Merge remote-tracking branch 'origin/master'
This commit is contained in:
commit
87fbf37c8a
|
@ -1,4 +1,4 @@
|
|||
// SPDX-License-Identifier: GPL-2.0
|
||||
// SPDX-License-Identifier: GPL-2.0 OR MIT
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* SPDX-License-Identifier: GPL-2.0 */
|
||||
/* SPDX-License-Identifier: GPL-2.0 OR MIT */
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* SPDX-License-Identifier: GPL-2.0 */
|
||||
/* SPDX-License-Identifier: GPL-2.0 OR MIT */
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* SPDX-License-Identifier: GPL-2.0 */
|
||||
/* SPDX-License-Identifier: GPL-2.0 OR MIT */
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
// SPDX-License-Identifier: GPL-2.0
|
||||
// SPDX-License-Identifier: GPL-2.0 OR MIT
|
||||
/*
|
||||
* Copyright (C) 2018-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* SPDX-License-Identifier: GPL-2.0 */
|
||||
/* SPDX-License-Identifier: GPL-2.0 OR MIT */
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
// SPDX-License-Identifier: GPL-2.0
|
||||
// SPDX-License-Identifier: GPL-2.0 OR MIT
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* SPDX-License-Identifier: GPL-2.0 */
|
||||
/* SPDX-License-Identifier: GPL-2.0 OR MIT */
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
// SPDX-License-Identifier: GPL-2.0
|
||||
// SPDX-License-Identifier: GPL-2.0 OR MIT
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
|
@ -4,9 +4,10 @@
|
|||
*
|
||||
*/
|
||||
|
||||
#include <assert.h>
|
||||
#include <sys/nv.h>
|
||||
#include <sys/sockio.h>
|
||||
#include <dev/if_wg/if_wg.h>
|
||||
#include <dev/wg/if_wg.h>
|
||||
|
||||
#define IPC_SUPPORTS_KERNEL_INTERFACE
|
||||
|
||||
|
@ -118,7 +119,7 @@ static int kernel_get_device(struct wgdevice **device, const char *ifname)
|
|||
goto skip_peers;
|
||||
for (i = 0; i < peer_count; ++i) {
|
||||
struct wgpeer *peer;
|
||||
struct wgallowedip *aip;
|
||||
struct wgallowedip *aip = NULL;
|
||||
const nvlist_t *const *nvl_aips;
|
||||
size_t aip_count, j;
|
||||
|
||||
|
@ -169,11 +170,13 @@ static int kernel_get_device(struct wgdevice **device, const char *ifname)
|
|||
if (!aip_count || !nvl_aips)
|
||||
goto skip_allowed_ips;
|
||||
for (j = 0; j < aip_count; ++j) {
|
||||
if (!nvlist_exists_number(nvl_aips[j], "cidr"))
|
||||
continue;
|
||||
if (!nvlist_exists_binary(nvl_aips[j], "ipv4") && !nvlist_exists_binary(nvl_aips[j], "ipv6"))
|
||||
continue;
|
||||
aip = calloc(1, sizeof(*aip));
|
||||
if (!aip)
|
||||
goto err_allowed_ips;
|
||||
if (!nvlist_exists_number(nvl_aips[j], "cidr"))
|
||||
continue;
|
||||
number = nvlist_get_number(nvl_aips[j], "cidr");
|
||||
if (nvlist_exists_binary(nvl_aips[j], "ipv4")) {
|
||||
binary = nvlist_get_binary(nvl_aips[j], "ipv4", &size);
|
||||
|
@ -184,7 +187,8 @@ static int kernel_get_device(struct wgdevice **device, const char *ifname)
|
|||
aip->family = AF_INET;
|
||||
aip->cidr = number;
|
||||
memcpy(&aip->ip4, binary, sizeof(aip->ip4));
|
||||
} else if (nvlist_exists_binary(nvl_aips[j], "ipv6")) {
|
||||
} else {
|
||||
assert(nvlist_exists_binary(nvl_aips[j], "ipv6"));
|
||||
binary = nvlist_get_binary(nvl_aips[j], "ipv6", &size);
|
||||
if (!binary || number > 128) {
|
||||
ret = EINVAL;
|
||||
|
@ -193,14 +197,14 @@ static int kernel_get_device(struct wgdevice **device, const char *ifname)
|
|||
aip->family = AF_INET6;
|
||||
aip->cidr = number;
|
||||
memcpy(&aip->ip6, binary, sizeof(aip->ip6));
|
||||
} else
|
||||
continue;
|
||||
}
|
||||
|
||||
if (!peer->first_allowedip)
|
||||
peer->first_allowedip = aip;
|
||||
else
