc) seem
to express these dependencies in different ways, or not at all. But I do
have an idea to pretty easily address (1) and (2). I've just added the
below to the Gentoo ebuild:

+ if [[ $(uname -r) != "${KV_FULL}" ]]; then
+         ewarn
+         ewarn "You have just built WireGuard for kernel ${KV_FULL}, yet the 
currently running"
+         ewarn "kernel is $(uname -r). If you intend to use this WireGuard 
module on the currently"
+         ewarn "running machine, you will first need to reboot it into the 
kernel ${KV_FULL}, for"
+         ewarn "which this module was built."
+         ewarn
+ elif [[ -f /sys/module/wireguard/version ]] && \
+      old="$(< /sys/module/wireguard/version)" && \
+      new="$(modinfo -F version 
"${ROOT}/lib/modules/${KV_FULL}/net/wireguard.ko" 2>/dev/null)" && \
+      [[ $old != "$new" ]]; then
+         ewarn
+         ewarn "You appear to have just upgraded WireGuard from version v$old 
to v$new."
+         ewarn "However, the old version is still running on your system. In 
order to use the"
+         ewarn "new version, you will need to remove the old module and load 
the new one. As"
+         ewarn "root, you can accomplish this with the following commands:"
+         ewarn
+         ewarn "    # rmmod wireguard"
+         ewarn "    # modprobe wireguard"
+         ewarn
+         ewarn "Do note that doing this will remove current WireGuard 
interfaces, so you may want"
+         ewarn "to gracefully remove them yourself prior."
+         ewarn
+ fi

There's a bit of Gentoo-specific stuff in there, but the general idea is
that I first check to see if the module is being built for the current
kernel or a different one, and then I check whether an older module is
loaded than the one just built. It might be slightly trickier to
accomplish this with DKMS, but I think still it's possible.

Any thoughts on this pattern?

WireGuard mailing list

Reply via email to