diff options
Diffstat (limited to 'src/uapi/wireguard.h')
-rw-r--r-- | src/uapi/wireguard.h | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/src/uapi/wireguard.h b/src/uapi/wireguard.h index 0203f2c..bcfcf4f 100644 --- a/src/uapi/wireguard.h +++ b/src/uapi/wireguard.h @@ -20,6 +20,16 @@ * WGDEVICE_A_IFINDEX: NLA_U32 * WGDEVICE_A_IFNAME: NLA_NUL_STRING, maxlen IFNAMESIZ - 1 * + * At most one of the following may be provided: + * + * WGDEVICE_A_DEV_NETNS_PID: NLA_U32 + * WGDEVICE_A_DEV_NETNS_FD: NLA_U32 + * + * If they are provided, the Wireguard device will be looked up in this network + * namespace. Otherwise it is looked up in the network namespace of the netlink + * socket. The caller must have CAP_NET_ADMIN in the namespace of the Wireguard + * device. + * * The kernel will then return several messages (NLM_F_MULTI) containing the * following tree of nested items: * @@ -72,9 +82,15 @@ * WG_CMD_SET_DEVICE * ----------------- * - * May only be called via NLM_F_REQUEST. The command should contain the - * following tree of nested items, containing one but not both of - * WGDEVICE_A_IFINDEX and WGDEVICE_A_IFNAME: + * May only be called via NLM_F_REQUEST. The command must contain the following + * tree of nested items. Exactly one of WGDEVICE_A_IFINDEX and WGDEVICE_A_IFNAME + * must be provided. All other top-level items are optional. At most one of + * WGDEVICE_A_DEV_NETNS_PID and WGDEVICE_A_DEV_NETNS_FD may be provided. + * + * If WGDEVICE_A_DEV_NETNS_PID/FD is provided, the Wireguard device is looked up + * in this network namespace. Otherwise it is looked up in the network namespace + * of the netlink socket. The caller must have CAP_NET_ADMIN in the namespace of + * the Wireguard device. * * WGDEVICE_A_IFINDEX: NLA_U32 * WGDEVICE_A_IFNAME: NLA_NUL_STRING, maxlen IFNAMESIZ - 1 @@ -82,6 +98,8 @@ * peers should be removed prior to adding the list below. * WGDEVICE_A_PRIVATE_KEY: len WG_KEY_LEN, all zeros to remove * WGDEVICE_A_LISTEN_PORT: NLA_U16, 0 to choose randomly + * WGDEVICE_A_DEV_NETNS_PID: NLA_U32 + * WGDEVICE_A_DEV_NETNS_FD: NLA_U32 * WGDEVICE_A_FWMARK: NLA_U32, 0 to disable * WGDEVICE_A_PEERS: NLA_NESTED * 0: NLA_NESTED @@ -154,6 +172,8 @@ enum wgdevice_attribute { WGDEVICE_A_LISTEN_PORT, WGDEVICE_A_FWMARK, WGDEVICE_A_PEERS, + WGDEVICE_A_DEV_NETNS_PID, + WGDEVICE_A_DEV_NETNS_FD, __WGDEVICE_A_LAST }; #define WGDEVICE_A_MAX (__WGDEVICE_A_LAST - 1) |