From a2d08eaa47f83cb9ce1291c849626929a0056b76 Mon Sep 17 00:00:00 2001 From: Debian Date: Wed, 13 May 2026 19:09:38 +0200 Subject: [PATCH] =?UTF-8?q?fix(wireguard):=20off-by-one=20im=20wg-show-Par?= =?UTF-8?q?ser=20=E2=80=94=20UI=20zeigte=20verbundene=20Peers=20als=20?= =?UTF-8?q?=E2=80=9Eoffline"?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bug-Report: Unify-Home-Tunnel ist aktiv (handshake live, 2.8 GB rx), UI zeigte „Letzter Handshake: nie / Traffic: — / Offline". Root cause: handlers/wireguard.go Status() parsed `wg show all dump` mit `PeerPublicKey: fields[2]` — fields[2] ist aber der pre-shared key (PSK), NICHT der peer_pubkey. Format mit "all"-prefix ist: iface lines (5 cols): iface priv_key pubkey listen_port fwmark peer lines (9 cols): iface peer_pubkey psk endpoint allowed_ips last_hs rx tx keepalive Damit matched die UI gegen den PSK → DB-Peer-Row (gespeichert per pubkey) traf nie zu, Status blieb „nie/—" auch bei aktivem Tunnel. Fix: fields[1] statt fields[2]. Endpoint/AllowedIPs/Handshake/RX/TX waren bereits korrekt verschoben. Co-Authored-By: Claude Opus 4.7 (1M context) --- VERSION | 2 +- cmd/edgeguard-api/main.go | 2 +- cmd/edgeguard-ctl/main.go | 2 +- cmd/edgeguard-scheduler/main.go | 2 +- internal/handlers/wireguard.go | 13 +++++++++---- management-ui/src/components/Layout/Sidebar.tsx | 2 +- 6 files changed, 14 insertions(+), 9 deletions(-) diff --git a/VERSION b/VERSION index e7468c7..5257575 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.0.76 +1.0.77 diff --git a/cmd/edgeguard-api/main.go b/cmd/edgeguard-api/main.go index cba8bd3..af910a3 100644 --- a/cmd/edgeguard-api/main.go +++ b/cmd/edgeguard-api/main.go @@ -54,7 +54,7 @@ import ( wgsvc "git.netcell-it.de/projekte/edgeguard-native/internal/services/wireguard" ) -var version = "1.0.76" +var version = "1.0.77" func main() { addr := os.Getenv("EDGEGUARD_API_ADDR") diff --git a/cmd/edgeguard-ctl/main.go b/cmd/edgeguard-ctl/main.go index ffa87cf..955bb47 100644 --- a/cmd/edgeguard-ctl/main.go +++ b/cmd/edgeguard-ctl/main.go @@ -11,7 +11,7 @@ import ( "git.netcell-it.de/projekte/edgeguard-native/internal/services/setup" ) -var version = "1.0.76" +var version = "1.0.77" const usage = `edgeguard-ctl — EdgeGuard CLI diff --git a/cmd/edgeguard-scheduler/main.go b/cmd/edgeguard-scheduler/main.go index 7b088d5..271bc89 100644 --- a/cmd/edgeguard-scheduler/main.go +++ b/cmd/edgeguard-scheduler/main.go @@ -32,7 +32,7 @@ import ( "git.netcell-it.de/projekte/edgeguard-native/internal/services/tlscerts" ) -var version = "1.0.76" +var version = "1.0.77" const ( // renewTickInterval — how often we re-evaluate expiring certs. diff --git a/internal/handlers/wireguard.go b/internal/handlers/wireguard.go index 094df5b..fd8f697 100644 --- a/internal/handlers/wireguard.go +++ b/internal/handlers/wireguard.go @@ -101,9 +101,14 @@ type wgStatus struct { } func (h *WireguardHandler) Status(c *gin.Context) { - // `wg show all dump` per iface — output: - // line 1: iface_private_key, iface_pubkey, listen_port, fwmark - // line 2..N: pubkey, psk, endpoint, allowed_ips, latest_handshake, rx, tx, persistent_keepalive + // `wg show all dump` per iface — TAB-separated, erste Spalte ist + // IMMER der iface-Name (durch "all" prepend'ed): + // iface lines (5 cols total): iface priv_key pubkey listen_port fwmark + // peer lines (9 cols total): iface peer_pubkey preshared_key endpoint + // allowed_ips last_hs rx tx keepalive + // Peer-Index ist also fields[1] = pubkey (NICHT fields[2] — das ist + // der preshared_key; früher Bug: UI matched dann gegen PSK statt + // pubkey → status blieb immer „nie/—" obwohl der Tunnel lief). out, err := exec.CommandContext(c.Request.Context(), "sudo", "-n", "/usr/bin/wg", "show", "all", "dump").Output() if err != nil { // wg not installed or no ifaces up — return empty list, not error. @@ -126,7 +131,7 @@ func (h *WireguardHandler) Status(c *gin.Context) { tx, _ := strconv.ParseInt(fields[7], 10, 64) rows = append(rows, wgStatus{ Interface: ifaceName, - PeerPublicKey: fields[2], + PeerPublicKey: fields[1], // peer_pubkey (fields[2] ist PSK!) Endpoint: fields[3], AllowedIPs: fields[4], LastHandshake: hs, diff --git a/management-ui/src/components/Layout/Sidebar.tsx b/management-ui/src/components/Layout/Sidebar.tsx index 9a96bbe..bf8f61a 100644 --- a/management-ui/src/components/Layout/Sidebar.tsx +++ b/management-ui/src/components/Layout/Sidebar.tsx @@ -85,7 +85,7 @@ const NAV: NavSection[] = [ }, ] -const VERSION = '1.0.76' +const VERSION = '1.0.77' // Sidebar-Pattern 1:1 aus netcell-webpanel (enconf) übernommen: // -