diff options
| author | Lennart Poettering <lennart@poettering.net> | 2019-01-28 16:57:08 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-01-28 16:57:08 +0100 |
| commit | 9066811e5ab12367b6d87f1659b8ed98dabd554d (patch) | |
| tree | d319490d16e5cb3e9d7405598fbc2d1602f50864 | |
| parent | units: make sure initrd-cleanup.service terminates before switching to rootfs (diff) | |
| parent | network/wireguard: use sd_netlink_message_append_sockaddr_in{,6}() (diff) | |
| download | systemd-9066811e5ab12367b6d87f1659b8ed98dabd554d.tar.xz systemd-9066811e5ab12367b6d87f1659b8ed98dabd554d.zip | |
Merge pull request #11580 from yuwata/fix-11579
network/wireguard: fix sending wireguard peers
| -rw-r--r-- | src/libsystemd/sd-netlink/netlink-message.c | 36 | ||||
| -rw-r--r-- | src/libsystemd/sd-netlink/netlink-types.c | 2 | ||||
| -rw-r--r-- | src/libsystemd/sd-netlink/netlink-types.h | 1 | ||||
| -rw-r--r-- | src/network/netdev/wireguard.c | 6 | ||||
| -rw-r--r-- | src/systemd/sd-netlink.h | 2 | ||||
| -rw-r--r-- | test/test-network/conf/25-wireguard.netdev | 3 | ||||
| -rwxr-xr-x | test/test-network/systemd-networkd-tests.py | 10 |
7 files changed, 55 insertions, 5 deletions
diff --git a/src/libsystemd/sd-netlink/netlink-message.c b/src/libsystemd/sd-netlink/netlink-message.c index b0b25639f4..5e9bc45139 100644 --- a/src/libsystemd/sd-netlink/netlink-message.c +++ b/src/libsystemd/sd-netlink/netlink-message.c @@ -370,6 +370,42 @@ int sd_netlink_message_append_in6_addr(sd_netlink_message *m, unsigned short typ return 0; } +int sd_netlink_message_append_sockaddr_in(sd_netlink_message *m, unsigned short type, const struct sockaddr_in *data) { + int r; + + assert_return(m, -EINVAL); + assert_return(!m->sealed, -EPERM); + assert_return(data, -EINVAL); + + r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_SOCKADDR); + if (r < 0) + return r; + + r = add_rtattr(m, type, data, sizeof(struct sockaddr_in)); + if (r < 0) + return r; + + return 0; +} + +int sd_netlink_message_append_sockaddr_in6(sd_netlink_message *m, unsigned short type, const struct sockaddr_in6 *data) { + int r; + + assert_return(m, -EINVAL); + assert_return(!m->sealed, -EPERM); + assert_return(data, -EINVAL); + + r = message_attribute_has_type(m, NULL, type, NETLINK_TYPE_SOCKADDR); + if (r < 0) + return r; + + r = add_rtattr(m, type, data, sizeof(struct sockaddr_in6)); + if (r < 0) + return r; + + return 0; +} + int sd_netlink_message_append_ether_addr(sd_netlink_message *m, unsigned short type, const struct ether_addr *data) { int r; diff --git a/src/libsystemd/sd-netlink/netlink-types.c b/src/libsystemd/sd-netlink/netlink-types.c index bb7e8c33ba..9dcd3f2ac8 100644 --- a/src/libsystemd/sd-netlink/netlink-types.c +++ b/src/libsystemd/sd-netlink/netlink-types.c @@ -721,7 +721,7 @@ static const NLType genl_wireguard_peer_types[] = { [WGPEER_A_FLAGS] = { .type = NETLINK_TYPE_U32 }, [WGPEER_A_PRESHARED_KEY] = { .size = WG_KEY_LEN }, [WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL] = { .type = NETLINK_TYPE_U16 }, - [WGPEER_A_ENDPOINT] = { /* either size of sockaddr_in or sockaddr_in6 depending on address family */ }, + [WGPEER_A_ENDPOINT] = { .type = NETLINK_TYPE_SOCKADDR }, [WGPEER_A_ALLOWEDIPS] = { .type = NETLINK_TYPE_NESTED, .type_system = &genl_wireguard_allowedip_type_system }, }; diff --git a/src/libsystemd/sd-netlink/netlink-types.h b/src/libsystemd/sd-netlink/netlink-types.h index 3133e4863d..b84fa4762b 100644 --- a/src/libsystemd/sd-netlink/netlink-types.h +++ b/src/libsystemd/sd-netlink/netlink-types.h @@ -16,6 +16,7 @@ enum { NETLINK_TYPE_CACHE_INFO, NETLINK_TYPE_NESTED, /* NLA_NESTED */ NETLINK_TYPE_UNION, + NETLINK_TYPE_SOCKADDR, }; typedef enum NLMatchType { diff --git a/src/network/netdev/wireguard.c b/src/network/netdev/wireguard.c index 1efd8863f6..0c0b16d1da 100644 --- a/src/network/netdev/wireguard.c +++ b/src/network/netdev/wireguard.c @@ -109,7 +109,7 @@ static int wireguard_set_peer_one(NetDev *netdev, sd_netlink_message *message, c if (r < 0) goto cancel; - if (!start) { + if (!