diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-01-24 04:20:05 +0100 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-02-07 12:21:22 +0100 |
commit | 7df25293c436beef0b86dd7954ce0ee495c4936b (patch) | |
tree | 81cedd892b3b47f95c3cae8c292a2f4009b73daf /src/tools | |
parent | tools: setconf should remove existing psk (diff) | |
download | wireguard-monolithic-historical-7df25293c436beef0b86dd7954ce0ee495c4936b.tar.xz wireguard-monolithic-historical-7df25293c436beef0b86dd7954ce0ee495c4936b.zip |
tools: remove key for any empty file
Rather than just using /dev/null to mean key removal, match on any empty
file, so that this interface is cross platform.
Diffstat (limited to 'src/tools')
-rw-r--r-- | src/tools/config.c | 14 | ||||
-rw-r--r-- | src/tools/wg.8 | 29 |
2 files changed, 18 insertions, 25 deletions
diff --git a/src/tools/config.c b/src/tools/config.c index e6db6ad..da19cc3 100644 --- a/src/tools/config.c +++ b/src/tools/config.c @@ -390,7 +390,6 @@ static int read_line(char **dst, const char *path) { FILE *f; size_t n = 0; - struct stat stat; *dst = NULL; @@ -399,22 +398,15 @@ static int read_line(char **dst, const char *path) perror("fopen"); return -1; } - if (fstat(fileno(f), &stat) < 0) { - perror("fstat"); - fclose(f); - return -1; - } - if (S_ISCHR(stat.st_mode) && stat.st_rdev == makedev(1, 3)) { - fclose(f); - return 1; - } - if (getline(dst, &n, f) < 0) { + if (getline(dst, &n, f) < 0 && errno) { perror("getline"); fclose(f); return -1; } fclose(f); n = strlen(*dst); + if (!n) + return 1; while (--n) { if (isspace((*dst)[n])) (*dst)[n] = '\0'; diff --git a/src/tools/wg.8 b/src/tools/wg.8 index 54ae378..2ec005c 100644 --- a/src/tools/wg.8 +++ b/src/tools/wg.8 @@ -60,20 +60,21 @@ most systems but if you are using .BR bash (1), you may safely pass in a string by specifying as \fIprivate-key\fP or \fIpreshared-key\fP the expression: <(echo PRIVATEKEYSTRING). If -\fI/dev/null\fP is specified as the filename for either \fIprivate-key\fP or -\fIpreshared-key\fP, the key is removed from the device. The use of -\fIpreshared-key\fP is optional, and may be omitted; it adds an additional -layer of symmetric-key cryptography to be mixed into the already existing -public-key cryptography, for post-quantum resistance. If \fIallowed-ips\fP -is specified, but the value is the empty string, all allowed ips are removed -from the peer. The use of \fIpersistent-keepalive\fP is optional and is by -default off; setting it to 0 or "off", disables it. Otherwise it represents, -in seconds, between 1 and 65535 inclusive, how often to send an authenticated -empty packet to the peer, for the purpose of keeping a stateful firewall or NAT -mapping valid persistently. For example, if the interface very rarely sends -traffic, but it might at anytime receive traffic from a peer, and it is behind -NAT, the interface might benefit from having a persistent keepalive interval -of 25 seconds; however, most users will not need this. +\fI/dev/null\fP or another empty file is specified as the filename for +either \fIprivate-key\fP or \fIpreshared-key\fP, the key is removed from +the device. The use of \fIpreshared-key\fP is optional, and may be omitted; +it adds an additional layer of symmetric-key cryptography to be mixed into +the already existing public-key cryptography, for post-quantum resistance. +If \fIallowed-ips\fP is specified, but the value is the empty string, all +allowed ips are removed from the peer. The use of \fIpersistent-keepalive\fP +is optional and is by default off; setting it to 0 or "off", disables it. +Otherwise it represents, in seconds, between 1 and 65535 inclusive, how often +to send an authenticated empty packet to the peer, for the purpose of keeping +a stateful firewall or NAT mapping valid persistently. For example, if the +interface very rarely sends traffic, but it might at anytime receive traffic +from a peer, and it is behind NAT, the interface might benefit from having a +persistent keepalive interval of 25 seconds; however, most users will not need +this. .TP \fBsetconf\fP \fI<interface>\fP \fI<configuration-filename>\fP Sets the current configuration of \fI<interface>\fP to the contents of |