diff options
Diffstat (limited to 'internal')
| -rw-r--r-- | internal/cli/cli.go | 24 | ||||
| -rw-r--r-- | internal/wireguard/wireguard.go | 17 |
2 files changed, 34 insertions, 7 deletions
diff --git a/internal/cli/cli.go b/internal/cli/cli.go index 7d5a05c..0e3b8ad 100644 --- a/internal/cli/cli.go +++ b/internal/cli/cli.go @@ -167,8 +167,13 @@ func (a *App) ExecuteCommand(cfg *config.Config) error { // Acquire execution lock during configuration and startup inside the namespace lockFile, lockErr := namespace.AcquireProfileLock(pm, cfg.Profile) + var lockFileReleased bool if lockErr == nil { - defer namespace.ReleaseProfileLock(lockFile) + defer func() { + if !lockFileReleased { + namespace.ReleaseProfileLock(lockFile) + } + }() } if err := namespace.PruneStalePids(pm, cfg.Profile); err != nil { @@ -179,8 +184,17 @@ func (a *App) ExecuteCommand(cfg *config.Config) error { } defer func() { - // Re-acquire lock for the entire cleanup sequence to ensure atomic unregister and unpin - cleanupLock, cleanupErr := namespace.AcquireProfileLock(pm, cfg.Profile) + var cleanupLock *os.File + var cleanupErr error + + if lockErr == nil && !lockFileReleased { + // We already hold the lock, so we can just reuse lockFile for cleanup! + cleanupLock = lockFile + } else { + // Re-acquire lock for the entire cleanup sequence to ensure atomic unregister and unpin + cleanupLock, cleanupErr = namespace.AcquireProfileLock(pm, cfg.Profile) + } + if cleanupErr == nil { // 1. Unregister the process first. if err := namespace.UnregisterProcess(pm, cfg.Profile); err != nil { @@ -200,6 +214,9 @@ func (a *App) ExecuteCommand(cfg *config.Config) error { fmt.Printf("failed to unpin namespace: %v\n", err) } } + if lockErr == nil && !lockFileReleased { + lockFileReleased = true + } namespace.ReleaseProfileLock(cleanupLock) } else { // Fallback if lock fails to ensure we still unregister @@ -270,6 +287,7 @@ func (a *App) ExecuteCommand(cfg *config.Config) error { } // We can now release the startup lock and execute the command + lockFileReleased = true namespace.ReleaseProfileLock(lockFile) cmd := exec.Command(cfg.Command[0], cfg.Command[1:]...) diff --git a/internal/wireguard/wireguard.go b/internal/wireguard/wireguard.go index 3c293b4..e250dab 100644 --- a/internal/wireguard/wireguard.go +++ b/internal/wireguard/wireguard.go @@ -98,15 +98,17 @@ func StartTunnel(cfg *wgconf.Config, dnsServer string) (t *Tunnel, err error) { return nil, fmt.Errorf("failed to configure network interface %s: %w", tunName, err) } + var dnsFile string if path, err := ConfigureResolvConf(dnsServer); err != nil { fmt.Printf("warning: failed to configure DNS resolver: %v\n", err) } else { - t.dnsFile = path + dnsFile = path } return &Tunnel{ - Device: wgDev, - Tun: tunDev, + Device: wgDev, + Tun: tunDev, + dnsFile: dnsFile, }, nil } @@ -194,10 +196,17 @@ func configureInterface(name, address string, mtu int) error { } } + var dst *net.IPNet + if addr.IP.To4() != nil { + _, dst, _ = net.ParseCIDR("0.0.0.0/0") + } else { + _, dst, _ = net.ParseCIDR("::/0") + } + route := &netlink.Route{ Scope: netlink.SCOPE_UNIVERSE, LinkIndex: link.Attrs().Index, - Dst: nil, + Dst: dst, } if err := netlink.RouteAdd(route); err != nil { |