From ee2f5d545825752af63da36e2b9ec7a92985a875 Mon Sep 17 00:00:00 2001 From: James O'Doherty Date: Fri, 29 May 2026 18:29:12 -0400 Subject: feat: implement userspace wireguard data-path and unprivileged host fd-passing - Implement complete rootless network namespace bootstrap via C launcher using unshare(CLONE_NEWUSER | CLONE_NEWNS | CLONE_NEWNET). - Resolve unprivileged network isolation blackhole via host-socket preservation (FD passing): open client UDP sockets on the host pre-isolation, clear O_CLOEXEC, and ingest them via custom `FDBind` inside the sandbox. - Implement isolated routing table automation over `tun0` (addresses, MTU, default routes). - Implement persistent, multi-process namespace sharing and joining using reference-counted PID files and the setns system call. - Write robust, self-contained E2E data plane test suites in `tests/e2e/e2e_test.go` using a mock UDP listener. - Update project documentation (`README.md` and `AGENTS.md`) to reflect completed milestones. - Ensure 100% test passing rate and zero lint/staticcheck warnings. --- internal/wireguard/wireguard_stub.go | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'internal/wireguard/wireguard_stub.go') diff --git a/internal/wireguard/wireguard_stub.go b/internal/wireguard/wireguard_stub.go index a6b8dac..47d7b41 100644 --- a/internal/wireguard/wireguard_stub.go +++ b/internal/wireguard/wireguard_stub.go @@ -2,4 +2,19 @@ package wireguard -// The wireguard package provides stubs for non-Linux platforms. +import ( + "fmt" + "git.theodohertyfamily.com/tools/wg-wrap/pkg/wgconf" +) + +type Tunnel struct{} + +func StartTunnel(cfg *wgconf.Config) (*Tunnel, error) { + return nil, fmt.Errorf("wireguard tunnel is not supported on non-Linux platforms") +} + +func (t *Tunnel) Close() {} + +func GetTunnelLocalIP(cfg *wgconf.Config) (string, error) { + return "", fmt.Errorf("wireguard tunnel is not supported on non-Linux platforms") +} -- cgit v1.2.3