diff options
Diffstat (limited to 'src/tools')
-rw-r--r-- | src/tools/config.c | 8 | ||||
-rw-r--r-- | src/tools/containers.h | 5 | ||||
-rw-r--r-- | src/tools/ipc.c | 4 | ||||
-rw-r--r-- | src/tools/man/wg.8 | 9 | ||||
-rw-r--r-- | src/tools/set.c | 2 |
5 files changed, 24 insertions, 4 deletions
diff --git a/src/tools/config.c b/src/tools/config.c index 1daa5ea..76a74f2 100644 --- a/src/tools/config.c +++ b/src/tools/config.c @@ -19,6 +19,7 @@ #include "containers.h" #include "ipc.h" #include "encoding.h" +#include "netns.h" #define COMMENT_CHAR '#' @@ -392,6 +393,8 @@ static bool process_line(struct config_ctx *ctx, const char *line) if (ctx->is_device_section) { if (key_match("ListenPort")) ret = parse_port(&ctx->device->listen_port, &ctx->device->flags, value); + else if (key_match("TransitNetns")) + ret = netns_parse(&ctx->device->transit_netns, value); else if (key_match("FwMark")) ret = parse_fwmark(&ctx->device->fwmark, &ctx->device->flags, value); else if (key_match("PrivateKey")) { @@ -525,6 +528,11 @@ struct wgdevice *config_read_cmd(char *argv[], int argc) goto error; argv += 2; argc -= 2; + } else if (!strcmp(argv[0], "transit-netns") && argc >= 2 && !peer) { + if (!netns_parse(&device->transit_netns, argv[1])) + goto error; + argv += 2; + argc -= 2; } else if (!strcmp(argv[0], "fwmark") && argc >= 2 && !peer) { if (!parse_fwmark(&device->fwmark, &device->flags, argv[1])) goto error; diff --git a/src/tools/containers.h b/src/tools/containers.h index d588a44..ce812e9 100644 --- a/src/tools/containers.h +++ b/src/tools/containers.h @@ -75,7 +75,9 @@ enum { WGDEVICE_HAS_PRIVATE_KEY = 1U << 1, WGDEVICE_HAS_PUBLIC_KEY = 1U << 2, WGDEVICE_HAS_LISTEN_PORT = 1U << 3, - WGDEVICE_HAS_FWMARK = 1U << 4 + WGDEVICE_HAS_FWMARK = 1U << 4, + WGDEVICE_HAS_TRANSIT_NETNS_PID = 1U << 5, + WGDEVICE_HAS_TRANSIT_NETNS_FD = 1U << 6, }; struct wgdevice { @@ -89,6 +91,7 @@ struct wgdevice { uint32_t fwmark; uint16_t listen_port; + struct wgnetns transit_netns; struct wgpeer *first_peer, *last_peer; }; diff --git a/src/tools/ipc.c b/src/tools/ipc.c index 2c16897..e66cd2c 100644 --- a/src/tools/ipc.c +++ b/src/tools/ipc.c @@ -575,6 +575,10 @@ again: mnl_attr_put(nlh, WGDEVICE_A_PRIVATE_KEY, sizeof(dev->private_key), dev->private_key); if (dev->flags & WGDEVICE_HAS_LISTEN_PORT) mnl_attr_put_u16(nlh, WGDEVICE_A_LISTEN_PORT, dev->listen_port); + if (dev->transit_netns.flags & WGNETNS_HAS_PID) + mnl_attr_put_u32(nlh, WGDEVICE_A_TRANSIT_NETNS_PID, dev->transit_netns.pid); + if (dev->transit_netns.flags & WGNETNS_HAS_FD) + mnl_attr_put_u32(nlh, WGDEVICE_A_TRANSIT_NETNS_FD, (uint32_t)dev->transit_netns.fd); if (dev->flags & WGDEVICE_HAS_FWMARK) mnl_attr_put_u32(nlh, WGDEVICE_A_FWMARK, dev->fwmark); if (dev->flags & WGDEVICE_REPLACE_PEERS) diff --git a/src/tools/man/wg.8 b/src/tools/man/wg.8 index 2013825..0ddad87 100644 --- a/src/tools/man/wg.8 +++ b/src/tools/man/wg.8 @@ -55,12 +55,17 @@ transfer-rx, transfer-tx, persistent-keepalive. Shows the current configuration of \fI<interface>\fP in the format described by \fICONFIGURATION FILE FORMAT\fP below. .TP -\fBset\fP \fI<interface>\fP [\fIlisten-port\fP \fI<port>\fP] [\fIfwmark\fP \fI<fwmark>\fP] [\fIprivate-key\fP \fI<file-path>\fP] [\fIpeer\fP \fI<base64-public-key>\fP [\fIremove\fP] [\fIpreshared-key\fP \fI<file-path>\fP] [\fIendpoint\fP \fI<ip>:<port>\fP] [\fIpersistent-keepalive\fP \fI<interval seconds>\fP] [\fIallowed-ips\fP \fI<ip1>/<cidr1>\fP[,\fI<ip2>/<cidr2>\fP]...] ]... +\fBset\fP \fI<interface>\fP [\fIlisten-port\fP \fI<port>\fP] [\fItransit-netns\fP \fI<pid|file-path>\fP] [\fIfwmark\fP \fI<fwmark>\fP] [\fIprivate-key\fP \fI<file-path>\fP] [\fIpeer\fP \fI<base64-public-key>\fP [\fIremove\fP] [\fIpreshared-key\fP \fI<file-path>\fP] [\fIendpoint\fP \fI<ip>:<port>\fP] [\fIpersistent-keepalive\fP \fI<interval seconds>\fP] [\fIallowed-ips\fP \fI<ip1>/<cidr1>\fP[,\fI<ip2>/<cidr2>\fP]...] ]... Sets configuration values for the specified \fI<interface>\fP. Multiple \fIpeer\fPs may be specified, and if the \fIremove\fP argument is given for a peer, that peer is removed, not configured. If \fIlisten-port\fP is not specified, the port will be chosen randomly when the -interface comes up. Both \fIprivate-key\fP and \fIpreshared-key\fP must +interface comes up. If transit-netns is not specified, the network namespace +through which encrypted packets are routed is the one in which the device +was created. Otherwise the network namespace through which encrypted packets are +routed is the one specified by the argument. If the argument is an unsigned +32-bit integer, it is interpeted as a process id, otherwise it is interpreted as +a file path. Both \fIprivate-key\fP and \fIpreshared-key\fP must be a files, because command line arguments are not considered private on most systems but if you are using .BR bash (1), diff --git a/src/tools/set.c b/src/tools/set.c index 5457c67..f11ef8f 100644 --- a/src/tools/set.c +++ b/src/tools/set.c @@ -18,7 +18,7 @@ int set_main(int argc, char *argv[], struct wgoptions *options) int ret = 1; if (argc < 3) { - fprintf(stderr, "Usage: %s %s <interface> [listen-port <port>] [fwmark <mark>] [private-key <file path>] [peer <base64 public key> [remove] [preshared-key <file path>] [endpoint <ip>:<port>] [persistent-keepalive <interval seconds>] [allowed-ips <ip1>/<cidr1>[,<ip2>/<cidr2>]...] ]...\n", PROG_NAME, argv[0]); + fprintf(stderr, "Usage: %s %s <interface> [listen-port <port>] [transit-netns <pid|file path>] [fwmark <mark>] [private-key <file path>] [peer <base64 public key> [remove] [preshared-key <file path>] [endpoint <ip>:<port>] [persistent-keepalive <interval seconds>] [allowed-ips <ip1>/<cidr1>[,<ip2>/<cidr2>]...] ]...\n", PROG_NAME, argv[0]); return 1; } |