Added development section, removed systemd socket, typos

README.md

@@ -1,11 +1,11 @@
 # dwgd: Docker WireGuard Driver
 
-**dwgd** is a Docker plugin that let your containers connect to a WireGuard server.
+**dwgd** is a Docker plugin that let your containers connect to a WireGuard network.
 This is achieved by [moving a WireGuard network interface](https://www.wireguard.com/netns/) from `dwgd` running namespace into the designated container namespace.
 
 **Credits**: this is a rewrite of the proof of concept presented in [this great article](https://www.bestov.io/blog/using-wireguard-as-the-network-for-a-docker-container).
 
-## Example
+## Usage
 
 Generate the public key given your seed and the IP address that your container will have:
 ```
@@ -58,7 +58,7 @@ rtt min/avg/max/mdev = 8.343/8.990/9.976/0.708 ms
 
 So far it has been tested in a Linux machine with Ubuntu 20.04, but I guess it could work on any reasonably recent Linux system that respects the dependencies.
 
-After cloning the repository you can build the binary and optionally install the systemd units.
+After cloning the repository you can build the binary and optionally install the systemd unit.
 ```
 $ go build -o /usr/bin/dwgd ./cmd/dwgd.go
 $ chmod +x /usr/bin/dwgd
@@ -71,6 +71,28 @@ You need to have WireGuard installed on your system and the `iproute2` package:
 
 You will also need the `nsenter` binary if you want `dwgd` to work with docker rootless.
 
-## Limitations
+## Development
 
-Currently `dwgd` sets the WireGuard interface as the default route, in the future this issue will be addressed.
+You can develop on your own machine by compiling `dwgd`, creating a WireGuard network and starting `dwgd`:
+
+```sh
+go build ./cmd/dwgd.go
+# create server keys
+SERVER_PRIVATE_KEY=$(wg genkey)
+SERVER_PUBLIC_KEY=$(echo $SERVER_PRIVATE_KEY | wg pubkey)
+# create new dwgd0 wireguard interface
+sudo ip link add dwgd0 type wireguard
+echo $SERVER_PRIVATE_KEY | sudo wg set dwgd0 private-key /dev/fd/0 listen-port 51820
+sudo ip address add 10.0.0.1/24 dev dwgd0
+# bring interface up
+sudo ip link set up dev dwgd0
+# generate your container's public key with a specific seed
+CLIENT_PUBLIC_KEY=$(./dwgd pubkey -i 10.0.0.2 -s supersecretseed)
+sudo wg set dwgd0 peer $CLIENT_PUBLIC_KEY allowed-ips 10.0.0.2/32
+# run dwgd driver
+sudo ./dwgd -v &
+# create docker network with the previously set server public key and seed
+docker network create --driver=dwgd -o dwgd.endpoint=localhost:51820 -o dwgd.seed=supersecretseed -o dwgd.pubkey=$SERVER_PUBLIC_KEY --subnet="10.0.0.0/24" --gateway=10.0.0.1 dwgd-net
+# run your container
+docker run -it --rm --network=dwgd-net --ip=10.0.0.2 busybox
+```

entities.go

@@ -24,8 +24,7 @@ func (n *Network) PeerConfig() wgtypes.PeerConfig {
 	keepalive := 25 * time.Second
 
 	_, ipnet, _ := net.ParseCIDR("0.0.0.0/0")
-	allowedIPs := make([]net.IPNet, 1)
-	allowedIPs[0] = *ipnet
+	allowedIPs := []net.IPNet{*ipnet}
 
 	return wgtypes.PeerConfig{
 		Endpoint:                    n.endpoint,

init/dwgd.service

@@ -1,8 +1,8 @@
 [Unit]
 Description=dwgd
 Before=docker.service
-After=network.target dwgd.socket
-Requires=dwgd.socket docker.service
+After=network.target
+Requires=docker.service
 
 [Service]
 ExecStart=/usr/bin/dwgd -d /var/lib/dwgd.db

log.go

@@ -6,15 +6,15 @@ import (
 	"os"
 )
 
-// used for everything that can be considered a "result"
+// Used for everything that can be considered a "result"
 // and should be printed to standard output
 var EventsLog = log.New(os.Stdout, "", log.Lmsgprefix)
 
-// used for messages that can give the user a context of
+// Used for messages that can give the user a context of
 // what the software is doing
 var DiagnosticsLog = log.New(os.Stderr, "", log.LstdFlags|log.LUTC)
 
-// used for very detailed messages, should not be used
+// Used for very detailed messages, should not be used
 // in a production environment.
 // Disabled by default.
 var TraceLog = log.New(&EmptyWriter{}, "", log.LstdFlags|log.LUTC)

rootless.go

@@ -51,7 +51,7 @@ func moveToRootlessNamespaceIfNecessary(sandboxKey string, ifname string) error
 	return nil
 }
 
-// returns (pid, socket path, errror)
+// returns (pid, socket path, error)
 func generateSockSymlinkFromDockerPidFile(dockerPidFileFullPath string) (int, string, error) {
 	data, err := os.ReadFile(dockerPidFileFullPath)
 	if err != nil {
@@ -127,7 +127,7 @@ func (r *RootlessSymlinker) handleEvent(ev gonotify.InotifyEvent) {
 func (r *RootlessSymlinker) Start() error {
 	// We create a context to handle inotify's lifecyle.
 	// When the symlinker is stopped we want to stop
-	// cleanly also the inotofy instance.
+	// cleanly also the inotify instance.
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()