*mask_start) { r = sd_netlink_message_append_data(message, WGPEER_A_PRESHARED_KEY, &peer->preshared_key, WG_KEY_LEN); if (r < 0) goto cancel; @@ -123,9 +123,9 @@ static int wireguard_set_peer_one(NetDev *netdev, sd_netlink_message *message, c goto cancel; if (peer->endpoint.sa.sa_family == AF_INET) - r = sd_netlink_message_append_data(message, WGPEER_A_ENDPOINT, &peer->endpoint.in, sizeof(peer->endpoint.in)); + r = sd_netlink_message_append_sockaddr_in(message, WGPEER_A_ENDPOINT, &peer->endpoint.in); else if (peer->endpoint.sa.sa_family == AF_INET6) - r = sd_netlink_message_append_data(message, WGPEER_A_ENDPOINT, &peer->endpoint.in6, sizeof(peer->endpoint.in6)); + r = sd_netlink_message_append_sockaddr_in6(message, WGPEER_A_ENDPOINT, &peer->endpoint.in6); if (r < 0) goto cancel; } diff --git a/src/systemd/sd-netlink.h b/src/systemd/sd-netlink.h index a97a965ec4..9e6e437bab 100644 --- a/src/systemd/sd-netlink.h +++ b/src/systemd/sd-netlink.h @@ -78,6 +78,8 @@ int sd_netlink_message_append_u32(sd_netlink_message *m, unsigned short type, ui int sd_netlink_message_append_data(sd_netlink_message *m, unsigned short type, const void *data, size_t len); int sd_netlink_message_append_in_addr(sd_netlink_message *m, unsigned short type, const struct in_addr *data); int sd_netlink_message_append_in6_addr(sd_netlink_message *m, unsigned short type, const struct in6_addr *data); +int sd_netlink_message_append_sockaddr_in(sd_netlink_message *m, unsigned short type, const struct sockaddr_in *data); +int sd_netlink_message_append_sockaddr_in6(sd_netlink_message *m, unsigned short type, const struct sockaddr_in6 *data); int sd_netlink_message_append_ether_addr(sd_netlink_message *m, unsigned short type, const struct ether_addr *data); int sd_netlink_message_append_cache_info(sd_netlink_message *m, unsigned short type, const struct ifa_cacheinfo *info); diff --git a/test/test-network/conf/25-wireguard.netdev b/test/test-network/conf/25-wireguard.netdev index 01c5f2a28d..4866c31cca 100644 --- a/test/test-network/conf/25-wireguard.netdev +++ b/test/test-network/conf/25-wireguard.netdev @@ -10,6 +10,7 @@ FwMark=1234 [WireGuardPeer] PublicKey=RDf+LSpeEre7YEIKaxg+wbpsNV7du+ktR99uBEtIiCA= AllowedIPs=fd31:bf08:57cb::/48,192.168.26.0/24 -Endpoint=wireguard.example.com:51820 +#Endpoint=wireguard.example.com:51820 +Endpoint=192.168.27.3:51820 PresharedKey=IIWIV17wutHv7t4cR6pOT91z6NSz/T8Arh0yaywhw3M= PersistentKeepalive=20 diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py index 9e72d35a54..08ceb2d599 100755 --- a/test/test-network/systemd-networkd-tests.py +++ b/test/test-network/systemd-networkd-tests.py @@ -390,6 +390,16 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities): if shutil.which('wg'): subprocess.call('wg') + output = subprocess.check_output(['wg', 'show', 'wg99', 'listen-port']).rstrip().decode('utf-8') + self.assertTrue(output, '51820') + output = subprocess.check_output(['wg', 'show', 'wg99', 'fwmark']).rstrip().decode('utf-8') + self.assertTrue(output, '0x4d2') + output = subprocess.check_output(['wg', 'show', 'wg99', 'allowed-ips']).rstrip().decode('utf-8') + self.assertTrue(output, 'RDf+LSpeEre7YEIKaxg+wbpsNV7du+ktR99uBEtIiCA=\t192.168.26.0/24 fd31:bf08:57cb::/48') + output = subprocess.check_output(['wg', 'show', 'wg99', 'persistent-keepalive']).rstrip().decode('utf-8') + self.assertTrue(output, 'RDf+LSpeEre7YEIKaxg+wbpsNV7du+ktR99uBEtIiCA=\t20') + output = subprocess.check_output(['wg', 'show', 'wg99', 'endpoints']).rstrip().decode('utf-8') + self.assertTrue(output, 'RDf+LSpeEre7YEIKaxg+wbpsNV7du+ktR99uBEtIiCA=\t192.168.27.3:51820') self.assertTrue(self.link_exits('wg99')) |