mirror of
https://github.com/systemd/systemd.git
synced 2025-02-04 21:47:31 +03:00
Merge pull request #11580 from yuwata/fix-11579
network/wireguard: fix sending wireguard peers
This commit is contained in:
Lennart Poettering
GitHub
commit
9066811e5a
@ -370,6 +370,42 @@ int sd_netlink_message_append_in6_addr(sd_netlink_message *m, unsigned short typ
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int sd_netlink_message_append_sockaddr_in(sd_netlink_message *m, unsigned short type, const struct sockaddr_in *data) {
|
||||||
|
int r;
|
||||||
|
|
||||||
|
assert_return(m, -EINVAL);
|
||||||
|
assert_return(!m->sealed, -EPERM);
|
||||||
|
assert_return(data, -EINVAL);
|
||||||
|
|
||||||
|
r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_SOCKADDR);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
|
r = add_rtattr(m, type, data, sizeof(struct sockaddr_in));
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
int sd_netlink_message_append_sockaddr_in6(sd_netlink_message *m, unsigned short type, const struct sockaddr_in6 *data) {
|
||||||
|
int r;
|
||||||
|
|
||||||
|
assert_return(m, -EINVAL);
|
||||||
|
assert_return(!m->sealed, -EPERM);
|
||||||
|
assert_return(data, -EINVAL);
|
||||||
|
|
||||||
|
r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_SOCKADDR);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
|
r = add_rtattr(m, type, data, sizeof(struct sockaddr_in6));
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
int sd_netlink_message_append_ether_addr(sd_netlink_message *m, unsigned short type, const struct ether_addr *data) {
|
int sd_netlink_message_append_ether_addr(sd_netlink_message *m, unsigned short type, const struct ether_addr *data) {
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
|
|||||||
@ -721,7 +721,7 @@ static const NLType genl_wireguard_peer_types[] = {
|
|||||||
[WGPEER_A_FLAGS] = { .type = NETLINK_TYPE_U32 },
|
[WGPEER_A_FLAGS] = { .type = NETLINK_TYPE_U32 },
|
||||||
[WGPEER_A_PRESHARED_KEY] = { .size = WG_KEY_LEN },
|
[WGPEER_A_PRESHARED_KEY] = { .size = WG_KEY_LEN },
|
||||||
[WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL] = { .type = NETLINK_TYPE_U16 },
|
[WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL] = { .type = NETLINK_TYPE_U16 },
|
||||||
[WGPEER_A_ENDPOINT] = { /* either size of sockaddr_in or sockaddr_in6 depending on address family */ },
|
[WGPEER_A_ENDPOINT] = { .type = NETLINK_TYPE_SOCKADDR },
|
||||||
[WGPEER_A_ALLOWEDIPS] = { .type = NETLINK_TYPE_NESTED, .type_system = &genl_wireguard_allowedip_type_system },
|
[WGPEER_A_ALLOWEDIPS] = { .type = NETLINK_TYPE_NESTED, .type_system = &genl_wireguard_allowedip_type_system },
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@ -16,6 +16,7 @@ enum {
|
|||||||
NETLINK_TYPE_CACHE_INFO,
|
NETLINK_TYPE_CACHE_INFO,
|
||||||
NETLINK_TYPE_NESTED, /* NLA_NESTED */
|
NETLINK_TYPE_NESTED, /* NLA_NESTED */
|
||||||
NETLINK_TYPE_UNION,
|
NETLINK_TYPE_UNION,
|
||||||
|
NETLINK_TYPE_SOCKADDR,
|
||||||
};
|
};
|
||||||
|
|
||||||
typedef enum NLMatchType {
|
typedef enum NLMatchType {
|
||||||
|
|||||||
@ -109,7 +109,7 @@ static int wireguard_set_peer_one(NetDev *netdev, sd_netlink_message *message, c
|
|||||||
if (r < 0)
|
if (r < 0)
|
||||||
goto cancel;
|
goto cancel;
|
||||||
|
|
||||||
if (!start) {
|
if (!*mask_start) {
|
||||||
r = sd_netlink_message_append_data(message, WGPEER_A_PRESHARED_KEY, &peer->preshared_key, WG_KEY_LEN);
|
r = sd_netlink_message_append_data(message, WGPEER_A_PRESHARED_KEY, &peer->preshared_key, WG_KEY_LEN);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
goto cancel;
|
goto cancel;
|
||||||
@ -123,9 +123,9 @@ static int wireguard_set_peer_one(NetDev *netdev, sd_netlink_message *message, c
|
|||||||
goto cancel;
|
goto cancel;
|
||||||
|
|
||||||
if (peer->endpoint.sa.sa_family == AF_INET)
|
if (peer->endpoint.sa.sa_family == AF_INET)
|
||||||
r = sd_netlink_message_append_data(message, WGPEER_A_ENDPOINT, &peer->endpoint.in, sizeof(peer->endpoint.in));
|
