From 7d294b8a7a2be7322d4a90c36ed115b88d2d1751 Mon Sep 17 00:00:00 2001
From: bergware <bergware@users.noreply.github.com>
Date: Thu, 14 Apr 2022 09:43:42 +0200
Subject: [PATCH 1/6] WireGuard update

Add warning when tunnel deletion fails
---
 plugins/dynamix/WG0.page                     |  8 ++++-
 plugins/dynamix/include/update.wireguard.php | 37 ++++++++++++--------
 2 files changed, 30 insertions(+), 15 deletions(-)

diff --git a/plugins/dynamix/WG0.page b/plugins/dynamix/WG0.page
index b26df4ff7..5ca2fc98a 100644
--- a/plugins/dynamix/WG0.page
+++ b/plugins/dynamix/WG0.page
@@ -520,7 +520,13 @@ function addTunnel() {
 }
 function delTunnel(vtun) {
   swal({title:"_(Delete Tunnel)_ "+vtun,text:"_(This removes any connections running over this tunnel)_",type:'warning',confirmButtonText:"_(Proceed)_",cancelButtonText:"_(Cancel)_",showCancelButton:true},function(){
-    $.post('/webGui/include/update.wireguard.php',{'#cmd':'deltunnel','#vtun':vtun,'#name':'<?=$tower?>'},function(){clearTunnel(vtun);});
+    $.post('/webGui/include/update.wireguard.php',{'#cmd':'deltunnel','#vtun':vtun,'#name':'<?=$tower?>'},function(ok){
+      if (ok==0) {
+        clearTunnel(vtun);
+      } else {
+        setTimeout(function(){swal({title:"_(Delete tunnel failed)_",text:"_(Tunnel has running containers attached)_<br>_(Stop corresponding docker containers)_",html:true,type:'error',confirmButtonText:"_(Ok)_"});},250);
+      }
+    });
   });
 }
 function addPeer(form,vtun) {
diff --git a/plugins/dynamix/include/update.wireguard.php b/plugins/dynamix/include/update.wireguard.php
index 95e32f06f..80c0d1d3f 100644
--- a/plugins/dynamix/include/update.wireguard.php
+++ b/plugins/dynamix/include/update.wireguard.php
@@ -54,19 +54,18 @@ function host($ip) {
   return strpos($ip,'/')!==false ? $ip : (ipv4($ip) ? "$ip/32" : "$ip/128");
 }
 function wgState($vtun, $state, $type=0) {
-  global $t1;
+  global $t1, $etc;
   $tmp = '/tmp/wg-quick.tmp';
   exec("timeout $t1 wg-quick $state $vtun 2>$tmp");
-  $table = exec("grep -Pom1 'fwmark \K[\d]+' $tmp");
-  delete_file($tmp);
   if ($type==8) {
     // make VPN tunneled access for Docker containers only
-    $route = exec("grep -Pom1 '^Address=\K.+$' /etc/wireguard/$vtun.conf");
+    $table = exec("grep -Pom1 'fwmark \K[\d]+' $tmp");
+    $route = exec("grep -Pom1 '^Address=\K.+$' $etc/$vtun.conf");
     sleep(3);
-    // remove default route and set local route instead
     exec("ip -4 route flush table $table");
     exec("ip -4 route add $route dev $vtun table $table");
   }
+  delete_file($tmp);
 }
 function status($vtun) {
   return in_array($vtun,explode(" ",exec("wg show interfaces")));
@@ -81,23 +80,30 @@ function normalize(&$id) {
   global $normalize;
   $id = $normalize[strtolower($id)];
 }
+function dockerNet($vtun) {
+  return empty(exec("docker network ls --filter name='$vtun' --format='{{.Name}}'"));
+}
 function addDocker($vtun) {
   global $dockerd, $dockernet;
-  // create a docker network for the WG tunnel, containers can select this network for communication
-  if ($dockerd && !exec("docker network ls --filter name='$vtun' --format='{{.Name}}'")) {
+  $error = false;
+  if ($dockerd && dockerNet($vtun)) {
     $index = substr($vtun,2)+200;
     $network = "$dockernet.$index.0/24";
     exec("docker network create $vtun --subnet=$network 2>/dev/null");
+    $error = dockerNet($vtun);
   }
+  return $error;
 }
 function delDocker($vtun) {
   global $dockerd, $dockernet;
-  // delete the docker network, containers using this network need to be reconfigured
-  if ($dockerd && exec("docker network ls --filter name='$vtun' --format='{{.Name}}'")) {
+  $error = false;
+  if ($dockerd && !dockerNet($vtun)) {
     $index = substr($vtun,2)+200;
     $network = "$dockernet.$index.0/24";
     exec("docker network rm $vtun 2>/dev/null");
+    $error = !dockerNet($vtun);
   }
+  return $error;
 }
 function delPeer($vtun, $id='') {
   global $etc,$name;
@@ -382,11 +388,14 @@ case 'addtunnel':
 case 'deltunnel':
   $vtun = $_POST['#vtun'];
   $name = $_POST['#name'];
-  wgState($vtun,'down');
-  delete_file("$etc/$vtun.conf","$etc/$vtun.cfg");
-  delPeer($vtun);
-  delDocker($vtun);
-  autostart('off',$vtun);
+  $error = delDocker($vtun);
+  if (!$error) {
+    wgState($vtun,'down');
+    delete_file("$etc/$vtun.conf","$etc/$vtun.cfg");
+    delPeer($vtun);
+    autostart('off',$vtun);
+  }
+  echo $error ? 1 : 0;
   break;
 case 'import':
   $name = $_POST['#name'];

