docker-tests: use userspace wireguard

docker-tests/Dockerfile.innernet

@@ -1,41 +1,56 @@
 ####################################################################################################
 ## Builder
 ####################################################################################################
-FROM rust as planner
+FROM rust:slim as planner
-RUN apt-get update && apt-get install -y build-essential musl-tools musl-dev clang libclang-dev libsqlite3-dev
+RUN apt-get update && apt-get install -y build-essential clang libclang-dev libsqlite3-dev
-RUN update-ca-certificates
 WORKDIR /app
 RUN cargo install cargo-chef 
 COPY . .
 RUN cargo chef prepare --recipe-path recipe.json
 
-FROM rust as cacher
+FROM rust:slim as cacher
-RUN apt-get update && apt-get install -y build-essential musl-tools musl-dev clang libclang-dev libsqlite3-dev
+RUN apt-get update && apt-get install -y build-essential clang libclang-dev libsqlite3-dev
-RUN update-ca-certificates
 WORKDIR /app
 RUN cargo install cargo-chef
 COPY --from=planner /app/recipe.json recipe.json
 RUN cargo chef cook --release --recipe-path recipe.json
 
-FROM rust as builder
+FROM rust:slim as builder
-RUN apt-get update && apt-get install -y build-essential musl-tools musl-dev clang libclang-dev libsqlite3-dev
+RUN apt-get update && apt-get install -y build-essential clang libclang-dev libsqlite3-dev
-RUN update-ca-certificates
 WORKDIR /app
+
 COPY . .
 COPY --from=cacher /app/target target
 RUN cargo build --release --bin innernet
 RUN strip /app/target/release/innernet
 
+FROM golang:latest as wireguard
+ARG wg_go_tag=0.0.20210323
+ARG wg_tools_tag=v1.0.20210315
+RUN apt-get update && apt-get install -y git
+
+RUN git clone -b $wg_go_tag --depth 1 https://git.zx2c4.com/wireguard-go && \
+    cd wireguard-go && \
+    make && \
+    make install
+
+ENV WITH_WGQUICK=yes
+RUN git clone -b $wg_tools_tag --depth 1 https://git.zx2c4.com/wireguard-tools && \
+    cd wireguard-tools && \
+    cd src && \
+    make && \
+    make install
+
 ####################################################################################################
 ## Final image
 ####################################################################################################
-FROM ubuntu:latest
+FROM debian:buster-slim
 RUN apt-get update && apt-get install -y libsqlite3-dev iproute2 iputils-ping && rm -rf /var/lib/apt/lists/*
 
 WORKDIR /app
 
-
 COPY ./docker-tests/start-client.sh ./
+COPY --from=wireguard /usr/bin/wireguard-go /usr/bin/wg* /usr/bin/
 COPY --from=builder /app/target/release/innernet /usr/bin/
 
 CMD ["/app/start-client.sh"]

docker-tests/Dockerfile.innernet-server

@@ -1,40 +1,55 @@
 ####################################################################################################
 ## Builder
 ####################################################################################################
-FROM rust as planner
+FROM rust:slim as planner
-RUN apt-get update && apt-get install -y build-essential musl-tools musl-dev clang libclang-dev libsqlite3-dev
+RUN apt-get update && apt-get install -y build-essential clang libclang-dev libsqlite3-dev
-RUN update-ca-certificates
 WORKDIR /app
 RUN cargo install cargo-chef 
 COPY . .
 RUN cargo chef prepare --recipe-path recipe.json
 
-FROM rust as cacher
+FROM rust:slim as cacher
-RUN apt-get update && apt-get install -y build-essential musl-tools musl-dev clang libclang-dev libsqlite3-dev
+RUN apt-get update && apt-get install -y build-essential clang libclang-dev libsqlite3-dev
-RUN update-ca-certificates
 WORKDIR /app
 RUN cargo install cargo-chef
 COPY --from=planner /app/recipe.json recipe.json
 RUN cargo chef cook --release --recipe-path recipe.json
 
-FROM rust as builder
+FROM rust:slim as builder
-RUN apt-get update && apt-get install -y build-essential musl-tools musl-dev clang libclang-dev libsqlite3-dev
+RUN apt-get update && apt-get install -y build-essential clang libclang-dev libsqlite3-dev
-RUN update-ca-certificates
 WORKDIR /app
+
 COPY . .
 COPY --from=cacher /app/target target
 RUN cargo build --release --bin innernet-server
 RUN strip /app/target/release/innernet-server
 
