[PATCH] prioritise WG_QUICK_USERSPACE_IMPLEMENTATION over kernel implementation when set

iTrooz hey at itrooz.fr
Mon Mar 10 11:48:13 UTC 2025 

Rationale: today, the wireguard kernel module is embedded in many Linux systems.
If one wants to try out an userspace implementation, they will first need to blacklist the kernel module, or manually modify wg-quick.
These changes allow users to use a userspace implementation even if the kernel module exists,
by prioritising it when the variable WG_QUICK_USERSPACE_IMPLEMENTATION is explicitely set by the user

Signed-off-by: iTrooz <hey at itrooz.fr>
---
 src/wg-quick/linux.bash | 25 ++++++++++++++++++++++---
 1 file changed, 22 insertions(+), 3 deletions(-)

diff --git a/src/wg-quick/linux.bash b/src/wg-quick/linux.bash
index 4193ce5..42e2d2d 100755
--- a/src/wg-quick/linux.bash
+++ b/src/wg-quick/linux.bash
@@ -87,11 +87,30 @@ auto_su() {
 
 add_if() {
 	local ret
+	# If the userspace implementation variable is set, use it
+	if [[ $WG_QUICK_USERSPACE_IMPLEMENTATION ]]; then
+		if ! command -v "${WG_QUICK_USERSPACE_IMPLEMENTATION}" >/dev/null; then
+			echo "[!] WireGuard userspace implementation selected, but invalid command: ${WG_QUICK_USERSPACE_IMPLEMENTATION}" >&2
+			exit 1
+		fi
+		cmd "${WG_QUICK_USERSPACE_IMPLEMENTATION}" "$INTERFACE"
+		return
+	fi
+
+	# Try to use kernel implementation
 	if ! cmd ip link add "$INTERFACE" type wireguard; then
 		ret=$?
-		[[ -e /sys/module/wireguard ]] || ! command -v "${WG_QUICK_USERSPACE_IMPLEMENTATION:-wireguard-go}" >/dev/null && exit $ret
-		echo "[!] Missing WireGuard kernel module. Falling back to slow userspace implementation." >&2
-		cmd "${WG_QUICK_USERSPACE_IMPLEMENTATION:-wireguard-go}" "$INTERFACE"
+		if [[ -e /sys/module/wireguard ]]; then
+			echo "[!] WireGuard kernel module detected, but failed to create interface" >&2
+			exit $ret
+		# Potentially fall back to wireguard-go
+		elif command -v wireguard-go >/dev/null; then
+			echo "[!] Missing WireGuard kernel module. Falling back to slow wireguard-go userspace implementation." >&2
+			cmd wireguard-go "$INTERFACE"
+		else
+			echo "[!] Missing WireGuard kernel module or userspace implementation." >&2
+			exit $ret
+		fi
 	fi
 }
 
-- 
2.48.1

More information about the WireGuard mailing list