From d719ad31f096583c501af3bea01a01ffd72337d5 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Mon, 4 Mar 2019 09:26:23 +0100 Subject: [PATCH] wireguard: add "peer-routes" setting for WireGuard profiles This setting is not yet implemented. This adds new API for 1.16.0 and is an ABI break since 1.16-rc1. --- clients/common/nm-meta-setting-desc.c | 3 ++ clients/common/settings-docs.h.in | 1 + libnm-core/nm-setting-wireguard.c | 45 +++++++++++++++++++++++++++ libnm-core/nm-setting-wireguard.h | 4 +++ libnm/libnm.ver | 1 + 5 files changed, 54 insertions(+) diff --git a/clients/common/nm-meta-setting-desc.c b/clients/common/nm-meta-setting-desc.c index 185760213..1203e008f 100644 --- a/clients/common/nm-meta-setting-desc.c +++ b/clients/common/nm-meta-setting-desc.c @@ -7536,6 +7536,9 @@ static const NMMetaPropertyInfo *const property_infos_WIREGUARD[] = { .base = 16, ), ), + PROPERTY_INFO_WITH_DESC (NM_SETTING_WIREGUARD_PEER_ROUTES, + .property_type = &_pt_gobject_bool, + ), PROPERTY_INFO_WITH_DESC (NM_SETTING_WIREGUARD_MTU, .property_type = &_pt_gobject_mtu, ), diff --git a/clients/common/settings-docs.h.in b/clients/common/settings-docs.h.in index 2bdff62d1..7b958faae 100644 --- a/clients/common/settings-docs.h.in +++ b/clients/common/settings-docs.h.in @@ -365,6 +365,7 @@ #define DESCRIBE_DOC_NM_SETTING_WIREGUARD_FWMARK N_("The use of fwmark is optional and is by default off. Setting it to 0 disables it. Otherwise it is a 32-bit fwmark for outgoing packets.") #define DESCRIBE_DOC_NM_SETTING_WIREGUARD_LISTEN_PORT N_("The listen-port. If listen-port is not specified, the port will be chosen randomly when the interface comes up.") #define DESCRIBE_DOC_NM_SETTING_WIREGUARD_MTU N_("If non-zero, only transmit packets of the specified size or smaller, breaking larger packets up into multiple fragments. If zero a default MTU is used. Note that contrary to wg-quick's MTU setting, this does not take into account the current routes at the time of activation.") +#define DESCRIBE_DOC_NM_SETTING_WIREGUARD_PEER_ROUTES N_("Whether to automatically add routes for the AllowedIPs ranges of the peers. If TRUE (the default), NetworkManager will automatically add routes in the routing tables according to ipv4.route-table and ipv6.route-table. If FALSE, no such routes are added automatically. In this case, the user may want to configure static routes in ipv4.routes and ipv6.routes, respectively.") #define DESCRIBE_DOC_NM_SETTING_WIREGUARD_PRIVATE_KEY N_("The 256 bit private-key in base64 encoding.") #define DESCRIBE_DOC_NM_SETTING_WIREGUARD_PRIVATE_KEY_FLAGS N_("Flags indicating how to handle the \"private-key\" property.") #define DESCRIBE_DOC_NM_SETTING_WPAN_CHANNEL N_("IEEE 802.15.4 channel. A positive integer or -1, meaning \"do not set, use whatever the device is already set to\".") diff --git a/libnm-core/nm-setting-wireguard.c b/libnm-core/nm-setting-wireguard.c index 317f30f84..1b158a321 100644 --- a/libnm-core/nm-setting-wireguard.c +++ b/libnm-core/nm-setting-wireguard.c @@ -853,6 +853,7 @@ NM_GOBJECT_PROPERTIES_DEFINE_BASE ( PROP_FWMARK, PROP_LISTEN_PORT, PROP_MTU, + PROP_PEER_ROUTES, PROP_PRIVATE_KEY, PROP_PRIVATE_KEY_FLAGS, ); @@ -866,6 +867,7 @@ typedef struct { guint32 mtu; guint16 listen_port; bool private_key_valid:1; + bool peer_routes:1; } NMSettingWireGuardPrivate; /** @@ -980,6 +982,22 @@ nm_setting_wireguard_get_listen_port (NMSettingWireGuard *self) return NM_SETTING_WIREGUARD_GET_PRIVATE (self)->listen_port; } +/** + * nm_setting_wireguard_get_peer_routes: + * @self: the #NMSettingWireGuard instance + * + * Returns: whether automatically add peer routes. + * + * Since: 1.16 + */ +gboolean +nm_setting_wireguard_get_peer_routes (NMSettingWireGuard *self) +{ + g_return_val_if_fail (NM_IS_SETTING_WIREGUARD (self), TRUE); + + return NM_SETTING_WIREGUARD_GET_PRIVATE (self)->peer_routes; +} + /** * nm_setting_wireguard_get_mtu: * @self: the #NMSettingWireGuard instance @@ -2187,6 +2205,9 @@ get_property (GObject *object, guint prop_id, case PROP_MTU: g_value_set_uint (value, priv->mtu); break; + case PROP_PEER_ROUTES: + g_value_set_boolean (value, priv->peer_routes); + break; case PROP_PRIVATE_KEY: g_value_set_string (value, priv->private_key); break; @@ -2216,6 +2237,9 @@ set_property (GObject *object, guint prop_id, case PROP_MTU: priv->mtu = g_value_get_uint (value); break; + case PROP_PEER_ROUTES: + priv->peer_routes = g_value_get_boolean (value); + break; case PROP_PRIVATE_KEY: nm_clear_pointer (&priv->private_key, nm_free_secret); str = g_value_get_string (value); @@ -2248,6 +2272,7 @@ nm_setting_wireguard_init (NMSettingWireGuard *setting) priv->peers_arr = g_ptr_array_new (); priv->peers_hash = g_hash_table_new (nm_pstr_hash, nm_pstr_equal); + priv->peer_routes = TRUE; } /** @@ -2362,6 +2387,26 @@ nm_setting_wireguard_class_init (NMSettingWireGuardClass *klass) | NM_SETTING_PARAM_INFERRABLE | G_PARAM_STATIC_STRINGS); + /** + * NMSettingWireGuard:peer-routes: + * + * Whether to automatically add routes for the AllowedIPs ranges + * of the peers. If %TRUE (the default), NetworkManager will automatically + * add routes in the routing tables according to ipv4.route-table and + * ipv6.route-table. + * If %FALSE, no such routes are added automatically. In this case, the + * user may want to configure static routes in ipv4.routes and ipv6.routes, + * respectively. + * + * Since: 1.16 + **/ + obj_properties[PROP_PEER_ROUTES] = + g_param_spec_boolean (NM_SETTING_WIREGUARD_PEER_ROUTES, "", "", + TRUE, + G_PARAM_READWRITE + | NM_SETTING_PARAM_INFERRABLE + | G_PARAM_STATIC_STRINGS); + /** * NMSettingWireGuard:mtu: * diff --git a/libnm-core/nm-setting-wireguard.h b/libnm-core/nm-setting-wireguard.h index 257439267..17fb4664c 100644 --- a/libnm-core/nm-setting-wireguard.h +++ b/libnm-core/nm-setting-wireguard.h @@ -134,6 +134,7 @@ int nm_wireguard_peer_cmp (const NMWireGuardPeer *a, #define NM_SETTING_WIREGUARD_PEERS "peers" #define NM_SETTING_WIREGUARD_MTU "mtu" +#define NM_SETTING_WIREGUARD_PEER_ROUTES "peer-routes" #define NM_WIREGUARD_PEER_ATTR_ALLOWED_IPS "allowed-ips" #define NM_WIREGUARD_PEER_ATTR_ENDPOINT "endpoint" @@ -196,6 +197,9 @@ gboolean nm_setting_wireguard_remove_peer (NMSettingWireGuard *self, NM_AVAILABLE_IN_1_16 guint nm_setting_wireguard_clear_peers (NMSettingWireGuard *self); +NM_AVAILABLE_IN_1_16 +gboolean nm_setting_wireguard_get_peer_routes (NMSettingWireGuard *self); + NM_AVAILABLE_IN_1_16 guint32 nm_setting_wireguard_get_mtu (NMSettingWireGuard *self); diff --git a/libnm/libnm.ver b/libnm/libnm.ver index cd523dae0..3af360667 100644 --- a/libnm/libnm.ver +++ b/libnm/libnm.ver @@ -1469,6 +1469,7 @@ global: nm_setting_wireguard_get_mtu; nm_setting_wireguard_get_peer; nm_setting_wireguard_get_peer_by_public_key; + nm_setting_wireguard_get_peer_routes; nm_setting_wireguard_get_peers_len; nm_setting_wireguard_get_private_key; nm_setting_wireguard_get_private_key_flags;