picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Merge pull request #11580 from yuwata/fix-11579

Browse source 
network/wireguard: fix sending wireguard peers
This commit is contained in:
Lennart Poettering 2019-01-28 16:57:08 +01:00 committed by GitHub
parent e2c7c94ea3 624a47694c
commit 9066811e5a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 55 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
src/libsystemd/sd-netlink/netlink-message.c
View file

@ -370,6 +370,42 @@ int sd_netlink_message_append_in6_addr(sd_netlink_message *m, unsigned short typ
return 0;
}
int sd_netlink_message_append_sockaddr_in(sd_netlink_message *m, unsigned short type, const struct sockaddr_in *data) {
int r;
assert_return(m, -EINVAL);
assert_return(!m->sealed, -EPERM);
assert_return(data, -EINVAL);
r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_SOCKADDR);
if (r < 0)
return r;
r = add_rtattr(m, type, data, sizeof(struct sockaddr_in));
if (r < 0)
return r;
return 0;
}
int sd_netlink_message_append_sockaddr_in6(sd_netlink_message *m, unsigned short type, const struct sockaddr_in6 *data) {
int r;
assert_return(m, -EINVAL);
assert_return(!m->sealed, -EPERM);
assert_return(data, -EINVAL);
r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_SOCKADDR);
if (r < 0)
return r;
r = add_rtattr(m, type, data, sizeof(struct sockaddr_in6));
if (r < 0)
return r;
return 0;
}
int sd_netlink_message_append_ether_addr(sd_netlink_message *m, unsigned short type, const struct ether_addr *data) {
int r;

2
src/libsystemd/sd-netlink/netlink-types.c
View file

@ -721,7 +721,7 @@ static const NLType genl_wireguard_peer_types[] = {
[WGPEER_A_FLAGS] = { .type = NETLINK_TYPE_U32 },
[WGPEER_A_PRESHARED_KEY] = { .size = WG_KEY_LEN },
[WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL] = { .type = NETLINK_TYPE_U16 },
[WGPEER_A_ENDPOINT] = { /* either size of sockaddr_in or sockaddr_in6 depending on address family */ },
[WGPEER_A_ENDPOINT] = { .type = NETLINK_TYPE_SOCKADDR },
[WGPEER_A_ALLOWEDIPS] = { .type = NETLINK_TYPE_NESTED, .type_system = &genl_wireguard_allowedip_type_system },
};

1
src/libsystemd/sd-netlink/netlink-types.h
View file

@ -16,6 +16,7 @@ enum {
NETLINK_TYPE_CACHE_INFO,
NETLINK_TYPE_NESTED, /* NLA_NESTED */
NETLINK_TYPE_UNION,
NETLINK_TYPE_SOCKADDR,
};
typedef enum NLMatchType {

6
src/network/netdev/wireguard.c
View file

@ -109,7 +109,7 @@ static int wireguard_set_peer_one(NetDev *netdev, sd_netlink_message *message, c
if (r < 0)
goto cancel;
if (!start) {
if (!*mask_start) {
r = sd_netlink_message_append_data(message, WGPEER_A_PRESHARED_KEY, &peer->preshared_key, WG_KEY_LEN);
if (r < 0)
goto cancel;
@ -123,9 +123,9 @@ static int wireguard_set_peer_one(NetDev *netdev, sd_netlink_message *message, c
goto cancel;
if (peer->endpoint.sa.sa_family == AF_INET)
r = sd_netlink_message_append_data(message, WGPEER_A_ENDPOINT, &peer->endpoint.in, sizeof(peer->endpoint.in));
r = sd_netlink_message_append_sockaddr_in(message, WGPEER_A_ENDPOINT, &peer->endpoint.in);
else if (peer->endpoint.sa.sa_family == AF_INET6)
r = sd_netlink_message_append_data(message, WGPEER_A_ENDPOINT, &peer->endpoint.in6, sizeof(peer->endpoint.in6));
r = sd_netlink_message_append_sockaddr_in6(message, WGPEER_A_ENDPOINT, &peer->endpoint.in6);
if (r < 0)
goto cancel;
}

2
src/systemd/sd-netlink.h
View file

@ -78,6 +78,8 @@ int sd_netlink_message_append_u32(sd_netlink_message *m, unsigned short type, ui
int sd_netlink_message_append_data(sd_netlink_message *m, unsigned short type, const void *data, size_t len);
int sd_netlink_message_append_in_addr(sd_netlink_message *m, unsigned short type, const struct in_addr *data);
int sd_netlink_message_append_in6_addr(sd_netlink_message *m, unsigned short type, const struct in6_addr *data);
int sd_netlink_message_append_sockaddr_in(sd_netlink_message *m, unsigned short type, const struct sockaddr_in *data);
int sd_netlink_message_append_sockaddr_in6(sd_netlink_message *m, unsigned short type, const struct sockaddr_in6 *data);
int sd_netlink_message_append_ether_addr(sd_netlink_message *m, unsigned short type, const struct ether_addr *data);
int sd_netlink_message_append_cache_info(sd_netlink_message *m, unsigned short type, const struct ifa_cacheinfo *info);

3
test/test-network/conf/25-wireguard.netdev
View file

@ -10,6 +10,7 @@ FwMark=1234
[WireGuardPeer]
PublicKey=RDf+LSpeEre7YEIKaxg+wbpsNV7du+ktR99uBEtIiCA=
AllowedIPs=fd31:bf08:57cb::/48,192.168.26.0/24
Endpoint=wireguard.example.com:51820
#Endpoint=wireguard.example.com:51820
Endpoint=192.168.27.3:51820
PresharedKey=IIWIV17wutHv7t4cR6pOT91z6NSz/T8Arh0yaywhw3M=
PersistentKeepalive=20

10
test/test-network/systemd-networkd-tests.py
View file

@ -390,6 +390,16 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
if shutil.which('wg'):
subprocess.call('wg')
output = subprocess.check_output(['wg', 'show', 'wg99', 'listen-port']).rstrip().decode('utf-8')
self.assertTrue(output, '51820')
output = subprocess.check_output(['wg', 'show', 'wg99', 'fwmark']).rstrip().decode('utf-8')
self.assertTrue(output, '0x4d2')
output = subprocess.check_output(['wg', 'show', 'wg99', 'allowed-ips']).rstrip().decode('utf-8')
self.assertTrue(output, 'RDf+LSpeEre7YEIKaxg+wbpsNV7du+ktR99uBEtIiCA=\t192.168.26.0/24 fd31:bf08:57cb::/48')
output = subprocess.check_output(['wg', 'show', 'wg99', 'persistent-keepalive']).rstrip().decode('utf-8')
self.assertTrue(output, 'RDf+LSpeEre7YEIKaxg+wbpsNV7du+ktR99uBEtIiCA=\t20')
output = subprocess.check_output(['wg', 'show', 'wg99', 'endpoints']).rstrip().decode('utf-8')
self.assertTrue(output, 'RDf+LSpeEre7YEIKaxg+wbpsNV7du+ktR99uBEtIiCA=\t192.168.27.3:51820')
self.assertTrue(self.link_exits('wg99'))