wireguard: Adding an interface name filter for Android?

From: Ju Hyung Park <qkrwngud825@gmail.com>
To: wireguard@lists.zx2c4.com
Subject: wireguard: Adding an interface name filter for Android?
Date: Fri, 11 Jan 2019 23:19:26 +0900	[thread overview]
Message-ID: <CAD14+f2_Ko5zZvZ3jh3XzckXALRER1vpc6OyJtZ7p7=BPqH-1Q@mail.gmail.com> (raw)

Hi,

I've been using WireGuard on my Laptop for months and I've just got to
try it on my Android device with kernel support just now.

I've just noticed that Android's ndc doesn't take it nicely when the
interface name has a period on it. I'm not sure whether this is a
known issue, but it seems to be a good idea to add a name filter for
Android. I'm guessing that some other symbols would be also
problematic.

Here's a terminal log I manually captured after running wg-quick
myself as the logcat didn't indicate much:

OnePlus6:/data/data/com.wireguard.android # ./cache/bin/wg-quick up
arter97.com
[#] ip link add arter97.com type wireguard
[#] wg setconf arter97.com /proc/self/fd/0
[#] ip link set up dev arter97.com
[#] ip6tables -I INPUT 1 -p udp --dport ***** -j DROP -m comment
--comment "wireguard rule arter97.com"
[#] ip link set down dev arter97.com
[#] ndc interface setcfg arter97.com '192.168.2.8' 32
[#] wg set arter97.com fwmark 0x20000
[#] iptables -I OUTPUT 1 -m mark --mark 0x20000 -j ACCEPT -m comment
--comment "wireguard rule arter97.com"
[#] ip6tables -I OUTPUT 1 -m mark --mark 0x20000 -j ACCEPT -m comment
--comment "wireguard rule arter97.com"
[#] ndc interface setcfg arter97.com up
[#] ndc network create 20968 vpn 1 1
[#] ndc network interface add 20968 arter97.com
[#] ndc resolver setnetdns 20968 '' '1.1.1.1'
[#] ndc network route add 20968 arter97.com 0.0.0.0/0
[#] ndc interface setmtu arter97.com 1370
Error: 400 0 Failed to set MTU (No such file or directory)

[#] iptables -D OUTPUT -m mark --mark 0x20000 -j ACCEPT -m comment
--comment "wireguard rule arter97.com"
[#] ip6tables -D OUTPUT -m mark --mark 0x20000 -j ACCEPT -m comment
--comment "wireguard rule arter97.com"
[#] ip link del arter97.com
[#] ndc network destroy 20968
64|OnePlus6:/data/data/com.wireguard.android #

OnePlus6:/data/data/com.wireguard.android # ./cache/bin/wg-quick up
arter97
[#] ip link add arter97 type wireguard
[#] wg setconf arter97 /proc/self/fd/0
[#] ip link set up dev arter97
[#] ip6tables -I INPUT 1 -p udp --dport ***** -j DROP -m comment
--comment "wireguard rule arter97"
[#] ip link set down dev arter97
[#] ndc interface setcfg arter97 '192.168.2.8' 32
[#] wg set arter97 fwmark 0x20000
[#] iptables -I OUTPUT 1 -m mark --mark 0x20000 -j ACCEPT -m comment
--comment "wireguard rule arter97"
[#] ip6tables -I OUTPUT 1 -m mark --mark 0x20000 -j ACCEPT -m comment
--comment "wireguard rule arter97"
[#] ndc interface setcfg arter97 up
[#] ndc network create 4402 vpn 1 1
[#] ndc network interface add 4402 arter97
[#] ndc resolver setnetdns 4402 '' '1.1.1.1'
[#] ndc network route add 4402 arter97 0.0.0.0/0
[#] ndc interface setmtu arter97 1370
[#] ndc network users add 4402 0-99999
[#] am broadcast -a com.wireguard.android.action.REFRESH_TUNNEL_STATES
com.wireguard.android
Broadcasting: Intent {
act=com.wireguard.android.action.REFRESH_TUNNEL_STATES
pkg=com.wireguard.android }
Broadcast completed: result=0

Thanks,
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard