aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/src/set.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* ipc: linux: support incremental allowed ips updatesJordan Rife2025-05-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | Extend the interface of `wg set` to leverage the WGALLOWEDIP_F_REMOVE_ME flag, a direct way of removing a single allowed ip from a peer, allowing for incremental updates to a peer's configuration. By default, allowed-ips fully replaces a peer's allowed ips using WGPEER_REPLACE_ALLOWEDIPS under the hood. When '+' or '-' is prepended to any ip in the list, wg clears WGPEER_F_REPLACE_ALLOWEDIPS and sets the WGALLOWEDIP_F_REMOVE_ME flag on any ip prefixed with '-'. $ wg set wg0 peer <PUBKEY> allowed-ips +192.168.88.0/24,-192.168.0.1/32 This command means "add 192.168.88.0/24 to this peer's allowed ips if not present, and remove 192.168.0.1/32 if present". Use -isystem so that headers in uapi/ take precedence over system headers; otherwise, the build will fail on systems running kernels without the WGALLOWEDIP_F_REMOVE_ME flag. Note that this patch is meant to be merged alongside the kernel patch that introduces the flag. Signed-off-by: Jordan Rife <jordan@jrife.io> [Jason: removed linux ifdefs; this will eventually come to other platforms too. minor style nits.] Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: dual license core files as MIT for FreeBSDJason A. Donenfeld2022-06-101-1/+1
| | | | | | | To make it easier for FreeBSD to import wg(8), dual license the core files as MIT, so that they don't have any trouble. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wireguard-tools: const correctnessKyle Evans2021-03-101-1/+1
| | | | | | Fixes much of the noise from a FreeBSD WARNS=6 build of wg(8) Signed-off-by: Kyle Evans <kevans@FreeBSD.org>
* global: bump copyrightJason A. Donenfeld2020-01-021-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: update copyrightJason A. Donenfeld2019-01-071-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: put SPDX identifier on its own lineJason A. Donenfeld2018-09-201-2/+2
| | | | | | | The kernel has very specific rules correlating file type with comment type, and also SPDX identifiers can't be merged with other comments. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg: fix errno propagation and messagesJason A. Donenfeld2018-05-181-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg: normalize strncpy/snprintf usageJason A. Donenfeld2018-02-141-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: year bumpJason A. Donenfeld2018-01-031-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: add SPDX tags to all filesGreg Kroah-Hartman2017-12-091-1/+4
| | | | | | | | | | | | | | It's good to have SPDX identifiers in all files as the Linux kernel developers are working to add these identifiers to all files. Update all files with the correct SPDX license identifier based on the license text of the project or based on the license in the file itself. The SPDX identifier is a legally binding shorthand, which can be used instead of the full boiler plate text. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Modified-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* netlink: switch from ioctl to netlink for configurationJason A. Donenfeld2017-10-021-5/+8
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* noise: redesign preshared key modeJason A. Donenfeld2017-05-171-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* socket: enable setting of fwmarkJason A. Donenfeld2017-02-131-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Update copyrightJason A. Donenfeld2017-01-101-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* headers: cleanup noticesJason A. Donenfeld2016-11-211-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg: rename kernel to ipcJason A. Donenfeld2016-07-211-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg: first additions of userspace integrationJason A. Donenfeld2016-07-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is designed to work with a server that follows this: struct sockaddr_un addr = { .sun_family = AF_UNIX, .sun_path = "/var/run/wireguard/wguserspace0.sock" }; int fd, ret; ssize_t len; socklen_t socklen; struct wgdevice *device; fd = socket(AF_UNIX, SOCK_DGRAM, 0); if (fd < 0) exit(1); if (bind(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) exit(1); for (;;) { /* First we look at how big the next message is, so we know how much to * allocate. Note on BSD you can instead use ioctl(fd, FIONREAD, &len). */ len = recv(fd, NULL, 0, MSG_PEEK | MSG_TRUNC); if (len < 0) { handle_error(); continue; } /* Next we allocate a buffer for the received data. */ device = NULL; if (len) { device = malloc(len); if (!device) { handle_error(); continue; } } /* Finally we receive the data, storing too the return address. */ socklen = sizeof(addr); len = recvfrom(fd, device, len, 0, (struct sockaddr *)&addr, (socklen_t *)&socklen); if (len < 0) { handle_error(); free(device); continue; } if (!len) { /* If len is zero, it's a "get" request, so we send our device back. */ device = get_current_wireguard_device(&len); sendto(fd, device, len, 0, (struct sockaddr *)&addr, socklen); } else { /* Otherwise, we just received a wgdevice, so we should "set" and send back the return status. */ ret = set_current_wireguard_device(device); sendto(fd, &ret, sizeof(ret), 0, (struct sockaddr *)&addr, socklen); free(device); } } Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* persistent keepalive: add userspace supportJason A. Donenfeld2016-07-081-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Initial commitJason A. Donenfeld2016-06-251-0/+35
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.