nymtech · jmwample · Oct 17, 2024 · Oct 30, 2024 · Oct 30, 2024 · Oct 30, 2024
diff --git a/.github/workflows/ci-nym-vpn-core-ios.yml b/.github/workflows/ci-nym-vpn-core-ios.yml
@@ -46,6 +46,9 @@ jobs:
           version: "21.12" # 3.21.12: the version on ubuntu 24.04. Don't change this!
           repo-token: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Install script dependencies
+        run: brew install gnu-getopt
+
       - name: Build wireguard
         shell: bash
         run: |

diff --git a/.github/workflows/ci-nym-vpn-core-macos.yml b/.github/workflows/ci-nym-vpn-core-macos.yml
@@ -24,7 +24,7 @@ jobs:
           rm -rf ./* || true
           rm -rf ./.??* || true
           ls -la ./
-      
+
       - name: Checkout repo
         uses: actions/checkout@v4
 
@@ -45,6 +45,9 @@ jobs:
           version: "21.12" # 3.21.12: the version on ubuntu 24.04. Don't change this!
           repo-token: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Install script dependencies
+        run: brew install gnu-getopt
+
       - name: Build wireguard
         shell: bash
         run: |

diff --git a/Makefile b/Makefile
@@ -6,6 +6,9 @@ all: build-wireguard build-nym-vpn-core
 build-wireguard:
 	./wireguard/build-wireguard-go.sh
 
+build-amnezia-wg:
+	./wireguard/build-wireguard-go.sh --amnezia
+
 build-wireguard-ios:
 	./wireguard/build-wireguard-go.sh --ios
 

diff --git a/nym-vpn-core/Cargo.lock b/nym-vpn-core/Cargo.lock
diff --git a/nym-vpn-core/Cargo.toml b/nym-vpn-core/Cargo.toml
@@ -94,7 +94,7 @@ prost-types = "0.12.6"
 rand = "0.8.5"
 rand_chacha = "0.3.1"
 reqwest = { version = "0.11.27", default-features = false }
-rust2go = "0.3.4"
+rust2go = "0.3.16"
 serde = "1.0"
 serde_json = "1.0"
 sha2 = "0.10"

diff --git a/nym-vpn-core/crates/nym-gateway-probe/README.md b/nym-vpn-core/crates/nym-gateway-probe/README.md
@@ -0,0 +1,56 @@
+# Nym Gateway Probe
+
+Probe IPv4 and IPv6 interfaces of available gateways to check for the
+set that passes a set of minumum service guarantees.
+
+
+## Build
+
+These instructions assume a debian based system. Adjust accordingly for your
+preffered platform.
+
+Install required dependencies
+```sh
+sudo apt install libdbus-1-dev libmnl-dev libnftnl-dev protobuf-compiler clang
+```
+
+
+Build piece by piece
+```sh
+cd nym-vpn-core/
+# build the prober
+cargo build -p nym-gateway-probe
+```
+
+You may need to adjust your `RUSTFLAGS` or `.cargo/config.toml` to ensure that
+the golang wireguard library links properly.
+
+## Usage
+
+```sh
+Usage: nym-gateway-probe [OPTIONS]
+
+Options:
+  -c, --config-env-file <CONFIG_ENV_FILE>
+          Path pointing to an env file describing the network
+  -g, --gateway <GATEWAY>
+          The specific gateway specified by ID
+  -n, --no-log
+          Disable logging during probe
+  -a, --amnezia-args <AMNEZIA_ARGS>
+          Arguments to be appended to the wireguard config enabling amnezia-wg configuration
+  -h, --help
+          Print help
+  -V, --version
+          Print version
+```
+
+Examples
+
+```sh
+# Run a basic probe against the node with id "qj3GgGYg..."
+nym-gateway-probe -g "qj3GgGYgGZZ3HkFrtD1GU9UJ5oNXME9eD2xtmPLqYYw"
+
+# Run a probe against the node with id "qj3GgGYg..." using amnezia with junk packets enabled.
+nym-gateway-probe -g "qj3GgGYgGZZ3HkFrtD1GU9UJ5oNXME9eD2xtmPLqYYw" -a "Jc=4\nJmin=40\mJmax=70\n"
+```
diff --git a/nym-vpn-core/crates/nym-gateway-probe/netstack_ping/gen.go b/nym-vpn-core/crates/nym-gateway-probe/netstack_ping/gen.go
@@ -38,6 +38,7 @@ typedef struct NetstackRequestRef {
   uint8_t num_ping;
   uint64_t send_timeout_sec;
   uint64_t recv_timeout_sec;
+  struct StringRef awg_args;
 } NetstackRequestRef;
 
 // hack from: https://stackoverflow.com/a/69904977
@@ -225,6 +226,7 @@ type NetstackRequest struct {
 	num_ping         uint8
 	send_timeout_sec uint64
 	recv_timeout_sec uint64
+	awg_args         string
 }
 
 func newNetstackRequest(p C.NetstackRequestRef) NetstackRequest {
@@ -239,6 +241,7 @@ func newNetstackRequest(p C.NetstackRequestRef) NetstackRequest {
 		num_ping:         newC_uint8_t(p.num_ping),
 		send_timeout_sec: newC_uint64_t(p.send_timeout_sec),
 		recv_timeout_sec: newC_uint64_t(p.recv_timeout_sec),
+		awg_args:         newString(p.awg_args),
 	}
 }
 func cntNetstackRequest(s *NetstackRequest, cnt *uint) [0]C.NetstackRequestRef {
@@ -258,6 +261,7 @@ func refNetstackRequest(p *NetstackRequest, buffer *[]byte) C.NetstackRequestRef
 		num_ping:         refC_uint8_t(&p.num_ping, buffer),
 		send_timeout_sec: refC_uint64_t(&p.send_timeout_sec, buffer),
 		recv_timeout_sec: refC_uint64_t(&p.recv_timeout_sec, buffer),
+		awg_args:         refString(&p.awg_args, buffer),
 	}
 }
 

diff --git a/nym-vpn-core/crates/nym-gateway-probe/netstack_ping/go.mod b/nym-vpn-core/crates/nym-gateway-probe/netstack_ping/go.mod
@@ -1,14 +1,17 @@
 module github.com/nymtech/nym-vpn-client/nym-vpn-core/crates/nym-gateway-probe/netstack_ping
 
-go 1.22
+go 1.22.3
+
+toolchain go1.23.1
 
 require (
+	github.com/amnezia-vpn/amneziawg-go v0.2.12
 	golang.org/x/net v0.23.0
-	golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173
 )
 
 require (
 	github.com/google/btree v1.0.1 // indirect
+	github.com/tevino/abool/v2 v2.1.0 // indirect
 	golang.org/x/crypto v0.21.0 // indirect
 	golang.org/x/sys v0.18.0 // indirect
 	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect

diff --git a/nym-vpn-core/crates/nym-gateway-probe/netstack_ping/go.sum b/nym-vpn-core/crates/nym-gateway-probe/netstack_ping/go.sum
@@ -1,5 +1,9 @@
+github.com/amnezia-vpn/amneziawg-go v0.2.12 h1:CxIQETy5kZ0ip/dFBpmnDxAcS/KuIQaJkOxDv5OQhVI=
+github.com/amnezia-vpn/amneziawg-go v0.2.12/go.mod h1:d7WpNfzCRLy7ufGElJBYpD58WRmNjyLyt3IDHPY8AmM=
 github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
 github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
+github.com/tevino/abool/v2 v2.1.0 h1:7w+Vf9f/5gmKT4m4qkayb33/92M+Um45F2BkHOR+L/c=
+github.com/tevino/abool/v2 v2.1.0/go.mod h1:+Lmlqk6bHDWHqN1cbxqhwEAwMPXgc8I1SDEamtseuXY=
 golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
 golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
 golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
@@ -10,7 +14,5 @@ golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0k
 golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 h1:B82qJJgjvYKsXS9jeunTOisW56dUokqW/FOteYJJ/yg=
 golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI=
-golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173 h1:/jFs0duh4rdb8uIfPMv78iAJGcPKDeqAFnaLBropIC4=
-golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173/go.mod h1:tkCQ4FQXmpAgYVh++1cq16/dH4QJtmvpRv19DWGAHSA=
 gvisor.dev/gvisor v0.0.0-20230927004350-cbd86285d259 h1:TbRPT0HtzFP3Cno1zZo7yPzEEnfu8EjLfl6IU9VfqkQ=
 gvisor.dev/gvisor v0.0.0-20230927004350-cbd86285d259/go.mod h1:AVgIgHMwK63XvmAzWG9vLQ41YnVHN0du0tEC46fI7yY=
diff --git a/nym-vpn-core/crates/nym-gateway-probe/netstack_ping/impl.go b/nym-vpn-core/crates/nym-gateway-probe/netstack_ping/impl.go
@@ -8,11 +8,11 @@ import (
 	"strings"
 	"time"
 
+	"github.com/amnezia-vpn/amneziawg-go/conn"
+	"github.com/amnezia-vpn/amneziawg-go/device"
+	"github.com/amnezia-vpn/amneziawg-go/tun/netstack"
 	"golang.org/x/net/icmp"
 	"golang.org/x/net/ipv4"
-	"golang.zx2c4.com/wireguard/conn"
-	"golang.zx2c4.com/wireguard/device"
-	"golang.zx2c4.com/wireguard/tun/netstack"
 )
 
 type Netstack struct{}
@@ -36,6 +36,10 @@ func (Netstack) ping(req NetstackRequest) NetstackResponse {
 
 	ipc.WriteString("private_key=")
 	ipc.WriteString(req.private_key)
+	if req.awg_args != "" {
+		awg := strings.ReplaceAll(req.awg_args, "\\n", "\n")
+		ipc.WriteString(fmt.Sprintf("\n%s", awg))
+	}
 	ipc.WriteString("\npublic_key=")
 	ipc.WriteString(req.public_key)
 	ipc.WriteString("\nendpoint=")
@@ -45,6 +49,13 @@ func (Netstack) ping(req NetstackRequest) NetstackResponse {
 	response := NetstackResponse{false, 0, 0, 0, 0, false}
 
 	dev.IpcSet(ipc.String())
+
+	config, err := dev.IpcGet()
+	if err != nil {
+		log.Panic(err)
+	}
+	log.Printf("%s", config)
+
 	err = dev.Up()
 	if err != nil {
 		log.Panic(err)
@@ -69,15 +80,18 @@ func (Netstack) ping(req NetstackRequest) NetstackResponse {
 
 	for _, ip := range req.ping_ips {
 		for i := uint8(0); i < req.num_ping; i++ {
-			log.Printf("Pinging %s seq=%d", ip, i)
-			response.sent_ips += 1
-			rt, err := sendPing(ip, i, req.send_timeout_sec, req.recv_timeout_sec, tnet)
-			if err != nil {
-				log.Printf("Failed to send ping: %v\n", err)
-				continue
-			}
-			response.received_ips += 1
-			log.Printf("Ping latency: %v\n", rt)
+			func() {
+				defer time.Sleep(5 * time.Second)
+				log.Printf("Pinging %s seq=%d", ip, i)
+				response.sent_ips += 1
+				rt, err := sendPing(ip, i, req.send_timeout_sec, req.recv_timeout_sec, tnet)
+				if err != nil {
+					log.Printf("Failed to send ping: %v\n", err)
+					return
+				}
+				response.received_ips += 1
+				log.Printf("Ping latency: %v\n", rt)
+			}()
 		}
 	}