fix(wireguard): skip tun device checks when using kernelspace

internal/tun/check.go

@@ -1,41 +0,0 @@
-//go:build linux || darwin
-
-package tun
-
-import (
-	"errors"
-	"fmt"
-	"os"
-	"syscall"
-)
-
-// Check checks the tunnel device specified by path is present and accessible.
-func (t *Tun) Check(path string) error {
-	f, err := os.OpenFile(path, os.O_RDWR, 0)
-	if err != nil {
-		return fmt.Errorf("TUN device is not available: %w", err)
-	}
-	defer f.Close()
-
-	info, err := f.Stat()
-	if err != nil {
-		return fmt.Errorf("getting stat information for TUN file: %w", err)
-	}
-
-	sys, ok := info.Sys().(*syscall.Stat_t)
-	if !ok {
-		return errors.New("cannot get syscall stat info of TUN file")
-	}
-
-	const expectedRdev = 2760 // corresponds to major 10 and minor 200
-	if sys.Rdev != expectedRdev {
-		return fmt.Errorf("TUN file has an unexpected rdev: %d instead of expected %d",
-			sys.Rdev, expectedRdev)
-	}
-
-	if err := f.Close(); err != nil {
-		return fmt.Errorf("closing TUN device: %w", err)
-	}
-
-	return nil
-}

internal/tun/check_unspecified.go

@@ -1,7 +0,0 @@
-//go:build !linux && !darwin
-
-package tun
-
-func (t *Tun) Check(path string) error {
-	panic("not implemented")
-}

internal/tun/create.go

@@ -1,50 +0,0 @@
-//go:build linux || darwin
-
-package tun
-
-import (
-	"fmt"
-	"math"
-	"os"
-	"path/filepath"
-
-	"golang.org/x/sys/unix"
-)
-
-// Create creates a TUN device at the path specified.
-func (t *Tun) Create(path string) (err error) {
-	parentDir := filepath.Dir(path)
-	err = os.MkdirAll(parentDir, 0o751) //nolint:mnd
-	if err != nil {
-		return err
-	}
-
-	const (
-		major = 10
-		minor = 200
-	)
-	dev := unix.Mkdev(major, minor)
-	if dev > math.MaxInt {
-		panic("dev is too high")
-	}
-	err = unix.Mknod(path, unix.S_IFCHR, int(dev))
-	if err != nil {
-		return fmt.Errorf("creating TUN device file node: %w", err)
-	}
-
-	fd, err := unix.Open(path, 0, 0)
-	if err != nil {
-		if err.Error() == "operation not permitted" {
-			err = fmt.Errorf("%w (did you specify --device /dev/net/tun to your container command?)", err)
-		}
-		return fmt.Errorf("unix opening TUN device file: %w", err)
-	}
-
-	const nonBlocking = true
-	err = unix.SetNonblock(fd, nonBlocking)
-	if err != nil {
-		return fmt.Errorf("setting non block to TUN device file descriptor: %w", err)
-	}
-
-	return nil
-}

internal/tun/create_unspecified.go

@@ -1,8 +0,0 @@
-//go:build !linux && !darwin
-
-package tun
-
-// Create creates a TUN device at the path specified.
-func (t *Tun) Create(path string) error {
-	panic("not implemented")
-}

internal/tun/tun.go

@@ -1,7 +1,100 @@
+//go:build linux || darwin
+
 package tun
 
-type Tun struct{}
+import (
+	"errors"
+	"fmt"
+	"math"
+	"os"
+	"path/filepath"
+	"syscall"
 