From d4003464ee722e3061ae2073f2e1b9809fdcdcb3 Mon Sep 17 00:00:00 2001
From: bergware <bergware@users.noreply.github.com>
Date: Thu, 14 Apr 2022 09:55:25 +0200
Subject: [PATCH 2/6] WireGuard update

---
 plugins/dynamix/include/update.wireguard.php | 2 --
 1 file changed, 2 deletions(-)

diff --git a/plugins/dynamix/include/update.wireguard.php b/plugins/dynamix/include/update.wireguard.php
index 80c0d1d3f..be092654d 100644
--- a/plugins/dynamix/include/update.wireguard.php
+++ b/plugins/dynamix/include/update.wireguard.php
@@ -98,8 +98,6 @@ function delDocker($vtun) {
   global $dockerd, $dockernet;
   $error = false;
   if ($dockerd && !dockerNet($vtun)) {
-    $index = substr($vtun,2)+200;
-    $network = "$dockernet.$index.0/24";
     exec("docker network rm $vtun 2>/dev/null");
     $error = !dockerNet($vtun);
   }

From 7473d46d02122f66dcb4895bcb1aa604de97e3db Mon Sep 17 00:00:00 2001
From: bergware <bergware@users.noreply.github.com>
Date: Thu, 14 Apr 2022 09:57:04 +0200
Subject: [PATCH 3/6] WireGuard update

---
 plugins/dynamix/include/update.wireguard.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/dynamix/include/update.wireguard.php b/plugins/dynamix/include/update.wireguard.php
index be092654d..61c116616 100644
--- a/plugins/dynamix/include/update.wireguard.php
+++ b/plugins/dynamix/include/update.wireguard.php
@@ -95,7 +95,7 @@ function addDocker($vtun) {
   return $error;
 }
 function delDocker($vtun) {
-  global $dockerd, $dockernet;
+  global $dockerd;
   $error = false;
   if ($dockerd && !dockerNet($vtun)) {
     exec("docker network rm $vtun 2>/dev/null");

From 95e919545a145474ad2033563c08f2e800804116 Mon Sep 17 00:00:00 2001
From: bergware <bergware@users.noreply.github.com>
Date: Thu, 14 Apr 2022 10:39:58 +0200
Subject: [PATCH 4/6] Minor code updates

---
 plugins/dynamix/WG0.page                     | 21 ++++++++++----------
 plugins/dynamix/WGX.page                     |  2 +-
 plugins/dynamix/include/update.wireguard.php | 20 +++++++++----------
 3 files changed, 21 insertions(+), 22 deletions(-)

diff --git a/plugins/dynamix/WG0.page b/plugins/dynamix/WG0.page
index 5ca2fc98a..bfc7b67cb 100644
--- a/plugins/dynamix/WG0.page
+++ b/plugins/dynamix/WG0.page
@@ -37,10 +37,10 @@ if (count($filter)) {
     elseif (strpos($network,':')!==false && !in_array($network,$subnets6)) $subnets6[] = $network;
   }
 }
-$subnets = implode(', ',$subnets);
-$hosts = implode(', ',$hosts);
-$subnets6 = implode(', ',$subnets6);
-$hosts6 = implode(', ',$hosts6);
+$subnets = implode(',',$subnets);
+$hosts = implode(',',$hosts);
+$subnets6 = implode(',',$subnets6);
+$hosts6 = implode(',',$hosts6);
 
