1 files changed, 49 insertions, 33 deletions
diff --git a/conf/config.go b/conf/config.go
index e1951d47..74ffacf6 100644
--- a/conf/config.go
+++ b/conf/config.go
@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: MIT
  *
- * Copyright (C) 2019 WireGuard LLC. All Rights Reserved.
+ * Copyright (C) 2019-2022 WireGuard LLC. All Rights Reserved.
  */
 
 package conf
@@ -9,9 +9,8 @@ import (
 	"crypto/rand"
 	"crypto/subtle"
 	"encoding/base64"
-	"encoding/hex"
 	"fmt"
-	"net"
+	"net/netip"
 	"strings"
 	"time"
 
@@ -22,19 +21,16 @@ import (
 
 const KeyLength = 32
 
-type IPCidr struct {
-	IP   net.IP
-	Cidr uint8
-}
-
 type Endpoint struct {
 	Host string
 	Port uint16
 }
 
-type Key [KeyLength]byte
-type HandshakeTime time.Duration
-type Bytes uint64
+type (
+	Key           [KeyLength]byte
+	HandshakeTime time.Duration
+	Bytes         uint64
+)
 
 type Config struct {
 	Name      string
@@ -44,17 +40,22 @@ type Config struct {
 
 type Interface struct {
 	PrivateKey Key
-	Addresses  []IPCidr
+	Addresses  []netip.Prefix
 	ListenPort uint16
 	MTU        uint16
-	DNS        []net.IP
+	DNS        []netip.Addr
 	DNSSearch  []string
+	PreUp      string
+	PostUp     string
+	PreDown    string
+	PostDown   string
+	TableOff   bool
 }
 
 type Peer struct {
 	PublicKey           Key
 	PresharedKey        Key
-	AllowedIPs          []IPCidr
+	AllowedIPs          []netip.Prefix
 	Endpoint            Endpoint
 	PersistentKeepalive uint16
 
@@ -63,26 +64,37 @@ type Peer struct {
 	LastHandshakeTime HandshakeTime
 }
 
-func (r *IPCidr) String() string {
-	return fmt.Sprintf("%s/%d", r.IP.String(), r.Cidr)
-}
-
-func (r *IPCidr) Bits() uint8 {
-	if r.IP.To4() != nil {
-		return 32
+func (conf *Config) IntersectsWith(other *Config) bool {
+	allRoutes := make(map[netip.Prefix]bool, len(conf.Interface.Addresses)*2+len(conf.Peers)*3)
+	for _, a := range conf.Interface.Addresses {
+		allRoutes[netip.PrefixFrom(a.Addr(), a.Addr().BitLen())] = true
+		allRoutes[a.Masked()] = true
 	}
-	return 128
-}
-
-func (r *IPCidr) IPNet() net.IPNet {
-	return net.IPNet{
-		IP:   r.IP,
-		Mask: net.CIDRMask(int(r.Cidr), int(r.Bits())),
+	for i := range conf.Peers {
+		for _, a := range conf.Peers[i].AllowedIPs {
+			allRoutes[a.Masked()] = true
+		}
 	}
+	for _, a := range other.Interface.Addresses {
+		if allRoutes[netip.PrefixFrom(a.Addr(), a.Addr().BitLen())] {
+			return true
+		}
+		if allRoutes[a.Masked()] {
+			return true
+		}
+	}
+	for i := range other.Peers {
+		for _, a := range other.Peers[i].AllowedIPs {
+			if allRoutes[a.Masked()] {
+				return true
+			}
+		}
+	}
+	return false
 }
 
 func (e *Endpoint) String() string {
-	if strings.IndexByte(e.Host, ':') > 0 {
+	if strings.IndexByte(e.Host, ':') != -1 {
 		return fmt.Sprintf("[%s]:%d", e.Host, e.Port)
 	}
 	return fmt.Sprintf("%s:%d", e.Host, e.Port)
@@ -96,10 +108,6 @@ func (k *Key) String() string {
 	return base64.StdEncoding.EncodeToString(k[:])
 }
 
-func (k *Key) HexString() string {
-	return hex.EncodeToString(k[:])
-}
-
 func (k *Key) IsZero() bool {
 	var zeros Key
 	return subtle.ConstantTimeCompare(zeros[:], k[:]) == 1
@@ -230,3 +238,11 @@ func (conf *Config) DeduplicateNetworkEntries() {
 		peer.AllowedIPs = peer.AllowedIPs[:i]
 	}
 }
+
+func (conf *Config) Redact() {
+	conf.Interface.PrivateKey = Key{}
+	for i := range conf.Peers {
+		conf.Peers[i].PublicKey = Key{}
+		conf.Peers[i].PresharedKey = Key{}
+	}
+}