WireGuard config: Replace kernelMode with noKernelTun

#3871 (comment)

Author: RPRX

infra/conf/wireguard.go

@@ -1,10 +1,8 @@
 package conf
 
 import (
-	"context"
 	"encoding/base64"
 	"encoding/hex"
-	"fmt"
 	"strings"
 
 	"github.com/xtls/xray-core/common/errors"
@@ -53,8 +51,7 @@ func (c *WireGuardPeerConfig) Build() (proto.Message, error) {
 type WireGuardConfig struct {
 	IsClient bool `json:""`
 
-	KernelTun      *bool                  `json:"kernelTun"`
-	KernelMode     *bool                  `json:"kernelMode"`
+	NoKernelTun    bool                   `json:"noKernelTun"`
 	SecretKey      string                 `json:"secretKey"`
 	Address        []string               `json:"address"`
 	Peers          []*WireGuardPeerConfig `json:"peers"`
@@ -121,26 +118,7 @@ func (c *WireGuardConfig) Build() (proto.Message, error) {
 	}
 
 	config.IsClient = c.IsClient
-	kernelTunSupported, err := wireguard.KernelTunSupported()
-	if err != nil {
-		errors.LogWarning(context.Background(), fmt.Sprintf("Failed to check kernel TUN support: %v. This may indicate that your OS doesn't support kernel TUN or you lack the necessary permissions. Please ensure you have the required privileges.", err))
-		config.KernelMode = false
-		return config, nil
-	}
-	if c.KernelMode == nil {
-		c.KernelMode = c.KernelTun
-	}
-	if c.KernelMode != nil {
-		config.KernelMode = *c.KernelMode
-		if config.KernelMode && !kernelTunSupported {
-			errors.LogWarning(context.Background(), "kernel TUN is not supported on your OS or permission is insufficient")
-		}
-	} else {
-		config.KernelMode = kernelTunSupported
-		if config.KernelMode {
-			errors.LogDebug(context.Background(), "kernel TUN is enabled as it's supported and permission is sufficient")
-		}
-	}
+	config.NoKernelTun = c.NoKernelTun
 
 	return config, nil
 }

infra/conf/wireguard_test.go

@@ -26,7 +26,7 @@ func TestWireGuardConfig(t *testing.T) {
 				"mtu": 1300,
 				"workers": 2,
 				"domainStrategy": "ForceIPv6v4",
-				"kernelMode": false
+				"noKernelTun": false
 			}`,
 			Parser: loadJSON(creator),
 			Output: &wireguard.DeviceConfig{
@@ -45,7 +45,7 @@ func TestWireGuardConfig(t *testing.T) {
 				Mtu:            1300,
 				NumWorkers:     2,
 				DomainStrategy: wireguard.DeviceConfig_FORCE_IP64,
-				KernelMode:     false,
+				NoKernelTun:    false,
 			},
 		},
 	})

proxy/wireguard/config.go

@@ -1,5 +1,11 @@
 package wireguard
 
+import (
+	"context"
+
+	"github.com/xtls/xray-core/common/errors"
+)
+
 func (c *DeviceConfig) preferIP4() bool {
 	return c.DomainStrategy == DeviceConfig_FORCE_IP ||
 		c.DomainStrategy == DeviceConfig_FORCE_IP4 ||
@@ -25,8 +31,17 @@ func (c *DeviceConfig) fallbackIP6() bool {
 }
 
 func (c *DeviceConfig) createTun() tunCreator {
-	if c.KernelMode {
-		return createKernelTun
+	if c.NoKernelTun {
+		return createGVisorTun
+	}
+	kernelTunSupported, err := KernelTunSupported()
+	if err != nil {
+		errors.LogWarning(context.Background(), "Using gVisor TUN. Failed to check kernel TUN support:", err)
+		return createGVisorTun
+	}
+	if !kernelTunSupported {
+		errors.LogWarning(context.Background(), "Using gVisor TUN. Kernel TUN is not supported on your OS, or your permission is insufficient.)")
+		return createGVisorTun
 	}
-	return createGVisorTun
+	return createKernelTun
 }

proxy/wireguard/config.pb.go

@@ -30,5 +30,5 @@ message DeviceConfig {
   bytes reserved = 6;
   DomainStrategy domain_strategy = 7;
   bool is_client = 8;
-  bool kernel_mode = 9;
+  bool no_kernel_tun = 9;
 }

proxy/wireguard/config.proto

@@ -48,13 +48,13 @@ func TestWireguard(t *testing.T) {
 					Listen:   net.NewIPOrDomain(net.LocalHostIP),
 				}),
 				ProxySettings: serial.ToTypedMessage(&wireguard.DeviceConfig{
-					IsClient: false,
-					KernelMode: false,
-					Endpoint: []string{"10.0.0.1"},
-					Mtu: 1420,
-					SecretKey: serverPrivate,
+					IsClient:    false,
+					NoKernelTun: false,
+					Endpoint:    []string{"10.0.0.1"},
+					Mtu:         1420,
+					SecretKey:   serverPrivate,
 					Peers: []*wireguard.PeerConfig{{
-						PublicKey: serverPublic,
+						PublicKey:  serverPublic,
 						AllowedIps: []string{"0.0.0.0/0", "::0/0"},
 					}},
 				}),
@@ -82,23 +82,23 @@ func TestWireguard(t *testing.T) {
 					Listen:   net.NewIPOrDomain(net.LocalHostIP),
 				}),
 				ProxySettings: serial.ToTypedMessage(&dokodemo.Config{
-					Address: net.NewIPOrDomain(dest.Address),
-					Port:    uint32(dest.Port),
+					Address:  net.NewIPOrDomain(dest.Address),
+					Port:     uint32(dest.Port),
 					Networks: []net.Network{net.Network_TCP},
 				}),
 			},
 		},
 		Outbound: []*core.OutboundHandlerConfig{
 			{
 				ProxySettings: serial.ToTypedMessage(&wireguard.DeviceConfig{
-					IsClient: true,
-					KernelMode: false,
-					Endpoint: []string{"10.0.0.2"},
-					Mtu: 1420,
-					SecretKey: clientPrivate,
+					IsClient:    true,
+					NoKernelTun: false,
+					Endpoint:    []string{"10.0.0.2"},
+					Mtu:         1420,
+					SecretKey:   clientPrivate,
 					Peers: []*wireguard.PeerConfig{{
-						Endpoint: "127.0.0.1:" + serverPort.String(),
-						PublicKey: clientPublic,
+						Endpoint:   "127.0.0.1:" + serverPort.String(),
+						PublicKey:  clientPublic,
 						AllowedIps: []string{"0.0.0.0/0", "::0/0"},
 					}},
 				}),
@@ -119,4 +119,4 @@ func TestWireguard(t *testing.T) {
 	// if err := errg.Wait(); err != nil {
 	// 	t.Error(err)
 	// }
-}
+}