 function ifname($eth,$new) {
   return str_replace('eth',$new,$eth);
@@ -54,7 +54,7 @@ function iflink($eth) {
 function concat($array) {
   return implode(',',array_map(function($v){return "'$v'";},$array));
 }
-function readConf(&$peer_wg, &$wg, $vtun) {
+function readConf(&$peer_wg,&$wg,$vtun) {
   global $etc,$netbase,$netpool,$netbase6,$netpool6,$validIP4,$validIP6;
   $conf = "$etc/$vtun.conf";
   $cfg  = "$etc/$vtun.cfg";
@@ -123,7 +123,7 @@ function readConf(&$peer_wg, &$wg, $vtun) {
     $netbase6[$vtun] = $netpool6[$vtun];
   }
   foreach ($peer_wg as $i) if ($wg["TYPE:$i"]>=7) {$vpn = $wg["TYPE:$i"]; break;}
-  return [$conf, $cfg, $file, $vpn];
+  return [$conf,$cfg,$file,$vpn];
 }
 $public    = $nginx['NGINX_WANFQDN'];
 $active    = (array)explode(' ',exec('wg show interfaces'));
@@ -177,7 +177,7 @@ $netpool6['wg0'] = 'fc00:253:0:0::';
 $netport['wg0']  = 51820;
 
 // read current configuration
-[$conf_wg0, $cfg_wg0, $this_wg0, $vpn_wg0] = readConf($peer_wg0, $wg0, 'wg0');
+[$conf_wg0,$cfg_wg0,$this_wg0,$vpn_wg0] = readConf($peer_wg0,$wg0,'wg0');
 
 // gather IPv4 and IPv6 addresses for available interfaces
 $endpoints = [];
@@ -190,7 +190,7 @@ while (isset($$eth)) {
 
 // remove obsolete tunnels
 foreach (glob("$docroot/webGui/WG[1-9]*.page",GLOB_NOSORT) as $wgX) {
-  if (!in_array(strtolower(basename($wgX,'.page')), $vtuns)) {
+  if (!in_array(strtolower(basename($wgX,'.page')),$vtuns)) {
     unlink($wgX);
     $build = true;
   }
@@ -202,7 +202,7 @@ foreach ($vtuns as $wgX) {
   if (!file_exists($file)) {
     $X = filter_var($wgX,FILTER_SANITIZE_NUMBER_INT);
     $nnn = 100 + $X;
-    copy($template, $file);
+    copy($template,$file);
     exec("sed -i 's/parentname:nnn/VPNmanager:$nnn/;s/XXX/$X/g;s/wgX/$wgX/g' $file");
     chmod($file,0644);
     $build = true;
@@ -386,10 +386,9 @@ function prepareSettings(form,vtun) {
     postdown.val(postdown.val().replace(/<port>/,listen));
   }
   postup = form.find('input[name="PostUp:0:1"]');
-  postdown = form.find('input[name="PostDown:0:1"]');
   postup.val(postup.val().replace(/<wg>/,vtun));
+  postdown = form.find('input[name="PostDown:0:1"]');
   postdown.val(postdown.val().replace(/<wg>/,vtun));
-
   postup = form.find('input[name="PostUp:0:2"]');
   postdown = form.find('input[name="PostDown:0:2"]');
   var drop = form.find('input[name="DROP:0"]').val();
diff --git a/plugins/dynamix/WGX.page b/plugins/dynamix/WGX.page
index 4afcd254f..442bb4940 100644
--- a/plugins/dynamix/WGX.page
+++ b/plugins/dynamix/WGX.page
@@ -24,7 +24,7 @@ $netpool6['wgX'] = str_replace(':0:0:',':XXX:0:',$netpool6['wg0']);
 $netport['wgX']  = $netport['wg0']+XXX;
 