-func New() *Tun {
-	return &Tun{}
+	"golang.org/x/sys/unix"
+)
+
+func Setup() error {
+	const tunDevice = "/dev/net/tun"
+	err := check(tunDevice)
+	switch {
+	case err == nil:
+		return nil
+	case errors.Is(err, os.ErrNotExist):
+		err = create(tunDevice)
+		if err != nil {
+			return fmt.Errorf("creating TUN device: %w", err)
+		}
+		return nil
+	default:
+		return fmt.Errorf("checking TUN device: %w (see the Wiki errors/tun page)", err)
+	}
+}
+
+// check checks the tunnel device specified by path is present and accessible.
+func check(path string) error {
+	f, err := os.OpenFile(path, os.O_RDWR, 0)
+	if err != nil {
+		return fmt.Errorf("TUN device is not available: %w", err)
+	}
+	defer f.Close()
+
+	info, err := f.Stat()
+	if err != nil {
+		return fmt.Errorf("getting stat information for TUN file: %w", err)
+	}
+
+	sys, ok := info.Sys().(*syscall.Stat_t)
+	if !ok {
+		return errors.New("cannot get syscall stat info of TUN file")
+	}
+
+	const expectedRdev = 2760 // corresponds to major 10 and minor 200
+	if sys.Rdev != expectedRdev {
+		return fmt.Errorf("TUN file has an unexpected rdev: %d instead of expected %d",
+			sys.Rdev, expectedRdev)
+	}
+
+	if err := f.Close(); err != nil {
+		return fmt.Errorf("closing TUN device: %w", err)
+	}
+
+	return nil
+}
+
+// create creates a TUN device at the path specified.
+func create(path string) (err error) {
+	parentDir := filepath.Dir(path)
+	err = os.MkdirAll(parentDir, 0o751) //nolint:mnd
+	if err != nil {
+		return err
+	}
+
+	const (
+		major = 10
+		minor = 200
+	)
+	dev := unix.Mkdev(major, minor)
+	if dev > math.MaxInt {
+		panic("dev is too high")
+	}
+	err = unix.Mknod(path, unix.S_IFCHR, int(dev))
+	if err != nil {
+		return fmt.Errorf("creating TUN device file node: %w", err)
+	}
+
+	fd, err := unix.Open(path, 0, 0)
+	if err != nil {
+		if err.Error() == "operation not permitted" {
+			err = fmt.Errorf("%w (did you specify --device /dev/net/tun to your container command?)", err)
+		}
+		return fmt.Errorf("unix opening TUN device file: %w", err)
+	}
+
+	const nonBlocking = true
+	err = unix.SetNonblock(fd, nonBlocking)
+	if err != nil {
+		return fmt.Errorf("setting non block to TUN device file descriptor: %w", err)
+	}
+
+	return nil
 }

internal/tun/tun_test.go

@@ -10,20 +10,18 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-func Test_Tun(t *testing.T) {
+func Test_Setup(t *testing.T) {
 	t.Parallel()
 
 	path := getTempPath(t)
 
-	tun := New()
-
 	defer func() {
 		err := os.RemoveAll(path)
 		require.NoError(t, err)
 	}()
 
 	// No file check fail
-	err := tun.Check(path)
+	err := check(path)
 	require.Error(t, err)
 	expectedMessage := "TUN device is not available: open " + path + ": no such file or directory"
 	require.Equal(t, expectedMessage, err.Error())
@@ -35,13 +33,13 @@ func Test_Tun(t *testing.T) {
 	require.NoError(t, err)
 
 	// Simple file check fail
-	err = tun.Check(path)
+	err = check(path)
 	require.Error(t, err)
 	expectedMessage = "TUN file has an unexpected rdev: 0 instead of expected 2760"
 	require.Equal(t, expectedMessage, err.Error())
 
 	// Create TUN device fail as file exists
-	err = tun.Create(path)
+	err = create(path)
 	require.Error(t, err)
 	require.EqualError(t, err, "creating TUN device file node: file exists")
 
@@ -50,7 +48,7 @@ func Test_Tun(t *testing.T) {
 	require.NoError(t, err)
 
 	// Create TUN device success
-	err = tun.Create(path)
+	err = create(path)
 	if err != nil && strings.HasSuffix(err.Error(), "operation not permitted") {
 		t.Skip("You do not have root privileges to create a TUN device, skipping test")
 		return
@@ -58,7 +56,7 @@ func Test_Tun(t *testing.T) {
 	require.NoError(t, err)
 
 	// Check TUN device success
-	err = tun.Check(path)
+	err = check(path)
 	require.NoError(t, err)
 }
 

internal/tun/tun_unspecified.go

@@ -0,0 +1,12 @@
+//go:build !linux && !darwin
+
+package tun
+
+import (
+	"fmt"
+	"runtime"
+)
+
+func Setup() error {
+	return fmt.Errorf("not implemented for %s", runtime.GOOS)
+}

internal/vpn/amneziawg.go

@@ -9,6 +9,7 @@ import (
 	"github.com/qdm12/gluetun/internal/models"
 	"github.com/qdm12/gluetun/internal/netlink"
 	"github.com/qdm12/gluetun/internal/provider"
+	"github.com/qdm12/gluetun/internal/tun"
 	"github.com/qdm12/gluetun/internal/wireguard"
 	"github.com/qdm12/gosettings"
 )
@@ -19,6 +20,11 @@ func setupAmneziaWg(ctx context.Context, netlinker NetLinker,
 	settings settings.VPN, ipv6SupportLevel netlink.IPv6SupportLevel, logger wireguard.Logger) (
 	amneziawger *amneziawg.Amneziawg, connection models.Connection, err error,
 ) {
+	err = tun.Setup()
+	if err != nil {
+		return nil, models.Connection{}, fmt.Errorf("setting up tun device: %w", err)
+	}
+
 	ipv6Internet := ipv6SupportLevel == netlink.IPv6Internet
 	connection, err = providerConf.GetConnection(settings.Provider.ServerSelection, ipv6Internet)
 	if err != nil {

internal/vpn/openvpn.go

@@ -9,6 +9,7 @@ import (
 	"github.com/qdm12/gluetun/internal/netlink"
 	"github.com/qdm12/gluetun/internal/openvpn"
 	"github.com/qdm12/gluetun/internal/provider"
+	"github.com/qdm12/gluetun/internal/tun"
 )
 
 // setupOpenVPN sets OpenVPN up using the configurators and settings given.
@@ -18,6 +19,11 @@ func setupOpenVPN(ctx context.Context, fw Firewall,
 	settings settings.VPN, ipv6SupportLevel netlink.IPv6SupportLevel, starter Cmder,
 	logger openvpn.Logger) (runner *openvpn.Runner, connection models.Connection, err error,
 ) {
+	err = tun.Setup()
+	if err != nil {
+		return nil, models.Connection{}, fmt.Errorf("setting up tun device: %w", err)
+	}
+
 	ipv6Internet := ipv6SupportLevel == netlink.IPv6Internet
 	connection, err = providerConf.GetConnection(settings.Provider.ServerSelection, ipv6Internet)
 	if err != nil {

internal/wireguard/run.go

@@ -8,6 +8,7 @@ import (
 
 	"github.com/qdm12/gluetun/internal/cleanup"
 	"github.com/qdm12/gluetun/internal/netlink"
+	gtun "github.com/qdm12/gluetun/internal/tun"
 	"golang.zx2c4.com/wireguard/conn"
 	"golang.zx2c4.com/wireguard/device"
 	"golang.zx2c4.com/wireguard/tun"
@@ -27,15 +28,18 @@ func (w *Wireguard) Run(ctx context.Context, waitError chan<- error, ready chan<
 	}
 
 	setupFunction := setupUserSpace
+	userspace := false
 	switch w.settings.Implementation {
 	case "auto": //nolint:goconst
 		if !kernelSupported {
 			w.logger.Info("Using userspace implementation since Kernel support does not exist")
+			userspace = true
 			break
 		}
 		w.logger.Info("Using available kernelspace implementation")
 		setupFunction = setupKernelSpace
 	case "userspace":
+		userspace = true
 	case "kernelspace":
 		if !kernelSupported {
 			waitError <- errors.New("kernel does not support Wireguard")
@@ -46,6 +50,14 @@ func (w *Wireguard) Run(ctx context.Context, waitError chan<- error, ready chan<
 		panic(fmt.Sprintf("unknown implementation %q", w.settings.Implementation))
 	}
 
+	if userspace {
+		err = gtun.Setup()
+		if err != nil {
+			waitError <- fmt.Errorf("setting up userspace tun device: %w", err)
+			return
+		}
+	}
+
 	setup := func(ctx context.Context, cleanups *cleanup.Cleanups) (
 		linkIndex uint32, waitAndCleanup func() error, err error,
 	) {