wg: give "off" value for fwmark
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
parent
a9bcd0d401
commit
d4edc7baa8
|
@ -97,6 +97,12 @@ static inline bool parse_fwmark(uint32_t *fwmark, unsigned int *flags, const cha
|
||||||
char *end;
|
char *end;
|
||||||
int base = 10;
|
int base = 10;
|
||||||
|
|
||||||
|
if (!strcasecmp(value, "off")) {
|
||||||
|
*fwmark = 0;
|
||||||
|
*flags |= WGDEVICE_REMOVE_FWMARK;
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
if (value[0] == '0' && value[1] == 'x') {
|
if (value[0] == '0' && value[1] == 'x') {
|
||||||
value += 2;
|
value += 2;
|
||||||
base = 16;
|
base = 16;
|
||||||
|
|
|
@ -276,7 +276,10 @@ static bool ugly_print(struct wgdevice *device, const char *param, bool with_int
|
||||||
} else if (!strcmp(param, "fwmark")) {
|
} else if (!strcmp(param, "fwmark")) {
|
||||||
if (with_interface)
|
if (with_interface)
|
||||||
printf("%s\t", device->interface);
|
printf("%s\t", device->interface);
|
||||||
printf("0x%x\n", device->fwmark);
|
if (device->fwmark)
|
||||||
|
printf("0x%x\n", device->fwmark);
|
||||||
|
else
|
||||||
|
printf("off\n");
|
||||||
} else if (!strcmp(param, "endpoints")) {
|
} else if (!strcmp(param, "endpoints")) {
|
||||||
if (with_interface)
|
if (with_interface)
|
||||||
printf("%s\t", device->interface);
|
printf("%s\t", device->interface);
|
||||||
|
|
|
@ -79,7 +79,9 @@ add_if() {
|
||||||
}
|
}
|
||||||
|
|
||||||
del_if() {
|
del_if() {
|
||||||
DEFAULT_TABLE=$(( $(wg show "$INTERFACE" fwmark) ))
|
local fwmark="$(wg show "$INTERFACE" fwmark)"
|
||||||
|
DEFAULT_TABLE=0
|
||||||
|
[[ $fwmark != off ]] && DEFAULT_TABLE=$(( $fwmark ))
|
||||||
if [[ $DEFAULT_TABLE -ne 0 ]]; then
|
if [[ $DEFAULT_TABLE -ne 0 ]]; then
|
||||||
while [[ -n $(ip -4 rule show table $DEFAULT_TABLE) ]]; do
|
while [[ -n $(ip -4 rule show table $DEFAULT_TABLE) ]]; do
|
||||||
cmd ip -4 rule delete table $DEFAULT_TABLE
|
cmd ip -4 rule delete table $DEFAULT_TABLE
|
||||||
|
|
9
src/wg.8
9
src/wg.8
|
@ -67,14 +67,16 @@ it adds an additional layer of symmetric-key cryptography to be mixed into
|
||||||
the already existing public-key cryptography, for post-quantum resistance.
|
the already existing public-key cryptography, for post-quantum resistance.
|
||||||
If \fIallowed-ips\fP is specified, but the value is the empty string, all
|
If \fIallowed-ips\fP is specified, but the value is the empty string, all
|
||||||
allowed ips are removed from the peer. The use of \fIpersistent-keepalive\fP
|
allowed ips are removed from the peer. The use of \fIpersistent-keepalive\fP
|
||||||
is optional and is by default off; setting it to 0 or "off", disables it.
|
is optional and is by default off; setting it to 0 or "off" disables it.
|
||||||
Otherwise it represents, in seconds, between 1 and 65535 inclusive, how often
|
Otherwise it represents, in seconds, between 1 and 65535 inclusive, how often
|
||||||
to send an authenticated empty packet to the peer, for the purpose of keeping
|
to send an authenticated empty packet to the peer, for the purpose of keeping
|
||||||
a stateful firewall or NAT mapping valid persistently. For example, if the
|
a stateful firewall or NAT mapping valid persistently. For example, if the
|
||||||
interface very rarely sends traffic, but it might at anytime receive traffic
|
interface very rarely sends traffic, but it might at anytime receive traffic
|
||||||
from a peer, and it is behind NAT, the interface might benefit from having a
|
from a peer, and it is behind NAT, the interface might benefit from having a
|
||||||
persistent keepalive interval of 25 seconds; however, most users will not need
|
persistent keepalive interval of 25 seconds; however, most users will not need
|
||||||
this.
|
this. The use of \fIfwmark\fP is optional and is by default off; setting it to
|
||||||
|
0 or "off" disables it. Otherwise it is a 32-bit fwmark for outgoing packets
|
||||||
|
and may be specified in hexadecimal by prepending "0x".
|
||||||
.TP
|
.TP
|
||||||
\fBsetconf\fP \fI<interface>\fP \fI<configuration-filename>\fP
|
\fBsetconf\fP \fI<interface>\fP \fI<configuration-filename>\fP
|
||||||
Sets the current configuration of \fI<interface>\fP to the contents of
|
Sets the current configuration of \fI<interface>\fP to the contents of
|
||||||
|
@ -126,7 +128,8 @@ for post-quantum resistance.
|
||||||
ListenPort \(em a 16-bit port for listening. Optional; if not specified, chosen
|
ListenPort \(em a 16-bit port for listening. Optional; if not specified, chosen
|
||||||
randomly.
|
randomly.
|
||||||
.IP \(bu
|
.IP \(bu
|
||||||
FwMark \(em a 32-bit fwmark for outgoing packets. Optional.
|
FwMark \(em a 32-bit fwmark for outgoing packets. If set to 0 or "off", this
|
||||||
|
option is disabled. May be specified in hexadecimal by prepending "0x". Optional.
|
||||||
.P
|
.P
|
||||||
The \fIPeer\fP sections may contain the following fields:
|
The \fIPeer\fP sections may contain the following fields:
|
||||||
.IP \(bu
|
.IP \(bu
|
||||||
|
|
Reference in New Issue