 // read current configuration
-[$conf_wgX, $cfg_wgX, $this_wgX, $vpn_wgX] = readConf($peer_wgX, $wgX, 'wgX');
+[$conf_wgX,$cfg_wgX,$this_wgX,$vpn_wgX] = readConf($peer_wgX,$wgX,'wgX');
 ?>
 <script>
 netbase['wgX'] = <?=$netbase['wgX']?>;
diff --git a/plugins/dynamix/include/update.wireguard.php b/plugins/dynamix/include/update.wireguard.php
index 61c116616..5425c3916 100644
--- a/plugins/dynamix/include/update.wireguard.php
+++ b/plugins/dynamix/include/update.wireguard.php
@@ -53,8 +53,8 @@ function ipfilter(&$list) {
 function host($ip) {
   return strpos($ip,'/')!==false ? $ip : (ipv4($ip) ? "$ip/32" : "$ip/128");
 }
-function wgState($vtun, $state, $type=0) {
-  global $t1, $etc;
+function wgState($vtun,$state,$type=0) {
+  global $t1,$etc;
   $tmp = '/tmp/wg-quick.tmp';
   exec("timeout $t1 wg-quick $state $vtun 2>$tmp");
   if ($type==8) {
@@ -84,7 +84,7 @@ function dockerNet($vtun) {
   return empty(exec("docker network ls --filter name='$vtun' --format='{{.Name}}'"));
 }
 function addDocker($vtun) {
-  global $dockerd, $dockernet;
+  global $dockerd,$dockernet;
   $error = false;
   if ($dockerd && dockerNet($vtun)) {
     $index = substr($vtun,2)+200;
@@ -103,7 +103,7 @@ function delDocker($vtun) {
   }
   return $error;
 }
-function delPeer($vtun, $id='') {
+function delPeer($vtun,$id='') {
   global $etc,$name;
   $dir = "$etc/peers";
   foreach (glob("$dir/peer-$name-$vtun-$id*",GLOB_NOSORT) as $peer) delete_file($peer);
@@ -160,8 +160,8 @@ function createPeerFiles($vtun) {
         $id = explode('-',basename($file,'.conf'))[3];
         if ($id > $new) {
           // rename files to match revised peers list
-          rename($file, "$peer-$new.conf");
-          rename(str_replace('.conf','.png',$file), "$peer-$new.png");
+          rename($file,"$peer-$new.conf");
+          rename(str_replace('.conf','.png',$file),"$peer-$new.png");
         }
         $new++;
       }
@@ -252,7 +252,7 @@ function parseInput(&$input,&$x,$vtun) {
       break;
     case 'TYPE':
       $list = array_map('trim',explode(',',$value<4 ? ($value%2==1 ? $var['subnets1'] : $var['subnets2']) : ($value<6 ? ($value%2==1 ? $var['shared1'] : $var['shared2']) : $var['default'])));
-      $var['allowedIPs'] = implode(', ',array_map('host',array_filter($list)));
+      $var['allowedIPs'] = implode(',',array_map('host',array_filter($list)));
       $var['tunnel'] = ($value==2||$value==3) ? $tunnel : false;
       $user[] = "$id:$x=\"$value\"";
       if ($value>=7) $vpn = $value;
@@ -368,9 +368,9 @@ case 'public':
   $v4 = $_POST['#prot']!='6';
   $v6 = $_POST['#prot']!='';
   $context = stream_context_create(['https'=>['timeout'=>12]]);
-  $int_ipv4 = $v4 ? (preg_match("/^$validIP4$/", $ip) ? $ip : (@dns_get_record($ip, DNS_A)[0]['ip'] ?: '')) : '';
+  $int_ipv4 = $v4 ? (preg_match("/^$validIP4$/",$ip) ? $ip : (@dns_get_record($ip,DNS_A)[0]['ip'] ?: '')) : '';
   $ext_ipv4 = $v4 ? (@file_get_contents('https://wanip4.unraid.net',false,$context) ?: '') : '';
-  $int_ipv6 = $v6 ? (preg_match("/^$validIP6$/", $ip) ? $ip : (@dns_get_record($ip, DNS_AAAA)[0]['ipv6'] ?: '')) : '';
+  $int_ipv6 = $v6 ? (preg_match("/^$validIP6$/",$ip) ? $ip : (@dns_get_record($ip,DNS_AAAA)[0]['ipv6'] ?: '')) : '';
   $ext_ipv6 = $v6 ? (@file_get_contents('https://wanip6.unraid.net',false,$context) ?: '') : '';
   echo "$int_ipv4;$ext_ipv4;$int_ipv6;$ext_ipv6";
   break;
@@ -429,7 +429,7 @@ case 'import':
   $import['Endpoint:0'] = '';
   for ($n = 1; $n <= $i; $n++) {
     $vpn = array_map('trim',explode(',',$import["AllowedIPs:$n"]));
-    $vpn = (in_array($default, $vpn) || in_array($default6, $vpn)) ? 8 : 0;;
+    $vpn = (in_array($default,$vpn) || in_array($default6,$vpn)) ? 8 : 0;
     if ($vpn==8) $import["Address:$n"] = '';
     $import["TYPE:$n"] = $vpn;
     ipfilter($import["AllowedIPs:$n"]);

From dab41b9c4dead6b3f50aa4faa3dfbee883bb4a80 Mon Sep 17 00:00:00 2001
From: bergware <bergware@users.noreply.github.com>
Date: Thu, 14 Apr 2022 10:43:18 +0200
Subject: [PATCH 5/6] Minor code updates