|
||||
peer->last_allowedip->next_allowedip = aip;
|
||||
peer->last_allowedip = aip;
|
||||
aip = NULL;
|
||||
continue;
|
||||
|
||||
err_allowed_ips:
|
||||
|
@ -209,6 +213,9 @@ static int kernel_get_device(struct wgdevice **device, const char *ifname)
|
|||
free(aip);
|
||||
goto err_peer;
|
||||
}
|
||||
|
||||
/* Nothing leaked, hopefully -- ownership transferred or aip freed. */
|
||||
assert(aip == NULL);
|
||||
skip_allowed_ips:
|
||||
if (!dev->first_peer)
|
||||
dev->first_peer = peer;
|
||||
|
@ -322,6 +329,7 @@ static int kernel_set_device(struct wgdevice *dev)
|
|||
nvlist_destroy(nvl_aips[j]);
|
||||
free(nvl_aips);
|
||||
nvlist_destroy(nvl_peers[i]);
|
||||
nvl_peers[i] = NULL;
|
||||
goto err;
|
||||
}
|
||||
if (i) {
|
||||
|
@ -329,9 +337,11 @@ static int kernel_set_device(struct wgdevice *dev)
|
|||
for (i = 0; i < peer_count; ++i)
|
||||
nvlist_destroy(nvl_peers[i]);
|
||||
free(nvl_peers);
|
||||
nvl_peers = NULL;
|
||||
}
|
||||
wgd.wgd_data = nvlist_pack(nvl_device, &wgd.wgd_size);
|
||||
nvlist_destroy(nvl_device);
|
||||
nvl_device = NULL;
|
||||
if (!wgd.wgd_data)
|
||||
goto err;
|
||||
s = get_dgram_socket();
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
// SPDX-License-Identifier: GPL-2.0
|
||||
// SPDX-License-Identifier: GPL-2.0 OR MIT
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* SPDX-License-Identifier: GPL-2.0 */
|
||||
/* SPDX-License-Identifier: GPL-2.0 OR MIT */
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
|
@ -168,7 +168,7 @@ sockets, which bypass Netfilter.) When IPv6 is in use, additional similar lines
|
|||
Or, perhaps it is desirable to store private keys in encrypted form, such as through use of
|
||||
.BR pass (1):
|
||||
|
||||
\fBPostUp = wg set %i private-key <(pass WireGuard/private-keys/%i)\fP
|
||||
\fBPreUp = wg set %i private-key <(pass WireGuard/private-keys/%i)\fP
|
||||
.br
|
||||
|
||||
For use on a server, the following is a more complicated example involving multiple peers:
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
// SPDX-License-Identifier: GPL-2.0
|
||||
// SPDX-License-Identifier: GPL-2.0 OR MIT
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
// SPDX-License-Identifier: GPL-2.0
|
||||
// SPDX-License-Identifier: GPL-2.0 OR MIT
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
// SPDX-License-Identifier: GPL-2.0
|
||||
// SPDX-License-Identifier: GPL-2.0 OR MIT
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
// SPDX-License-Identifier: GPL-2.0
|
||||
// SPDX-License-Identifier: GPL-2.0 OR MIT
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
@ -27,7 +27,7 @@
|
|||
static int peer_cmp(const void *first, const void *second)
|
||||
{
|
||||
time_t diff;
|
||||
const struct wgpeer *a = *(const void **)first, *b = *(const void **)second;
|
||||
const struct wgpeer *a = *(void *const *)first, *b = *(void *const *)second;
|
||||
|
||||
if (!a->last_handshake_time.tv_sec && !a->last_handshake_time.tv_nsec && (b->last_handshake_time.tv_sec || b->last_handshake_time.tv_nsec))
|
||||
return 1;
|
||||
|
@ -312,9 +312,9 @@ static bool ugly_print(struct wgdevice *device, const char *param, bool with_int
|
|||
else
|
||||
printf("off\n");
|
||||
} else if (!strcmp(param, "endpoints")) {
|
||||
if (with_interface)
|
||||
printf("%s\t", device->name);
|
||||
for_each_wgpeer(device, peer) {
|
||||
if (with_interface)
|
||||
printf("%s\t", device->name);
|
||||
printf("%s\t", key(peer->public_key));
|
||||
if (peer->endpoint.addr.sa_family == AF_INET || peer->endpoint.addr.sa_family == AF_INET6)
|
||||
