Add reserved to WireGuard config

Fixes #1730

infra/conf/wireguard.go

@@ -52,6 +52,7 @@ type WireGuardConfig struct {
 	Peers      []*WireGuardPeerConfig `json:"peers"`
 	MTU        int                    `json:"mtu"`
 	NumWorkers int                    `json:"workers"`
+	Reserved   []byte                 `json:"reserved"`
 }
 
 func (c *WireGuardConfig) Build() (proto.Message, error) {
@@ -90,6 +91,11 @@ func (c *WireGuardConfig) Build() (proto.Message, error) {
 	// we don't need to process fallback manually
 	config.NumWorkers = int32(c.NumWorkers)
 
+	if len(c.Reserved) != 0 && len(c.Reserved) != 3 {
+		return nil, newError(`"reserved" should be empty or 3 bytes`)
+	}
+	config.Reserved = c.Reserved
+
 	return config, nil
 }
 

proxy/wireguard/bind.go

@@ -31,6 +31,7 @@ type netBindClient struct {
 	dialer    internet.Dialer
 	dns       dns.Client
 	dnsOption dns.IPOption
+	reserved  []byte
 
 	readQueue chan *netReadInfo
 }
@@ -157,6 +158,10 @@ func (bind *netBindClient) Send(buff []byte, endpoint conn.Endpoint) error {
 		}
 	}
 
+	if len(buff) > 3 && len(bind.reserved) == 3 {
+		copy(buff[1:], bind.reserved)
+	}
+
 	_, err = nend.conn.Write(buff)
 
 	return err

proxy/wireguard/config.proto

@@ -20,4 +20,5 @@ message DeviceConfig {
     repeated PeerConfig peers = 3;
     int32 mtu = 4;
     int32 num_workers = 5;
+    bytes reserved = 6;
 }

proxy/wireguard/wireguard.go

@@ -82,9 +82,10 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
 		})
 		// bind := conn.NewStdNetBind() // TODO: conn.Bind wrapper for dialer
 		bind := &netBindClient{
-			dialer:  dialer,
-			workers: int(h.conf.NumWorkers),
-			dns:     h.dns,
+			dialer:   dialer,
+			workers:  int(h.conf.NumWorkers),
+			dns:      h.dns,
+			reserved: h.conf.Reserved,
 		}
 
 		net, err := h.makeVirtualTun(bind)