fix(wireguard): off-by-one im wg-show-Parser — UI zeigte verbundene

Peers als „offline" Bug-Report: Unify-Home-Tunnel ist aktiv (handshake live, 2.8 GB rx), UI zeigte „Letzter Handshake: nie / Traffic: — / Offline". Root cause: handlers/wireguard.go Status() parsed `wg show all dump` mit `PeerPublicKey: fields[2]` — fields[2] ist aber der pre-shared key (PSK), NICHT der peer_pubkey. Format mit "all"-prefix ist: iface lines (5 cols): iface priv_key pubkey listen_port fwmark peer lines (9 cols): iface peer_pubkey psk endpoint allowed_ips last_hs rx tx keepalive Damit matched die UI gegen den PSK → DB-Peer-Row (gespeichert per pubkey) traf nie zu, Status blieb „nie/—" auch bei aktivem Tunnel. Fix: fields[1] statt fields[2]. Endpoint/AllowedIPs/Handshake/RX/TX waren bereits korrekt verschoben. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-13 19:09:38 +02:00
parent c79bfe84ec
commit a2d08eaa47
6 changed files with 14 additions and 9 deletions
--- a/2
+++ b/2
@@ -1 +1 @@
-1.0.76
+1.0.77
--- a/cmd/edgeguard-api/main.go
+++ b/cmd/edgeguard-api/main.go
@@ -54,7 +54,7 @@ import (
 	wgsvc "git.netcell-it.de/projekte/edgeguard-native/internal/services/wireguard"
 )

-var version = "1.0.76"
+var version = "1.0.77"

 func main() {
 	addr := os.Getenv("EDGEGUARD_API_ADDR")
--- a/cmd/edgeguard-ctl/main.go
+++ b/cmd/edgeguard-ctl/main.go
@@ -11,7 +11,7 @@ import (
 	"git.netcell-it.de/projekte/edgeguard-native/internal/services/setup"
 )

-var version = "1.0.76"
+var version = "1.0.77"

 const usage = `edgeguard-ctl — EdgeGuard CLI

--- a/cmd/edgeguard-scheduler/main.go
+++ b/cmd/edgeguard-scheduler/main.go
@@ -32,7 +32,7 @@ import (
 	"git.netcell-it.de/projekte/edgeguard-native/internal/services/tlscerts"
 )

-var version = "1.0.76"
+var version = "1.0.77"

 const (
 	// renewTickInterval — how often we re-evaluate expiring certs.
--- a/internal/handlers/wireguard.go
+++ b/internal/handlers/wireguard.go
@@ -101,9 +101,14 @@ type wgStatus struct {
 }

 func (h *WireguardHandler) Status(c *gin.Context) {
-	// `wg show all dump` per iface — output:
-	//   line 1: iface_private_key, iface_pubkey, listen_port, fwmark
-	//   line 2..N: pubkey, psk, endpoint, allowed_ips, latest_handshake, rx, tx, persistent_keepalive
+	// `wg show all dump` per iface — TAB-separated, erste Spalte ist
+	// IMMER der iface-Name (durch "all" prepend'ed):
+	//   iface lines (5 cols total): iface  priv_key  pubkey  listen_port  fwmark
+	//   peer  lines (9 cols total): iface  peer_pubkey  preshared_key  endpoint
+	//                               allowed_ips  last_hs  rx  tx  keepalive
+	// Peer-Index ist also fields[1] = pubkey (NICHT fields[2] — das ist
+	// der preshared_key; früher Bug: UI matched dann gegen PSK statt
+	// pubkey → status blieb immer „nie/—" obwohl der Tunnel lief).
 	out, err := exec.CommandContext(c.Request.Context(), "sudo", "-n", "/usr/bin/wg", "show", "all", "dump").Output()
 	if err != nil {
 		// wg not installed or no ifaces up — return empty list, not error.
@@ -126,7 +131,7 @@ func (h *WireguardHandler) Status(c *gin.Context) {
 		tx, _ := strconv.ParseInt(fields[7], 10, 64)
 		rows = append(rows, wgStatus{
 			Interface:     ifaceName,
-			PeerPublicKey: fields[2],
+			PeerPublicKey: fields[1], // peer_pubkey (fields[2] ist PSK!)
 			Endpoint:      fields[3],
 			AllowedIPs:    fields[4],
 			LastHandshake: hs,
--- a/management-ui/src/components/Layout/Sidebar.tsx
+++ b/management-ui/src/components/Layout/Sidebar.tsx
@@ -85,7 +85,7 @@ const NAV: NavSection[] = [
  },
 ]

-const VERSION = '1.0.76'
+const VERSION = '1.0.77'

 // Sidebar-Pattern 1:1 aus netcell-webpanel (enconf) übernommen:
 // - <nav> als root, dunkler Gradient + Teal/Blue-Accent
@@ -1 +1 @@
 .0.76
 .0.77