printf("%s\n", endpoint(&peer->endpoint.addr));
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
// SPDX-License-Identifier: GPL-2.0
|
||||
// SPDX-License-Identifier: GPL-2.0 OR MIT
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* SPDX-License-Identifier: GPL-2.0 */
|
||||
/* SPDX-License-Identifier: GPL-2.0 OR MIT */
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
// SPDX-License-Identifier: GPL-2.0
|
||||
// SPDX-License-Identifier: GPL-2.0 OR MIT
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* SPDX-License-Identifier: GPL-2.0 */
|
||||
/* SPDX-License-Identifier: GPL-2.0 OR MIT */
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
|
@ -855,7 +855,7 @@ static void set_dnses(unsigned int netid, const char *dnses)
|
|||
if (!len)
|
||||
return;
|
||||
|
||||
xregcomp(®ex_ipnothost, "^[a-zA-Z0-9_=+.-]{1,15}$", REG_EXTENDED | REG_NOSUB);
|
||||
xregcomp(®ex_ipnothost, "(^[0-9.]+$)|(^.*:.*$)", REG_EXTENDED | REG_NOSUB);
|
||||
for (char *dns = strtok(mutable, ", \t\n"); dns; dns = strtok(NULL, ", \t\n")) {
|
||||
if (strchr(dns, '\'') || strchr(dns, '\\'))
|
||||
continue;
|
||||
|
|
|
@ -452,8 +452,8 @@ cmd_up() {
|
|||
local i
|
||||
get_real_interface && die "\`$INTERFACE' already exists as \`$REAL_INTERFACE'"
|
||||
trap 'del_if; del_routes; exit' INT TERM EXIT
|
||||
execute_hooks "${PRE_UP[@]}"
|
||||
add_if
|
||||
execute_hooks "${PRE_UP[@]}"
|
||||
set_config
|
||||
for i in "${ADDRESSES[@]}"; do
|
||||
add_addr "$i"
|
||||
|
|
|
@ -420,8 +420,8 @@ cmd_up() {
|
|||
local i
|
||||
[[ -z $(ifconfig "$INTERFACE" 2>/dev/null) ]] || die "\`$INTERFACE' already exists"
|
||||
trap 'del_if; del_routes; clean_temp; exit' INT TERM EXIT
|
||||
execute_hooks "${PRE_UP[@]}"
|
||||
add_if
|
||||
execute_hooks "${PRE_UP[@]}"
|
||||
set_config
|
||||
for i in "${ADDRESSES[@]}"; do
|
||||
add_addr "$i"
|
||||
|
|
|
@ -254,9 +254,10 @@ add_default() {
|
|||
fi
|
||||
local proto=-4 iptables=iptables pf=ip
|
||||
[[ $1 == *:* ]] && proto=-6 iptables=ip6tables pf=ip6
|
||||
cmd ip $(option_ns) $proto route add "$1" dev "$INTERFACE" table $table
|
||||
cmd ip $(option_ns) $proto rule add not fwmark $table table $table
|
||||
cmd ip $(option_ns) $proto rule add table main suppress_prefixlength 0
|
||||
|
||||
cmd ip $(option_ns) $proto rule add not fwmark $table table $table
|
||||
cmd ip $(option_ns) $proto rule add table main suppress_prefixlength 0
|
||||
cmd ip $(option_ns) $proto route add "$1" dev "$INTERFACE" table $table
|
||||
|
||||
local marker="-m comment --comment \"wg-quick(8) rule for $INTERFACE\"" restore=$'*raw\n' nftable="wg-quick-$INTERFACE" nftcmd
|
||||
printf -v nftcmd '%sadd table %s %s\n' "$nftcmd" "$pf" "$nftable"
|
||||
|
@ -370,9 +371,10 @@ cmd_up() {
|
|||
[[ -z $(ip link show dev "$INTERFACE" 2>/dev/null) ]] || die "\`$INTERFACE' already exists"
|
||||
[[ -z $(ip $(option_ns) link show dev "$INTERFACE" 2>/dev/null) ]] || die "\`$INTERFACE' already exists in $NAMESPACE."
|
||||
trap 'del_if; exit' INT TERM EXIT
|
||||
|
||||
add_ns
|
||||
execute_hooks "${PRE_UP[@]}"
|
||||
add_if
|
||||
execute_hooks "${PRE_UP[@]}"
|
||||
set_config
|
||||
for i in "${ADDRESSES[@]}"; do
|
||||
add_addr "$i"
|
||||
|
|
|
@ -417,8 +417,8 @@ cmd_up() {
|
|||
local i
|
||||
get_real_interface && die "\`$INTERFACE' already exists as \`$REAL_INTERFACE'"
|
||||
trap 'del_if; del_routes; exit' INT TERM EXIT
|
||||
execute_hooks "${PRE_UP[@]}"
|
||||
add_if
|
||||
execute_hooks "${PRE_UP[@]}"
|
||||
set_config
|
||||
for i in "${ADDRESSES[@]}"; do
|
||||
add_addr "$i"
|
||||
|
|
Reference in New Issue