r = sd_netlink_message_append_sockaddr_in(message, WGPEER_A_ENDPOINT, &peer->endpoint.in);
|
||||||
else if (peer->endpoint.sa.sa_family == AF_INET6)
|
else if (peer->endpoint.sa.sa_family == AF_INET6)
|
||||||
r = sd_netlink_message_append_data(message, WGPEER_A_ENDPOINT, &peer->endpoint.in6, sizeof(peer->endpoint.in6));
|
r = sd_netlink_message_append_sockaddr_in6(message, WGPEER_A_ENDPOINT, &peer->endpoint.in6);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
goto cancel;
|
goto cancel;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -78,6 +78,8 @@ int sd_netlink_message_append_u32(sd_netlink_message *m, unsigned short type, ui
|
|||||||
int sd_netlink_message_append_data(sd_netlink_message *m, unsigned short type, const void *data, size_t len);
|
int sd_netlink_message_append_data(sd_netlink_message *m, unsigned short type, const void *data, size_t len);
|
||||||
int sd_netlink_message_append_in_addr(sd_netlink_message *m, unsigned short type, const struct in_addr *data);
|
int sd_netlink_message_append_in_addr(sd_netlink_message *m, unsigned short type, const struct in_addr *data);
|
||||||
int sd_netlink_message_append_in6_addr(sd_netlink_message *m, unsigned short type, const struct in6_addr *data);
|
int sd_netlink_message_append_in6_addr(sd_netlink_message *m, unsigned short type, const struct in6_addr *data);
|
||||||
|
int sd_netlink_message_append_sockaddr_in(sd_netlink_message *m, unsigned short type, const struct sockaddr_in *data);
|
||||||
|
int sd_netlink_message_append_sockaddr_in6(sd_netlink_message *m, unsigned short type, const struct sockaddr_in6 *data);
|
||||||
int sd_netlink_message_append_ether_addr(sd_netlink_message *m, unsigned short type, const struct ether_addr *data);
|
int sd_netlink_message_append_ether_addr(sd_netlink_message *m, unsigned short type, const struct ether_addr *data);
|
||||||
int sd_netlink_message_append_cache_info(sd_netlink_message *m, unsigned short type, const struct ifa_cacheinfo *info);
|
int sd_netlink_message_append_cache_info(sd_netlink_message *m, unsigned short type, const struct ifa_cacheinfo *info);
|
||||||
|
|
||||||
|
|||||||
@ -10,6 +10,7 @@ FwMark=1234
|
|||||||
[WireGuardPeer]
|
[WireGuardPeer]
|
||||||
PublicKey=RDf+LSpeEre7YEIKaxg+wbpsNV7du+ktR99uBEtIiCA=
|
PublicKey=RDf+LSpeEre7YEIKaxg+wbpsNV7du+ktR99uBEtIiCA=
|
||||||
AllowedIPs=fd31:bf08:57cb::/48,192.168.26.0/24
|
AllowedIPs=fd31:bf08:57cb::/48,192.168.26.0/24
|
||||||
Endpoint=wireguard.example.com:51820
|
#Endpoint=wireguard.example.com:51820
|
||||||
|
Endpoint=192.168.27.3:51820
|
||||||
PresharedKey=IIWIV17wutHv7t4cR6pOT91z6NSz/T8Arh0yaywhw3M=
|
PresharedKey=IIWIV17wutHv7t4cR6pOT91z6NSz/T8Arh0yaywhw3M=
|
||||||
PersistentKeepalive=20
|
PersistentKeepalive=20
|
||||||
|
|||||||
@ -390,6 +390,16 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
|
|||||||
|
|
||||||
if shutil.which('wg'):
|
if shutil.which('wg'):
|
||||||
subprocess.call('wg')
|
subprocess.call('wg')
|
||||||
|
output = subprocess.check_output(['wg', 'show', 'wg99', 'listen-port']).rstrip().decode('utf-8')
|
||||||
|
self.assertTrue(output, '51820')
|
||||||
|
output = subprocess.check_output(['wg', 'show', 'wg99', 'fwmark']).rstrip().decode('utf-8')
|
||||||
|
self.assertTrue(output, '0x4d2')
|
||||||
|
output = subprocess.check_output(['wg', 'show', 'wg99', 'allowed-ips']).rstrip().decode('utf-8')
|
||||||
|
self.assertTrue(output, 'RDf+LSpeEre7YEIKaxg+wbpsNV7du+ktR99uBEtIiCA=\t192.168.26.0/24 fd31:bf08:57cb::/48')
|
||||||
|
output = subprocess.check_output(['wg', 'show', 'wg99', 'persistent-keepalive']).rstrip().decode('utf-8')
|
||||||
|
self.assertTrue(output, 'RDf+LSpeEre7YEIKaxg+wbpsNV7du+ktR99uBEtIiCA=\t20')
|
||||||
|
output = subprocess.check_output(['wg', 'show', 'wg99', 'endpoints']).rstrip().decode('utf-8')
|
||||||
|
self.assertTrue(output, 'RDf+LSpeEre7YEIKaxg+wbpsNV7du+ktR99uBEtIiCA=\t192.168.27.3:51820')
|
||||||
|
|
||||||
self.assertTrue(self.link_exits('wg99'))
|
self.assertTrue(self.link_exits('wg99'))
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user