From patchwork Fri May 19 01:59:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Maxim Cournoyer X-Patchwork-Id: 50141 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id AA53A27BBE9; Fri, 19 May 2023 03:01:20 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H2,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 62ACF27BBE2 for ; Fri, 19 May 2023 03:01:18 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pzpQV-0000O3-Fu; Thu, 18 May 2023 22:01:03 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pzpQU-0000Nq-JZ for guix-patches@gnu.org; Thu, 18 May 2023 22:01:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pzpQU-00067E-5G for guix-patches@gnu.org; Thu, 18 May 2023 22:01:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1pzpQU-00072D-1X for guix-patches@gnu.org; Thu, 18 May 2023 22:01:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#63402] [PATCH v5 1/5] services: herd: Add a new 'current-service' procedure. Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 19 May 2023 02:01:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 63402 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 63402@debbugs.gnu.org Cc: Maxim Cournoyer Received: via spool by 63402-submit@debbugs.gnu.org id=B63402.168446166027025 (code B ref 63402); Fri, 19 May 2023 02:01:02 +0000 Received: (at 63402) by debbugs.gnu.org; 19 May 2023 02:01:00 +0000 Received: from localhost ([127.0.0.1]:54945 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pzpQR-00071p-Go for submit@debbugs.gnu.org; Thu, 18 May 2023 22:01:00 -0400 Received: from mail-qv1-f43.google.com ([209.85.219.43]:61719) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pzpQO-00071Y-37 for 63402@debbugs.gnu.org; Thu, 18 May 2023 22:00:58 -0400 Received: by mail-qv1-f43.google.com with SMTP id 6a1803df08f44-61b58b6e864so21966916d6.3 for <63402@debbugs.gnu.org>; Thu, 18 May 2023 19:00:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1684461650; x=1687053650; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=AHK10pNweAf429LFpGHvkcqrYp/sf1a9/2a23XpN7PA=; b=qncQ1dXi+KS5O0AxbzuvrLuMRQQWTnKcCsfe+fk2SL2+Y6WX2wlcnyq2TZYW49KGQI qSrPuj1BSXHllev7QKSJYpc/2Cdw5oOoeedZFknW3nPs0f5IIOvHGos09irJTbPO+37u kMvemFf5bqjVCi7JUjlwH87Y7iHfAFtFeX7XziHa5GVuboj/PiTSqKNuQPq6aT97CVq7 3ZCP+BHVhNROUF8jV3D8kJjl7qaXveqEasiyzyklazvmxrtJLwBDFIx3NJoZ+VClGAA8 OCJz0nr7JWMShFUKGCaosXoPXmLFosJP+AMhHOUXomNYZfE0xyNaL+PYkCu6iugGfL/q g1Rg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684461650; x=1687053650; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=AHK10pNweAf429LFpGHvkcqrYp/sf1a9/2a23XpN7PA=; b=DcVg4FICdPa1VTNSGKRZUTiOVDVNALbqSTP2v6QeBQkIWGJHwqN6I37KpF9VmgUgJO Bzw6daesw3ODyLFMRFnrhJBCWQZh30QCVgc0S8E4LFE9Huj5POcfJCq1SBzOs10qL4AV qHKeSLMdKTI1b7NwwOhsXnc+w9U/HzL6HSlZWROb+cBZwkhifGEorUmPPuUU+HAsYzav IWrb7w3s9BT9gWqlOxBnDQCHHI6AH2yxZTCkZmnHHTcu1lwrK/mkU9ri1V2Qoghq2RaK tm7Yn6kobm2NNu7oGu1Mo9Bf9i6j5MTE3MBwMvgAthMicxirwXQ5WHPOD/RgYOmJvLCu 1sKw== X-Gm-Message-State: AC+VfDxpSMIYOwe9gH3t0An+8ol9rtR7PUorXqskhIIPcwSzrY+D561F koYl0guM7zMQ0j3nxsfpgJRhu8p2jbSNhw== X-Google-Smtp-Source: ACHHUZ5HC0Xv5eho/vhrlVuscMxCtl2orG+H7zSNUVc/b+2lvVwgHxW9TF8Q2819SkVy9f+cDo+CyQ== X-Received: by 2002:a05:6214:1256:b0:5ef:5049:f49a with SMTP id r22-20020a056214125600b005ef5049f49amr2081236qvv.32.1684461650105; Thu, 18 May 2023 19:00:50 -0700 (PDT) Received: from localhost.localdomain (dsl-150-33.b2b2c.ca. [66.158.150.33]) by smtp.gmail.com with ESMTPSA id mg14-20020a056214560e00b0062389d885f5sm964348qvb.47.2023.05.18.19.00.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 May 2023 19:00:49 -0700 (PDT) From: Maxim Cournoyer Date: Thu, 18 May 2023 21:59:13 -0400 Message-Id: <4ae50adcd4cef9d26b26eb4456727538d61f064c.1684461197.git.maxim.cournoyer@gmail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/services/herd.scm (current-service): New procedure, mostly reusing the existing current-services. (current-services): Implement in terms of the above procedure. --- gnu/services/herd.scm | 52 +++++++++++++++++++++++++++---------------- 1 file changed, 33 insertions(+), 19 deletions(-) diff --git a/gnu/services/herd.scm b/gnu/services/herd.scm index 48594015fc..02c2fec20f 100644 --- a/gnu/services/herd.scm +++ b/gnu/services/herd.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2016-2019, 2022-2023 Ludovic Courtès ;;; Copyright © 2017, 2020 Mathieu Othacehe +;;; Copyright © 2023 Maxim Cournoyer ;;; ;;; This file is part of GNU Guix. ;;; @@ -51,6 +52,7 @@ (define-module (gnu services herd) live-service-canonical-name with-shepherd-action + current-service current-services unload-services unload-service @@ -208,31 +210,43 @@ (define (live-service-canonical-name service) "Return the 'canonical name' of SERVICE." (first (live-service-provision service))) -(define (current-services) - "Return the list of currently defined Shepherd services, represented as - objects. Return #f if the list of services could not be -obtained." - (with-shepherd-action 'root ('status) results - ;; We get a list of results, one for each service with the name 'root'. +(define (current-service name) + "Return the currently defined Shepherd service NAME, as a +object. Return #f if the service could not be obtained. As a special case, +@code{(current-service 'root)} returns all the current services." + (define (process-services services) + (resolve-transients + (map (lambda (service) + (alist-let* service (provides requires running transient?) + ;; The Shepherd 0.9.0 would not provide 'transient?' in + ;; its status sexp. Thus, when it's missing, query it + ;; via an "eval" request. + (live-service provides requires + (if (sloppy-assq 'transient? service) + transient? + (and running *unspecified*)) + running))) + services))) + + (with-shepherd-action name ('status) results + ;; We get a list of results, one for each service with the name NAME. ;; In practice there's only one such service though. (match results ((services _ ...) (match services ((('service ('version 0 _ ...) _ ...) ...) - (resolve-transients - (map (lambda (service) - (alist-let* service (provides requires running transient?) - ;; The Shepherd 0.9.0 would not provide 'transient?' in its - ;; status sexp. Thus, when it's missing, query it via an - ;; "eval" request. - (live-service provides requires - (if (sloppy-assq 'transient? service) - transient? - (and running *unspecified*)) - running))) - services))) + ;; Summary of all services (when NAME is 'root or 'shepherd). + (process-services services)) + (('service ('version 0 _ ...) _ ...) ;single service + (first (process-services (list services)))) (x - #f)))))) + #f)))))) ;singleton + +(define (current-services) + "Return the list of currently defined Shepherd services, represented as + objects. Return #f if the list of services could not be +obtained." + (current-service 'root)) (define (resolve-transients services) "Resolve the subset of SERVICES whose 'transient?' field is undefined. This From patchwork Fri May 19 01:59:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Maxim Cournoyer X-Patchwork-Id: 50145 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 5542027BBEA; Fri, 19 May 2023 03:02:41 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 178C527BBE2 for ; Fri, 19 May 2023 03:02:39 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pzpRU-0000b6-Ai; Thu, 18 May 2023 22:02:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pzpRS-0000aR-RK for guix-patches@gnu.org; Thu, 18 May 2023 22:02:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pzpRS-0006JJ-IM for guix-patches@gnu.org; Thu, 18 May 2023 22:02:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1pzpRS-00074U-E4 for guix-patches@gnu.org; Thu, 18 May 2023 22:02:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#63402] [PATCH v5 2/5] services: wireguard: Implement a dynamic IP monitoring feature. Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 19 May 2023 02:02:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 63402 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 63402@debbugs.gnu.org Cc: Maxim Cournoyer Received: via spool by 63402-submit@debbugs.gnu.org id=B63402.168446166927080 (code B ref 63402); Fri, 19 May 2023 02:02:02 +0000 Received: (at 63402) by debbugs.gnu.org; 19 May 2023 02:01:09 +0000 Received: from localhost ([127.0.0.1]:54949 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pzpQa-00072f-2E for submit@debbugs.gnu.org; Thu, 18 May 2023 22:01:09 -0400 Received: from mail-qv1-f52.google.com ([209.85.219.52]:56610) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pzpQX-00071x-KY for 63402@debbugs.gnu.org; Thu, 18 May 2023 22:01:06 -0400 Received: by mail-qv1-f52.google.com with SMTP id 6a1803df08f44-62388997422so11121726d6.1 for <63402@debbugs.gnu.org>; Thu, 18 May 2023 19:01:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1684461660; x=1687053660; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=DWO4lhNSsQPv8Py0KlDl6kw/zyRtM22GunLl5+gnR6k=; b=UCuGFN1A7u7uIlq2cweVDcvTD5Aam1ygdESfbnNy2QT+rYTkNSvWsGkBZAf/AHa4p+ fQeNtT9Xg/vpQaWfStY8Q6p71e2g434hF4UtiIoKMa0ceS6iBr5trEY3ZEty65AU+w2x sEZQdHF2GC8cWwvoL9C9NWOgJZrw+iR49jwtIx4gbImS9OSCGpICDGe8jrFmfsHSeXER nlxUEJ1q/KRSWBB1r+SKwkIEjE+tp6fdqivRvxWVAkuYQo1Rm7SCwtth+3dy5JIiN32t h5zxhhzmBGQiF+njH1BeSClFjPg0ogqI7kvezhc/8q42y7+miSFgW+1ET+S78buKKvGP KSFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684461660; x=1687053660; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DWO4lhNSsQPv8Py0KlDl6kw/zyRtM22GunLl5+gnR6k=; b=FbytOGv103q6StN6X/AVRDAZ+M+OUktxeKBwinFvA90j3XZUP86xJAUzBM4TVyqsoU MCch6Hl1uipp7YKDaee+Rec8uZ7j/VWVTulyi9UX71jLhTuahVEi2P8tYQs2e9KCrnMR LUCSkkm9UMWHmWqQJwG7IiKKAzJ0sAd5srRGRAIW0ebazd/2loIjFMw0YCc9nd29KeDs SeJ3j2HqrRQgtfChWEk4xEw9ssH9F2s3yeSXZMM+6HcFVLGJe/pz7F9xm6uK7/ZUwQKD ZbZqRqUQTVDp9+Uxrg5ibO4GXFZhtKq4gOy3By+cDcOfwVZOkpYXW13wC0CKt2RwVcrB gXAA== X-Gm-Message-State: AC+VfDx3XJOM+fgMgBqI2lG7J+E6LJe31e0F6PGkJbCybfTbRxClSaQ2 EebIuRDHc601qMUJBr+0BZBfrXL+jK2ahA== X-Google-Smtp-Source: ACHHUZ7MMZrAxckAfvRB2bgi2cQd2goHXEbTAY13FhNdMwDw/Y9gyUHB85e6lFHzNImRPm7aFlhVBw== X-Received: by 2002:a05:6214:21e8:b0:618:e1d9:75b8 with SMTP id p8-20020a05621421e800b00618e1d975b8mr1507291qvj.34.1684461659706; Thu, 18 May 2023 19:00:59 -0700 (PDT) Received: from localhost.localdomain (dsl-150-33.b2b2c.ca. [66.158.150.33]) by smtp.gmail.com with ESMTPSA id mg14-20020a056214560e00b0062389d885f5sm964348qvb.47.2023.05.18.19.00.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 May 2023 19:00:59 -0700 (PDT) From: Maxim Cournoyer Date: Thu, 18 May 2023 21:59:14 -0400 Message-Id: X-Mailer: git-send-email 2.40.1 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/services/vpn.scm () [monitor-ips?, monitor-ips-internal]: New fields. * gnu/services/vpn.scm (define-with-source): New syntax. (wireguard-service-name, strip-port/maybe) (ipv4-address?, ipv6-address?, host-name?) (endpoint-host-names): New procedure. (wireguard-monitoring-jobs): Likewise. (wireguard-service-type): Register it. * tests/services/vpn.scm: New file. * Makefile.am (SCM_TESTS): Register it. * doc/guix.texi (VPN Services): Update doc. --- Makefile.am | 1 + doc/guix.texi | 17 ++++- gnu/services/vpn.scm | 148 +++++++++++++++++++++++++++++++++++++++-- tests/services/vpn.scm | 83 +++++++++++++++++++++++ 4 files changed, 243 insertions(+), 6 deletions(-) create mode 100644 tests/services/vpn.scm diff --git a/Makefile.am b/Makefile.am index 8b7bb4772d..e1cb1083fc 100644 --- a/Makefile.am +++ b/Makefile.am @@ -557,6 +557,7 @@ SCM_TESTS = \ tests/services/lightdm.scm \ tests/services/linux.scm \ tests/services/telephony.scm \ + tests/services/vpn.scm \ tests/sets.scm \ tests/size.scm \ tests/status.scm \ diff --git a/doc/guix.texi b/doc/guix.texi index b40870f42b..b19ba887a1 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -32642,9 +32642,22 @@ VPN Services @item @code{dns} (default: @code{#f}) The DNS server(s) to announce to VPN clients via DHCP. +@item @code{monitor-ips?} (default: @code{#f}) +@cindex Dynamic IP, with Wireguard +@cindex dyndns, usage with Wireguard +Whether to monitor the resolved Internet addresses (IPs) of the +endpoints of the configured peers, resetting the peer endpoints using an +IP address that no longer correspond to their freshly resolved host +name. Set this to @code{#t} if one or more endpoints use host names +provided by a dynamic DNS service to keep the sessions alive. + +@item @code{monitor-ips-internal} (default: @code{'(next-minute (range 0 60 5))}) +The time interval at which the IP monitoring job should run, provided as +an mcron time specification (@pxref{Guile Syntax,,,mcron}). + @item @code{private-key} (default: @code{"/etc/wireguard/private.key"}) -The private key file for the interface. It is automatically generated if -the file does not exist. +The private key file for the interface. It is automatically generated +if the file does not exist. @item @code{peers} (default: @code{'()}) The authorized peers on this interface. This is a list of diff --git a/gnu/services/vpn.scm b/gnu/services/vpn.scm index a884d71eb2..9cf08c194a 100644 --- a/gnu/services/vpn.scm +++ b/gnu/services/vpn.scm @@ -11,6 +11,7 @@ ;;; Copyright © 2021 Nathan Dehnel ;;; Copyright © 2022 Cameron V Chaparro ;;; Copyright © 2022 Timo Wilken +;;; Copyright © 2023 Maxim Cournoyer ;;; ;;; This file is part of GNU Guix. ;;; @@ -31,10 +32,12 @@ (define-module (gnu services vpn) #:use-module (gnu services) #:use-module (gnu services configuration) #:use-module (gnu services dbus) + #:use-module (gnu services mcron) #:use-module (gnu services shepherd) #:use-module (gnu system shadow) #:use-module (gnu packages admin) #:use-module (gnu packages vpn) + #:use-module (guix modules) #:use-module (guix packages) #:use-module (guix records) #:use-module (guix gexp) @@ -73,6 +76,8 @@ (define-module (gnu services vpn) wireguard-configuration-addresses wireguard-configuration-port wireguard-configuration-dns + wireguard-configuration-monitor-ips? + wireguard-configuration-monitor-ips-interval wireguard-configuration-private-key wireguard-configuration-peers wireguard-configuration-pre-up @@ -741,6 +746,10 @@ (define-record-type* (default '())) (dns wireguard-configuration-dns ;list of strings (default #f)) + (monitor-ips? wireguard-configuration-monitor-ips? ;boolean + (default #f)) + (monitor-ips-interval wireguard-configuration-monitor-ips-interval + (default '(next-minute (range 0 60 5)))) ;string | list (pre-up wireguard-configuration-pre-up ;list of strings (default '())) (post-up wireguard-configuration-post-up ;list of strings @@ -871,6 +880,56 @@ (define (wireguard-activation config) (chmod #$private-key #o400) (close-pipe pipe)))))) +;;; XXX: Copied from (guix scripts pack), changing define to define*. +(define-syntax-rule (define-with-source (variable args ...) body body* ...) + "Bind VARIABLE to a procedure accepting ARGS defined as BODY, also setting +its source property." + (begin + (define* (variable args ...) + body body* ...) + (eval-when (load eval) + (set-procedure-property! variable 'source + '(define* (variable args ...) body body* ...))))) + +(define (wireguard-service-name interface) + "Return the WireGuard service name (a symbol) configured to use INTERFACE." + (symbol-append 'wireguard- (string->symbol interface))) + +(define-with-source (strip-port/maybe endpoint #:key ipv6?) + "Strip the colon and port, if present in ENDPOINT, a string." + (if ipv6? + (if (string-prefix? "[" endpoint) + (first (string-split (string-drop endpoint 1) #\])) ;ipv6 + endpoint) + (first (string-split endpoint #\:)))) ;ipv4 + +(define (ipv4-address? str) + "Return true if STR denotes an IPv4 address." + (false-if-exception + (->bool (inet-pton AF_INET (strip-port/maybe str))))) + +(define (ipv6-address? str) + "Return true if STR denotes an IPv6 address." + (false-if-exception + (->bool (inet-pton AF_INET6 (strip-port/maybe str #:ipv6? #t))))) + +(define (host-name? name) + "Predicate to check whether NAME is a host name, i.e. not an IP address." + (not (or (ipv6-address? name) (ipv4-address? name)))) + +(define (endpoint-host-names peers) + "Return an association list of endpoint host names keyed by their peer +public key, if any." + (reverse + (fold (lambda (peer host-names) + (let ((public-key (wireguard-peer-public-key peer)) + (endpoint (wireguard-peer-endpoint peer))) + (if (and endpoint (host-name? endpoint)) + (cons (cons public-key endpoint) host-names) + host-names))) + '() + peers))) + (define (wireguard-shepherd-service config) (match-record config (wireguard interface) @@ -878,9 +937,7 @@ (define (wireguard-shepherd-service config) (config (wireguard-configuration-file config))) (list (shepherd-service (requirement '(networking)) - (provision (list - (symbol-append 'wireguard- - (string->symbol interface)))) + (provision (list (wireguard-service-name interface))) (start #~(lambda _ (invoke #$wg-quick "up" #$config))) (stop #~(lambda _ @@ -888,6 +945,87 @@ (define (wireguard-shepherd-service config) #f)) ;stopped! (documentation "Run the Wireguard VPN tunnel")))))) +(define (wireguard-monitoring-jobs config) + ;; Loosely based on WireGuard's own 'reresolve-dns.sh' shell script (see: + ;; https://raw.githubusercontent.com/WireGuard/wireguard-tools/ + ;; master/contrib/reresolve-dns/reresolve-dns.sh). + (match-record config + (interface monitor-ips? monitor-ips-interval peers) + (let ((host-names (endpoint-host-names peers))) + (if monitor-ips? + (if (null? host-names) + (begin + (warn "monitor-ips? is #t but no host name to monitor") + '()) + ;; The mcron monitor job may be a string or a list; ungexp strips + ;; one quote level, which must be added back when a list is + ;; provided. + (list + #~(job + (if (string? #$monitor-ips-interval) + #$monitor-ips-interval + '#$monitor-ips-interval) + #$(program-file + (format #f "wireguard-~a-monitoring" interface) + (with-imported-modules (source-module-closure + '((gnu services herd) + (guix build utils))) + #~(begin + (use-modules (gnu services herd) + (guix build utils) + (ice-9 popen) + (ice-9 match) + (ice-9 textual-ports) + (srfi srfi-1) + (srfi srfi-26)) + + (define (resolve-host name) + "Return the IP address resolved from NAME." + (let* ((ai (car (getaddrinfo name))) + (sa (addrinfo:addr ai))) + (inet-ntop (sockaddr:fam sa) + (sockaddr:addr sa)))) + + (define wg #$(file-append wireguard-tools "/bin/wg")) + + #$(procedure-source strip-port/maybe) + + (define service-name '#$(wireguard-service-name + interface)) + + (when (live-service-running + (current-service service-name)) + (let* ((pipe (open-pipe* OPEN_READ wg "show" + #$interface "endpoints")) + (lines (string-split (get-string-all pipe) + #\newline)) + ;; IPS is an association list mapping + ;; public keys to IP addresses. + (ips (map (match-lambda + ((public-key ip) + (cons public-key + (strip-port/maybe ip)))) + (map (cut string-split <> #\tab) + (remove string-null? + lines))))) + (close-pipe pipe) + (for-each + (match-lambda + ((key . host-name) + (let ((resolved-ip (resolve-host + (strip-port/maybe + host-name))) + (current-ip (assoc-ref ips key))) + (unless (string=? resolved-ip current-ip) + (format #t "resetting `~a' peer \ +endpoint to `~a' due to stale IP (`~a' instead of `~a')~%" + key host-name + current-ip resolved-ip) + (invoke wg "set" #$interface "peer" key + "endpoint" host-name))))) + '#$host-names))))))))) + '())))) ;monitor-ips? is #f + (define wireguard-service-type (service-type (name 'wireguard) @@ -898,6 +1036,8 @@ (define wireguard-service-type wireguard-activation) (service-extension profile-service-type (compose list - wireguard-configuration-wireguard)))) + wireguard-configuration-wireguard)) + (service-extension mcron-service-type + wireguard-monitoring-jobs))) (description "Set up Wireguard @acronym{VPN, Virtual Private Network} tunnels."))) diff --git a/tests/services/vpn.scm b/tests/services/vpn.scm new file mode 100644 index 0000000000..a7f4bec26b --- /dev/null +++ b/tests/services/vpn.scm @@ -0,0 +1,83 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2023 Maxim Cournoyer +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (tests services vpn) + #:use-module (gnu packages vpn) + #:use-module (gnu services vpn) + #:use-module (guix gexp) + #:use-module (ice-9 match) + #:use-module (srfi srfi-1) + #:use-module (srfi srfi-64)) + +;;; Commentary: +;;; +;;; Unit tests for the (gnu services vpn) module. +;;; +;;; Code: + +;;; Access some internals for whitebox testing. +(define ipv4-address? (@@ (gnu services vpn) ipv4-address?)) +(define ipv6-address? (@@ (gnu services vpn) ipv6-address?)) +(define host-name? (@@ (gnu services vpn) host-name?)) +(define endpoint-host-names + (@@ (gnu services vpn) endpoint-host-names)) + +(test-begin "vpn-services") + +(test-assert "ipv4-address?" + (every ipv4-address? + (list "192.95.5.67:1234" + "10.0.0.1"))) + +(test-assert "ipv6-address?" + (every ipv6-address? + (list "[2607:5300:60:6b0::c05f:543]:2468" + "2607:5300:60:6b0::c05f:543" + "2345:0425:2CA1:0000:0000:0567:5673:23b5" + "2345:0425:2CA1::0567:5673:23b5"))) + +(define %wireguard-peers + (list (wireguard-peer + (name "dummy1") + (public-key "VlesLiEB5BFd//OD2ILKXviolfz+hodG6uZ+XjoalC8=") + (endpoint "some.dynamic-dns.service:53281") + (allowed-ips '())) + (wireguard-peer + (name "dummy2") + (public-key "AlesLiEB5BFd//OD2ILKXviolfz+hodG6uZ+XgoalC9=") + (endpoint "example.org") + (allowed-ips '())) + (wireguard-peer + (name "dummy3") + (public-key "BlesLiEB5BFd//OD2ILKXviolfz+hodG6uZ+XgoalC7=") + (endpoint "10.0.0.7:7777") + (allowed-ips '())) + (wireguard-peer + (name "dummy4") + (public-key "ClesLiEB5BFd//OD2ILKXviolfz+hodG6uZ+XgoalC6=") + (endpoint "[2345:0425:2CA1::0567:5673:23b5]:44444") + (allowed-ips '())))) + +(test-equal "endpoint-host-names" + '(("VlesLiEB5BFd//OD2ILKXviolfz+hodG6uZ+XjoalC8=" . + "some.dynamic-dns.service:53281") + ("AlesLiEB5BFd//OD2ILKXviolfz+hodG6uZ+XgoalC9=" . + "example.org")) + (endpoint-host-names %wireguard-peers)) + +(test-end "vpn-services") From patchwork Fri May 19 01:59:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Cournoyer X-Patchwork-Id: 50144 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 04F7D27BBE9; Fri, 19 May 2023 03:02:39 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H2,SPF_HELO_PASS autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 57B0C27BBE2 for ; Fri, 19 May 2023 03:02:37 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pzpRU-0000b9-Iu; Thu, 18 May 2023 22:02:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pzpRT-0000aZ-BL for guix-patches@gnu.org; Thu, 18 May 2023 22:02:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pzpRT-0006JV-2e for guix-patches@gnu.org; Thu, 18 May 2023 22:02:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1pzpRS-00074c-Sm for guix-patches@gnu.org; Thu, 18 May 2023 22:02:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#63402] [PATCH v5 3/5] services: wireguard: Clean-up configuration file serializer. Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 19 May 2023 02:02:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 63402 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 63402@debbugs.gnu.org Cc: Maxim Cournoyer Received: via spool by 63402-submit@debbugs.gnu.org id=B63402.168446168227110 (code B ref 63402); Fri, 19 May 2023 02:02:02 +0000 Received: (at 63402) by debbugs.gnu.org; 19 May 2023 02:01:22 +0000 Received: from localhost ([127.0.0.1]:54952 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pzpQo-00073B-5K for submit@debbugs.gnu.org; Thu, 18 May 2023 22:01:22 -0400 Received: from mail-qk1-f171.google.com ([209.85.222.171]:48345) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pzpQl-00072u-Ke for 63402@debbugs.gnu.org; Thu, 18 May 2023 22:01:20 -0400 Received: by mail-qk1-f171.google.com with SMTP id af79cd13be357-757731a32ecso144411085a.0 for <63402@debbugs.gnu.org>; Thu, 18 May 2023 19:01:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1684461674; x=1687053674; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=xo5zpV0uTb1+0y0D4cUPi0Qz/eedNC0VVUztyJk81eg=; b=PtOvVfcSi5hnaemvJTqFcoIIvIxkl7vehLcC7aYgG26SAAcPhZ9NgZPXOoM7vA1HFj 6C7PEPEPIXZ7XL5YCafpZPmuiANAdAGRTKSLB/z4uNTLYwYlKnF1Wn9Thj0fKUNWKGxM UrWzJyX7DHwEdKeN7etK48s3OTf6tWGz1hfXg35RlNnZyKdYAqpy9D9Mfbcepe8e4MEB 2gme/MWwNhehYY5WooEJtBm9mra9ltOor4WB//mUFRkvcbzIaqq6NhTQ5FUamBzSwG4t Lo/wFR5AHgHGt3wMS8oHm0cgGP43si4c78TTynJtETqtFuDmLr16IgQOa8JDYPHKOWYZ A5hA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684461674; x=1687053674; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xo5zpV0uTb1+0y0D4cUPi0Qz/eedNC0VVUztyJk81eg=; b=KTRmTTJAw6ReTb4UkwHF363IYEZUSbw/ajWsDpkIkvKX9yqJ+AiwUUipWU5fUGrhle NWokwwV0xwgLhCCEQyEc6fWd89dEGOur+9LA6Ab2lU90v6MWtuCN9lFT36nUMkcE19lZ RsXQ49rVaT6oEjkRslIE0kbry6ZP4tBm6K4sP5mcFPchohaNNuOPiEqeUTS+251LZXz6 VO7jaJwtdnlGKJQ+MRFhEXF5CmbtZ2cT3E3XFWGM+bOTUIsvuroer3PdLsY2W2LLbRAd V/kY9ysTxgW53d8rFnC0+mYEjtwxDhApXca7sN0ApmS7bjIaoJQlXaX8XFkhkC462YiN R1xA== X-Gm-Message-State: AC+VfDy45NCOVWVJXLUp/SywGdTWWwcjFTNgxhTdeoP0h8whBaUL0fdN tvfULSj1hXw2fUZ5BMazQ/45qBbPLXWkPQ== X-Google-Smtp-Source: ACHHUZ5lcbUoUjZUw08K0ZB0DfgQk/boXtAOQ7wAK5Fem/d5sTdgTBspyQXe6Sh4N6iWIwWus11R8w== X-Received: by 2002:a05:6214:509b:b0:61a:943c:11fd with SMTP id kk27-20020a056214509b00b0061a943c11fdmr1856105qvb.4.1684461673926; Thu, 18 May 2023 19:01:13 -0700 (PDT) Received: from localhost.localdomain (dsl-150-33.b2b2c.ca. [66.158.150.33]) by smtp.gmail.com with ESMTPSA id mg14-20020a056214560e00b0062389d885f5sm964348qvb.47.2023.05.18.19.01.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 May 2023 19:01:13 -0700 (PDT) From: Maxim Cournoyer Date: Thu, 18 May 2023 21:59:15 -0400 Message-Id: <21fe58a5dac60b6d9640c19a57ac1187180d3df3.1684461197.git.maxim.cournoyer@gmail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches Previously, the generated config file would contain arbitrary whitespace that made it look ugly. * gnu/services/vpn.scm () [dns]: Change default value from #f to '(). (wireguard-configuration-file): Use match-record. Format each line individually, assembling the lines at the end to avoid extraneous white space. * doc/guix.texi (VPN Services): Update doc. --- doc/guix.texi | 2 +- gnu/services/vpn.scm | 119 ++++++++++++++++--------------------------- 2 files changed, 46 insertions(+), 75 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index b19ba887a1..e2f46852e2 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -32639,7 +32639,7 @@ VPN Services @item @code{port} (default: @code{51820}) The port on which to listen for incoming connections. -@item @code{dns} (default: @code{#f}) +@item @code{dns} (default: @code{'())}) The DNS server(s) to announce to VPN clients via DHCP. @item @code{monitor-ips?} (default: @code{#f}) diff --git a/gnu/services/vpn.scm b/gnu/services/vpn.scm index 9cf08c194a..8740722b6f 100644 --- a/gnu/services/vpn.scm +++ b/gnu/services/vpn.scm @@ -44,6 +44,7 @@ (define-module (gnu services vpn) #:use-module (guix i18n) #:use-module (guix deprecation) #:use-module (srfi srfi-1) + #:use-module (ice-9 format) #:use-module (ice-9 match) #:use-module (ice-9 regex) #:export (openvpn-client-service ; deprecated @@ -745,7 +746,7 @@ (define-record-type* (peers wireguard-configuration-peers ;list of (default '())) (dns wireguard-configuration-dns ;list of strings - (default #f)) + (default '())) (monitor-ips? wireguard-configuration-monitor-ips? ;boolean (default #f)) (monitor-ips-interval wireguard-configuration-monitor-ips-interval @@ -763,24 +764,15 @@ (define-record-type* (define (wireguard-configuration-file config) (define (peer->config peer) - (let ((name (wireguard-peer-name peer)) - (public-key (wireguard-peer-public-key peer)) - (endpoint (wireguard-peer-endpoint peer)) - (allowed-ips (wireguard-peer-allowed-ips peer)) - (keep-alive (wireguard-peer-keep-alive peer))) - (format #f "[Peer] #~a -PublicKey = ~a -AllowedIPs = ~a -~a~a" - name - public-key - (string-join allowed-ips ",") - (if endpoint - (format #f "Endpoint = ~a\n" endpoint) - "") - (if keep-alive - (format #f "PersistentKeepalive = ~a\n" keep-alive) - "\n")))) + (match-record peer + (name public-key endpoint allowed-ips keep-alive) + (let ((lines (list + (format #f "[Peer] #~a" name) + (format #f "PublicKey = ~a" public-key) + (format #f "AllowedIPs = ~{~a~^, ~}" allowed-ips) + (format #f "~@[Endpoint = ~a~]" endpoint) + (format #f "~@[PersistentKeepalive = ~a~]" keep-alive)))) + (string-join (remove string-null? lines) "\n")))) (define (peers->preshared-keys peer keys) (let ((public-key (wireguard-peer-public-key peer)) @@ -799,65 +791,44 @@ (define (wireguard-configuration-file config) (computed-file "wireguard-config" #~(begin + (use-modules (ice-9 format) + (srfi srfi-1)) + + (define lines + (list + "[Interface]" + #$@(if (null? addresses) + '() + (list (format #f "Address = ~{~a~^, ~}" + addresses))) + (format #f "~@[Table = ~a~]" #$table) + #$@(if (null? pre-up) + '() + (list (format #f "~{PreUp = ~a~%~}" pre-up))) + (format #f "PostUp = ~a set %i private-key ~a\ +~{ peer ~a preshared-key ~a~}" #$(file-append wireguard "/bin/wg") +#$private-key '#$peer-keys) + #$@(if (null? post-up) + '() + (list (format #f "~{PostUp = ~a~%~}" post-up))) + #$@(if (null? pre-down) + '() + (list (format #f "~{PreDown = ~a~%~}" pre-down))) + #$@(if (null? post-down) + '() + (list (format #f "~{PostDown = ~a~%~}" post-down))) + (format #f "~@[ListenPort = ~a~]" #$port) + #$@(if (null? dns) + '() + (list (format #f "~{DNS = ~{~a~^, ~}" dns))))) + (mkdir #$output) (chdir #$output) (call-with-output-file #$config-file (lambda (port) - (let ((format (@ (ice-9 format) format))) - (format port "[Interface] -Address = ~a -~a -~a -PostUp = ~a set %i private-key ~a~{ peer ~a preshared-key ~a~} -~a -~a -~a -~a -~a -~{~a~^~%~}" - #$(string-join addresses ",") - #$(if table - (format #f "Table = ~a" table) - "") - #$(if (null? pre-up) - "" - (string-join - (map (lambda (command) - (format #f "PreUp = ~a" command)) - pre-up) - "\n")) - #$(file-append wireguard "/bin/wg") - #$private-key - '#$peer-keys - #$(if (null? post-up) - "" - (string-join - (map (lambda (command) - (format #f "PostUp = ~a" command)) - post-up) - "\n")) - #$(if (null? pre-down) - "" - (string-join - (map (lambda (command) - (format #f "PreDown = ~a" command)) - pre-down) - "\n")) - #$(if (null? post-down) - "" - (string-join - (map (lambda (command) - (format #f "PostDown = ~a" command)) - post-down) - "\n")) - #$(if port - (format #f "ListenPort = ~a" port) - "") - #$(if dns - (format #f "DNS = ~a" - (string-join dns ",")) - "") - (list #$@peers))))))))) + (format port "~a~%~%~{~a~%~^~%~}" + (string-join (remove string-null? lines) "\n") + '#$peers))))))) (file-append config "/" config-file)))) (define (wireguard-activation config) From patchwork Fri May 19 01:59:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Cournoyer X-Patchwork-Id: 50143 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id DDA9A27BBEA; Fri, 19 May 2023 03:02:36 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H2,SPF_HELO_PASS autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 5EF0327BBE2 for ; Fri, 19 May 2023 03:02:36 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pzpRV-0000bL-4a; Thu, 18 May 2023 22:02:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pzpRT-0000aj-PE for guix-patches@gnu.org; Thu, 18 May 2023 22:02:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pzpRT-0006Jf-Gs for guix-patches@gnu.org; Thu, 18 May 2023 22:02:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1pzpRT-00074j-CG for guix-patches@gnu.org; Thu, 18 May 2023 22:02:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#63402] [PATCH v5 4/5] services: wireguard: Add a 'configuration' action. Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 19 May 2023 02:02:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 63402 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 63402@debbugs.gnu.org Cc: Maxim Cournoyer Received: via spool by 63402-submit@debbugs.gnu.org id=B63402.168446168627127 (code B ref 63402); Fri, 19 May 2023 02:02:03 +0000 Received: (at 63402) by debbugs.gnu.org; 19 May 2023 02:01:26 +0000 Received: from localhost ([127.0.0.1]:54955 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pzpQr-00073S-OU for submit@debbugs.gnu.org; Thu, 18 May 2023 22:01:25 -0400 Received: from mail-qk1-f174.google.com ([209.85.222.174]:56751) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pzpQp-000730-Re for 63402@debbugs.gnu.org; