git: d084bebb805e - 2025Q4 - net/amnezia-tools: Fix endpoints and DNS tracking, detach from terminal on start
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 19 Oct 2025 23:02:39 UTC
The branch 2025Q4 has been updated by vvd:
URL: https://cgit.FreeBSD.org/ports/commit/?id=d084bebb805e06c98b492a8e85609fb1994ac625
commit d084bebb805e06c98b492a8e85609fb1994ac625
Author: Vova <vova@fbsd.ru>
AuthorDate: 2025-10-19 22:59:54 +0000
Commit: Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2025-10-19 23:02:32 +0000
net/amnezia-tools: Fix endpoints and DNS tracking, detach from terminal on start
Various fixes startup:
- fix endpoints tracking
- fix failure in case of DNS server is not responding on startup and
retries allowed
- properly detach from terminal on system start
- minor formating fixes
PR: 290370
MFH: 2025Q4
(cherry picked from commit 9e8de91067211df89db58f3601d78bdc33ce13ea)
---
net/amnezia-tools/Makefile | 6 ++-
net/amnezia-tools/files/amnezia.in | 2 +-
net/amnezia-tools/files/patch-config.c | 9 ++++
.../files/patch-wg-quick_freebsd.bash | 53 +++++++++++++++-------
4 files changed, 51 insertions(+), 19 deletions(-)
diff --git a/net/amnezia-tools/Makefile b/net/amnezia-tools/Makefile
index ead229b31481..e08b9a55ec85 100644
--- a/net/amnezia-tools/Makefile
+++ b/net/amnezia-tools/Makefile
@@ -1,7 +1,7 @@
PORTNAME= amnezia
DISTVERSIONPREFIX= v
DISTVERSION= 1.0.20241018
-PORTREVISION= 2
+PORTREVISION= 3
CATEGORIES= net net-vpn
PKGNAMESUFFIX= -tools
@@ -21,7 +21,9 @@ USE_RC_SUBR= ${PORTNAME}
SHEBANG_FILES= wg-quick/freebsd.bash
-MAKE_ARGS+= DEBUG=no WITH_BASHCOMPLETION=yes WITH_SYSTEMDUNITS=no
+MAKE_ARGS+= DEBUG=no \
+ WITH_BASHCOMPLETION=yes \
+ WITH_SYSTEMDUNITS=no
MAKE_ENV+= MANDIR="${PREFIX}/share/man" \
SYSCONFDIR="${PREFIX}/etc"
diff --git a/net/amnezia-tools/files/amnezia.in b/net/amnezia-tools/files/amnezia.in
index 98010c013bdb..893d7e58677c 100644
--- a/net/amnezia-tools/files/amnezia.in
+++ b/net/amnezia-tools/files/amnezia.in
@@ -37,7 +37,7 @@ amnezia_start()
[ -n "${kmod}" ] && kldstat -q -n ${kmod} || kldload -n ${kmod}
for interface in ${amnezia_interfaces}; do
- %%PREFIX%%/bin/awg-quick up ${interface}
+ daemon %%PREFIX%%/bin/awg-quick up ${interface}
done
}
diff --git a/net/amnezia-tools/files/patch-config.c b/net/amnezia-tools/files/patch-config.c
index 4e07d978251a..68d939b8e675 100644
--- a/net/amnezia-tools/files/patch-config.c
+++ b/net/amnezia-tools/files/patch-config.c
@@ -1,5 +1,14 @@
--- config.c.orig 2024-10-01 13:02:42 UTC
+++ config.c
+@@ -252,7 +252,7 @@ static inline bool parse_endpoint(struct sockaddr *end
+ *
+ * So this is what we do, except FreeBSD removed EAI_NODATA some time ago, so that's conditional.
+ */
+- if (ret == EAI_NONAME || ret == EAI_FAIL ||
++ if (ret == EAI_FAIL ||
+ #ifdef EAI_NODATA
+ ret == EAI_NODATA ||
+ #endif
@@ -337,6 +337,20 @@ static bool validate_netmask(struct wgallowedip *allow
return true;
}
diff --git a/net/amnezia-tools/files/patch-wg-quick_freebsd.bash b/net/amnezia-tools/files/patch-wg-quick_freebsd.bash
index 6d218f256182..8ac17f331400 100644
--- a/net/amnezia-tools/files/patch-wg-quick_freebsd.bash
+++ b/net/amnezia-tools/files/patch-wg-quick_freebsd.bash
@@ -1,4 +1,4 @@
---- wg-quick/freebsd.bash.orig 2024-10-01 13:02:42 UTC
+--- wg-quick/freebsd.bash.orig 2025-10-19 18:21:50 UTC
+++ wg-quick/freebsd.bash
@@ -25,11 +25,20 @@ CONFIG_FILE=""
POST_DOWN=( )
@@ -15,7 +15,7 @@
+
+declare -A ROUTES
-+declare -A ENDPOINTS
++declare -A ENDPOINTS_MAP
+
+
cmd() {
@@ -74,14 +74,14 @@
+ Endpoint)
+ endpoint_host="${value%%:*}"
+ if ! [[ "$endpoint_host" =~ ^[0-9]+ ]]; then
-+ ENDPOINTS["$last_public_key"]="$endpoint_host"
++ ENDPOINTS_MAP["$last_public_key"]="$endpoint_host"
+ fi
+ ;;
+ esac
fi
WG_CONFIG+="$line"$'\n'
done < "$CONFIG_FILE"
-@@ -129,12 +154,15 @@ add_if() {
+@@ -129,19 +154,22 @@ add_if() {
add_if() {
local ret rc
@@ -101,6 +101,14 @@
fi
rc=$?
if [[ $ret == *"ifconfig: ioctl SIOCSIFNAME (set name): File exists"* ]]; then
+ echo "$ret" >&3
+ return $rc
+ fi
+- echo "[!] Missing WireGuard kernel support ($ret). Falling back to slow userspace implementation." >&3
++ echo "[!] Missing Amnezia kernel support ($ret). Falling back to slow userspace implementation." >&3
+ cmd "${WG_QUICK_USERSPACE_IMPLEMENTATION:-amneziawg-go}" "$INTERFACE"
+ }
+
@@ -209,7 +237,7 @@ set_mtu() {
[[ ${BASH_REMATCH[1]} == *:* ]] && family=inet6
output="$(route -n get "-$family" "${BASH_REMATCH[1]}" || true)"
@@ -140,7 +148,7 @@
ifconfig "$INTERFACE" >/dev/null 2>&1 || break
[[ $AUTO_ROUTE4 -eq 1 || $AUTO_ROUTE6 -eq 1 ]] && set_endpoint_direct_route
# TODO: set the mtu as well, but only if up
-@@ -316,6 +344,77 @@ monitor_daemon() {
+@@ -316,6 +344,76 @@ monitor_daemon() {
kill $pid) & disown
}
@@ -178,7 +186,6 @@
+ [[ $TRACK_DNS_CHANGES -eq 0 ]] && return 0
+
+ echo "[+] Backgrounding DNS tracker" >&2
-+ exec >/dev/null 2>&1
+
+ pid_file="$(tracker_pid_file)"
+ [[ -f "$pid_file" ]] && kill $(cat "$pid_file") 2>/dev/null || true
@@ -193,7 +200,7 @@
+
+ $cmd awg showconf "$INTERFACE" 2> /dev/null | wg_endpoints | \
+ while read -r pk peer_ip port; do
-+ peer_host="${ENDPOINTS[$pk]}"
++ peer_host="${ENDPOINTS_MAP[$pk]}"
+ if [[ -n "$peer_host" ]]; then
+ host_ip=$(host "$peer_host" 2>/dev/null | awk '/has address/ { print $4; exit; }') || continue
+
@@ -210,7 +217,7 @@
+ done
+
+ done
-+ ) & disown
++ ) </dev/null >/dev/null 2>&1 3>&- & disown
+ echo "$!" > "$pid_file"
+}
+
@@ -218,7 +225,7 @@
HAVE_SET_DNS=0
set_dns() {
[[ ${#DNS[@]} -gt 0 ]] || return 0
-@@ -354,7 +453,7 @@ set_config() {
+@@ -354,7 +452,7 @@ set_config() {
}
set_config() {
@@ -227,7 +234,7 @@
}
save_config() {
-@@ -386,7 +485,7 @@ save_config() {
+@@ -386,7 +484,7 @@ save_config() {
done
old_umask="$(umask)"
umask 077
@@ -236,7 +243,21 @@
trap 'rm -f "$CONFIG_FILE.tmp"; clean_temp; exit' INT TERM EXIT
echo "${current_config/\[Interface\]$'\n'/$new_config}" > "$CONFIG_FILE.tmp" || die "Could not write configuration file"
sync "$CONFIG_FILE.tmp"
-@@ -433,6 +532,20 @@ cmd_usage() {
+@@ -412,7 +510,7 @@ cmd_usage() {
+ followed by \`.conf'. Otherwise, INTERFACE is an interface name, with
+ configuration found at:
+ ${CONFIG_SEARCH_PATHS[@]/%//INTERFACE.conf}.
+- It is to be readable by wg(8)'s \`setconf' sub-command, with the exception
++ It is to be readable by awg(8)'s \`setconf' sub-command, with the exception
+ of the following additions to the [Interface] section, which are handled
+ by $PROGRAM:
+
+@@ -429,10 +527,24 @@ cmd_usage() {
+ - SaveConfig: if set to \`true', the configuration is saved from the current
+ state of the interface upon shutdown.
+
+- See wg-quick(8) for more info and examples.
++ See awg-quick(8) for more info and examples.
_EOF
}
@@ -257,7 +278,7 @@
cmd_up() {
local i
[[ -z $(ifconfig "$INTERFACE" 2>/dev/null) ]] || die "\`$INTERFACE' already exists"
-@@ -446,26 +559,31 @@ cmd_up() {
+@@ -446,26 +558,31 @@ cmd_up() {
set_mtu
up_if
set_dns
@@ -274,7 +295,7 @@
cmd_down() {
- [[ " $(wg show interfaces) " == *" $INTERFACE "* ]] || die "\`$INTERFACE' is not a WireGuard interface"
-+ [[ " $(awg show interfaces) " == *" $INTERFACE "* ]] || die "\`$INTERFACE' is not a WireGuard interface"
++ [[ " $(awg show interfaces) " == *" $INTERFACE "* ]] || die "\`$INTERFACE' is not a Amnezia interface"
execute_hooks "${PRE_DOWN[@]}"
[[ $SAVE_CONFIG -eq 0 ]] || save_config
del_if
@@ -288,11 +309,11 @@
cmd_save() {
- [[ " $(wg show interfaces) " == *" $INTERFACE "* ]] || die "\`$INTERFACE' is not a WireGuard interface"
-+ [[ " $(awg show interfaces) " == *" $INTERFACE "* ]] || die "\`$INTERFACE' is not a WireGuard interface"
++ [[ " $(awg show interfaces) " == *" $INTERFACE "* ]] || die "\`$INTERFACE' is not a Amnezia interface"
save_config
}
-@@ -473,6 +591,10 @@ cmd_strip() {
+@@ -473,6 +590,10 @@ cmd_strip() {
echo "$WG_CONFIG"
}
@@ -303,7 +324,7 @@
# ~~ function override insertion point ~~
make_temp
-@@ -496,6 +618,10 @@ elif [[ $# -eq 2 && $1 == strip ]]; then
+@@ -496,6 +617,10 @@ elif [[ $# -eq 2 && $1 == strip ]]; then
auto_su
parse_options "$2"
cmd_strip