git: b3dac3913dc9 - main - ifconfig: allow displaying/setting persistent-keepalive
Kyle Evans
kevans at FreeBSD.org
Tue Mar 9 11:17:54 UTC 2021
The branch main has been updated by kevans:
URL: https://cgit.FreeBSD.org/src/commit/?id=b3dac3913dc90fbc6f909ee5c4a876097cd90791
commit b3dac3913dc90fbc6f909ee5c4a876097cd90791
Author: Kyle Evans <kevans at FreeBSD.org>
AuthorDate: 2021-03-08 01:00:58 +0000
Commit: Kyle Evans <kevans at FreeBSD.org>
CommitDate: 2021-03-09 11:16:42 +0000
ifconfig: allow displaying/setting persistent-keepalive
The kernel-side already accepted a persistent-keepalive-interval, so
just add a verb to ifconfig(8) for it and start exporting it so that
ifconfig(8) can view it.
PR: 253790
MFC after: 3 days
Discussed with: decke
---
sbin/ifconfig/ifwg.c | 28 +++++++++++++++++++++++++++-
sys/dev/if_wg/module/module.c | 8 ++++++++
2 files changed, 35 insertions(+), 1 deletion(-)
diff --git a/sbin/ifconfig/ifwg.c b/sbin/ifconfig/ifwg.c
index 105ee7ac31d1..86bacc59f50d 100644
--- a/sbin/ifconfig/ifwg.c
+++ b/sbin/ifconfig/ifwg.c
@@ -280,6 +280,7 @@ dump_peer(const nvlist_t *nvl_peer)
char addr_buf[INET6_ADDRSTRLEN];
size_t size;
int count, port;
+ uint16_t persistent_keepalive;
printf("[Peer]\n");
if (nvlist_exists_binary(nvl_peer, "public-key")) {
@@ -292,7 +293,11 @@ dump_peer(const nvlist_t *nvl_peer)
sa_ntop(endpoint, addr_buf, &port);
printf("Endpoint = %s:%d\n", addr_buf, ntohs(port));
}
-
+ if (nvlist_exists_number(nvl_peer, "persistent-keepalive-interval")) {
+ persistent_keepalive = nvlist_get_number(nvl_peer,
+ "persistent-keepalive-interval");
+ printf("PersistentKeepalive = %d\n", persistent_keepalive);
+ }
if (!nvlist_exists_binary(nvl_peer, "allowed-ips"))
return;
aips = nvlist_get_binary(nvl_peer, "allowed-ips", &size);
@@ -475,6 +480,26 @@ DECL_CMD_FUNC(setwgpubkey, val, d)
nvlist_add_binary(nvl_params, "public-key", key, WG_KEY_LEN);
}
+static
+DECL_CMD_FUNC(setwgpersistentkeepalive, val, d)
+{
+ unsigned long persistent_keepalive;
+ char *endp;
+
+ if (!do_peer)
+ errx(1, "setting persistent keepalive only valid when adding peer");
+
+ errno = 0;
+ persistent_keepalive = strtoul(val, &endp, 0);
+ if (errno != 0 || *endp != '\0')
+ errx(1, "persistent-keepalive must be numeric (seconds)");
+ if (persistent_keepalive > USHRT_MAX)
+ errx(1, "persistent-keepalive '%lu' too large",
+ persistent_keepalive);
+ nvlist_add_number(nvl_params, "persistent-keepalive-interval",
+ persistent_keepalive);
+}
+
static
DECL_CMD_FUNC(setallowedips, val, d)
{
@@ -563,6 +588,7 @@ static struct cmd wireguard_cmds[] = {
DEF_CMD("peer-list", 0, peerlist),
DEF_CMD("peer", 0, peerstart),
DEF_CMD_ARG("public-key", setwgpubkey),
+ DEF_CMD_ARG("persistent-keepalive", setwgpersistentkeepalive),
DEF_CMD_ARG("allowed-ips", setallowedips),
DEF_CMD_ARG("endpoint", setendpoint),
};
diff --git a/sys/dev/if_wg/module/module.c b/sys/dev/if_wg/module/module.c
index 6ae3bf9db022..ad2f17c1e803 100644
--- a/sys/dev/if_wg/module/module.c
+++ b/sys/dev/if_wg/module/module.c
@@ -75,6 +75,7 @@ struct wg_peer_export {
size_t endpoint_sz;
struct wg_allowedip *aip;
int aip_count;
+ uint16_t persistent_keepalive;
};
static int clone_count;
@@ -416,6 +417,9 @@ wg_peer_to_export(struct wg_peer *peer, struct wg_peer_export *exp)
memcpy(exp->public_key, peer->p_remote.r_public,
sizeof(exp->public_key));
+ exp->persistent_keepalive =
+ peer->p_timers.t_persistent_keepalive_interval;
+
exp->aip_count = 0;
CK_LIST_FOREACH(rt, &peer->p_routes, r_entry) {
exp->aip_count++;
@@ -458,6 +462,10 @@ wg_peer_export_to_nvl(struct wg_peer_export *exp)
nvlist_add_binary(nvl, "allowed-ips", exp->aip,
exp->aip_count * sizeof(*exp->aip));
+ if (exp->persistent_keepalive != 0)
+ nvlist_add_number(nvl, "persistent-keepalive-interval",
+ exp->persistent_keepalive);
+
return (nvl);
}
More information about the dev-commits-src-all
mailing list