-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Amnezia PoC #1415
base: main
Are you sure you want to change the base?
Amnezia PoC #1415
Conversation
wireguard/build-wireguard-go.sh
Outdated
IOS_BUILD=false | ||
DOCKER_BUILD=true | ||
AMNEZIA_BUILD=false | ||
while true; do |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Been meaning to do that. We should extract args parsing into main :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can split this out into it's own little PR
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That would be great!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PR created here - #1432
I think it now works for the enabled build platforms
I am not sure why the ios build is not finding |
Try |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: 0 of 26 files reviewed, 1 unresolved discussion (waiting on @jmwample)
nym-vpn-core/crates/nym-vpn-lib/build.rs
line 16 at r1 (raw file):
.expect("failed to extract build metadata"); let manifest_path = env::var_os("CARGO_MANIFEST_DIR").expect("manifest dir is not set");
FYI Maybe you need to rebase on main
because crates/nym-wg-go
already provides the linker flags, so there is no need to modify build.rs
for individual targets.
basic structs and feature for amnezia configuration - libs still build
351e327
to
96f37a7
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: 0 of 41 files reviewed, all discussions resolved (waiting on @aniampio)
wireguard/build-wireguard-go.sh
line 17 at r1 (raw file):
Previously, jmwample (Jack Wampler) wrote…
PR created here - #1432
I think it now works for the enabled build platforms
Thank you for that!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: 0 of 41 files reviewed, 1 unresolved discussion (waiting on @aniampio and @jmwample)
a discussion (no related file):
Do you think there is a way we can maintain the same libwg codebase without copying all code and support amnesia at the same time?
I am not very familiar with Go toolchain. I know there things like tags for conditional compilation.
For imports, it seems that Amnezia is merely a mirror of golang.zx2c4.com/wireguard
repo so maybe we could rewrite the repo URL to amnezia in go.mod
while on the outside maintain the same imports from zx2c4.com.
I am not sure what the best way to tackle this, but I'd like to avoid copying the same code for as much as possible because there will be patches to the libwg and the last thing we want is to sync between libwg and amnezia fork, if possible of course.
This is what I tried to do first. However, I ran into trouble because the go So we could use build tags and only copy the files with references to Only using Edit: #1441 is an implementation of the |
swap wholesale to libamnezia
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 1 of 20 files at r2.
Reviewable status: 1 of 54 files reviewed, 3 unresolved discussions (waiting on @aniampio and @jmwample)
nym-vpn-core/crates/nym-vpnd/build.rs
line 8 at r3 (raw file):
fn main() -> Result<(), Box<dyn std::error::Error>> { let manifest_path = env::var_os("CARGO_MANIFEST_DIR").expect("manifest dir is not set");
Can we please revert these changes. nym-wg-go
already does that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: 1 of 54 files reviewed, 4 unresolved discussions (waiting on @aniampio and @jmwample)
.github/workflows/ci-nym-vpn-core-ios.yml
line 49 at r3 (raw file):
repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Install script dependencies
I guess we no longer need it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: 1 of 54 files reviewed, 5 unresolved discussions (waiting on @aniampio and @jmwample)
wireguard/build-wireguard-go.sh
line 262 at r3 (raw file):
} LIB_DIR="libwg"
LIB_DIR is defined at the top. Rebasing issues?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: 1 of 54 files reviewed, 6 unresolved discussions (waiting on @aniampio and @jmwample)
nym-vpn-core/crates/nym-gateway-probe/README.md
line 12 at r3 (raw file):
preffered platform. Install required dependencies
Nit: this should really be a part of markdown document in the root of the nym-vpn-core because it defines general requirements for the entire project. Except maybe clang?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 1 of 20 files at r2, 1 of 37 files at r3.
Reviewable status: 3 of 54 files reviewed, 5 unresolved discussions (waiting on @aniampio and @jmwample)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 1 of 37 files at r3.
Reviewable status: 4 of 54 files reviewed, 5 unresolved discussions (waiting on @aniampio and @jmwample)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 1 of 37 files at r3.
Reviewable status: 5 of 54 files reviewed, 5 unresolved discussions (waiting on @aniampio and @jmwample)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 1 of 26 files at r1, 10 of 20 files at r2, 1 of 37 files at r3.
Reviewable status: 17 of 54 files reviewed, 7 unresolved discussions (waiting on @aniampio and @jmwample)
.github/workflows/ci-nym-vpn-core-macos.yml
line 49 at r3 (raw file):
- name: Install script dependencies run: brew install gnu-getopt
Same here
nym-vpn-core/crates/nym-gateway-probe/netstack_ping/go.mod
line 5 at r3 (raw file):
go 1.22.3 toolchain go1.23.1
It looks like toolchain is set to go1.23 but go itself is still at 1.22. I am certain what that means in practice.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 4 of 20 files at r2, 33 of 37 files at r3, all commit messages.
Reviewable status: all files reviewed, 7 unresolved discussions (waiting on @aniampio and @jmwample)
PR allowing for drop in replacement of
wireguard-go
withamneziawg
.In total this is pretty straight-forward - the amnezia lib uses the same external interface but has extra (optional) arguments that are added as part of the String configuration passed in on initialization. So we swap out the library paths and then add in the options and things just work.
For now, this PR is a client change only. And as none of the servers support the more advanced features of amnezia, we cannot use handshake (init or response) message padding or header remapping yet.
For the Parameters that we can set there is no requirement that they match or even stay constant. So we can hard code them in for now, or (if we want) randomize them on the client on connection startup using amnezia.
What do these parameters do?
jc
- enables junk packets preceding the handshake init messagejmin
- sets the lower bound for the size of junk packetsjmax
- sets the upper bound for the size of junk packetsHow does Amnezia actually differ from wireguard?
Changes 2, 3, and 4 REQUIRE both client and server to run AmneziaWG with matching configuration options S1, S2, H1, H2, H3, and H4.
General Question(s)
How do we want to make this available?
This change is