+FROM golang:latest as wireguard
+ARG wg_go_tag=0.0.20210323
+ARG wg_tools_tag=v1.0.20210315
+RUN apt-get update && apt-get install -y git
+
+RUN git clone -b $wg_go_tag --depth 1 https://git.zx2c4.com/wireguard-go && \
+    cd wireguard-go && \
+    make && \
+    make install
+
+ENV WITH_WGQUICK=yes
+RUN git clone -b $wg_tools_tag --depth 1 https://git.zx2c4.com/wireguard-tools && \
+    cd wireguard-tools && \
+    cd src && \
+    make && \
+    make install
+
 ####################################################################################################
 ## Final image
 ####################################################################################################
-FROM ubuntu:latest
+FROM debian:buster-slim
 RUN apt-get update && apt-get install -y libsqlite3-dev iproute2 iputils-ping && rm -rf /var/lib/apt/lists/*
-
 WORKDIR /app
 
 COPY ./docker-tests/start-server.sh ./
+COPY --from=wireguard /usr/bin/wireguard-go /usr/bin/wg* /usr/bin/
 COPY --from=builder /app/target/release/innernet-server /usr/bin/
 EXPOSE 51820/udp
 

docker-tests/run-docker-tests.sh

@@ -32,11 +32,14 @@ info "Creating network."
 NETWORK=$(cmd docker network create -d bridge --subnet=172.18.0.0/16 innernet)
 
 info "Starting server."
-SERVER_CONTAINER=$(cmd docker run -itd --rm \
+SERVER_CONTAINER=$(cmd docker create -it --rm \
     --network "$NETWORK" \
     --ip 172.18.1.1 \
+    --volume /dev/net/tun:/dev/net/tun \
+    --env RUST_LOG=debug \
     --cap-add NET_ADMIN \
     innernet-server)
+cmd docker start -a "$SERVER_CONTAINER" &
 
 info "server started as $SERVER_CONTAINER"
 info "Waiting for server to initialize."
@@ -47,13 +50,14 @@ cmd docker cp "$SERVER_CONTAINER:/app/peer1.toml" "$tmp_dir"
 PEER1_CONTAINER=$(cmd docker create --rm -it \
     --network "$NETWORK" \
     --ip 172.18.1.2 \
+    --volume /dev/net/tun:/dev/net/tun \
     --env INTERFACE=evilcorp \
     --cap-add NET_ADMIN \
     innernet)
 info "peer1 started as $PEER1_CONTAINER"
 cmd docker cp "$tmp_dir/peer1.toml" "$PEER1_CONTAINER:/app/invite.toml"
 cmd docker start "$PEER1_CONTAINER"
-sleep 5
+sleep 10
 
 info "Creating a new CIDR from first peer."
 cmd docker exec "$PEER1_CONTAINER" innernet \
@@ -85,6 +89,7 @@ info "Starting second peer."
 PEER2_CONTAINER=$(docker create --rm -it \
     --network "$NETWORK" \
     --ip 172.18.1.3 \
+    --volume /dev/net/tun:/dev/net/tun \
     --cap-add NET_ADMIN \
     --env INTERFACE=evilcorp \
     innernet)

docker-tests/start-client.sh

@@ -1,14 +1,16 @@
 #!/bin/bash
 set -e
 
+DEFAULT_ARGS="--backend userspace"
+
 INTERFACE="${INTERFACE:-innernet}"
-innernet install \
+innernet $DEFAULT_ARGS install \
     --name "$INTERFACE" \
     --delete-invite \
     --no-write-hosts \
     /app/invite.toml
 
 while true; do
-    innernet up --no-write-hosts "$INTERFACE"
+    innernet $DEFAULT_ARGS up --no-write-hosts "$INTERFACE"
     sleep 1
 done

docker-tests/start-server.sh

@@ -1,19 +1,27 @@
 #!/bin/bash
 set -e
 
-innernet-server new \
+DEFAULT_ARGS="--backend userspace"
+
+innernet-server \
+    $DEFAULT_ARGS \
+    new \
     --network-name "evilcorp" \
     --network-cidr "10.66.0.0/16" \
     --external-endpoint "172.18.1.1:51820" \
     --listen-port 51820
 
-innernet-server add-cidr evilcorp \
+innernet-server \
+    $DEFAULT_ARGS \
+    add-cidr evilcorp \
     --name "humans" \
     --cidr "10.66.1.0/24" \
     --parent "evilcorp" \
     --yes
 
-innernet-server add-peer evilcorp \
+innernet-server \
+    $DEFAULT_ARGS \
+    add-peer evilcorp \
     --name "admin" \
     --cidr "humans" \
     --admin true \
@@ -22,4 +30,4 @@ innernet-server add-peer evilcorp \
     --invite-expires "30d" \
     --yes
 
-innernet-server serve evilcorp
+innernet-server $DEFAULT_ARGS serve evilcorp