---
 plugins/dynamix/WG0.page | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/dynamix/WG0.page b/plugins/dynamix/WG0.page
index bfc7b67cb..e0175ac43 100644
--- a/plugins/dynamix/WG0.page
+++ b/plugins/dynamix/WG0.page
@@ -850,7 +850,7 @@ function verifyInSubnet6(field) {
   if (!quickValidate(field)) return false;
   // ensure this IPv6 address is in the Local tunnel network pool IPv6
   var form = $(field).parents('form');
-  var network6 = form.find('input[name="gui:Network6:0"]').val()||form.find('input[name="gui:Network6:0"]').prop('placeholder');;
+  var network6 = form.find('input[name="gui:Network6:0"]').val()||form.find('input[name="gui:Network6:0"]').prop('placeholder');
   var mask6 = form.find('input[name="gui:Mask6:0"]').val()||64;
   if (mask6 !== 64) {
     // this logic only handles IPv6 mask of 64. for other masks, assume the user knows what they are doing.

From 9c173a9f35bdf6d60fdd024ea26f9b64a998ad1c Mon Sep 17 00:00:00 2001
From: bergware <bergware@users.noreply.github.com>
Date: Thu, 14 Apr 2022 11:36:30 +0200
Subject: [PATCH 6/6] Minor code updates

---
 plugins/dynamix/include/update.wireguard.php | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/plugins/dynamix/include/update.wireguard.php b/plugins/dynamix/include/update.wireguard.php
index 5425c3916..70b94f9c1 100644
--- a/plugins/dynamix/include/update.wireguard.php
+++ b/plugins/dynamix/include/update.wireguard.php
@@ -128,7 +128,7 @@ function addPeer(&$x) {
   $peers[$x][] = $var['allowedIPs'];                             // AllowedIPs
   $x++;
 }
-function autostart($cmd,$vtun) {
+function autostart($vtun,$cmd) {
   global $etc;
   $autostart = "$etc/autostart";
   $list = @file_get_contents($autostart) ?: '';
@@ -185,7 +185,7 @@ function createPeerFiles($vtun) {
   // store the peer names which are updated
   if (count($list)) file_put_contents($tmp,implode("<br>",$list)); else delete_file($tmp);
 }
-function parseInput(&$input,&$x,$vtun) {
+function parseInput($vtun,&$input,&$x) {
   global $conf,$user,$var,$default,$default6,$vpn,$dockernet;
   $section = 0; $addPeer = false;
   foreach ($input as $key => $value) {
@@ -335,7 +335,7 @@ case 'update':
   $var['shared2']  = "AllowedIPs=".implode(', ',(array_unique(explode(', ',$_POST['#shared2']))));
   $var['internet'] = "Endpoint=".implode(', ',(array_unique(explode(', ',$_POST['#internet']))));
   $x = 1; $vpn = 0;
-  parseInput($_POST,$x,$vtun);
+  parseInput($vtun,$_POST,$x);
   addPeer($x);
   addDocker($vtun);
   $upstate = status($vtun);
@@ -381,7 +381,7 @@ case 'addtunnel':
   wgState($vtun,'down');
   delete_file("$etc/$vtun.cfg");
   delPeer($vtun);
-  autostart('off',$vtun);
+  autostart($vtun,'off');
   break;
 case 'deltunnel':
   $vtun = $_POST['#vtun'];
@@ -391,7 +391,7 @@ case 'deltunnel':
     wgState($vtun,'down');
     delete_file("$etc/$vtun.conf","$etc/$vtun.cfg");
     delPeer($vtun);
-    autostart('off',$vtun);
+    autostart($vtun,'off');
   }
   echo $error ? 1 : 0;
   break;
@@ -442,17 +442,17 @@ case 'import':
   $var['default'] = $import['PROT:0']=='' ? "AllowedIPs=$default" : "AllowedIPs=$default6";
   $var['internet'] = "Endpoint=unknown";
   $vtun = vtun();
-  parseInput($import,$x,$vtun);
+  parseInput($vtun,$import,$x);
   addPeer($x);
   file_put_contents("$etc/$vtun.conf",implode("\n",$conf)."\n");
   file_put_contents("$etc/$vtun.cfg",implode("\n",$user)."\n");
   delPeer($vtun);
   addDocker($vtun);
-  autostart('off',$vtun);
+  autostart($vtun,'off');
   echo $vtun;
   break;
 case 'autostart':
-  autostart($_POST['#start'],$_POST['#vtun']);
+  autostart($_POST['#vtun'],$_POST['#start']);
   break;
 case 'upnp':
   $upnp = '/var/tmp/upnp';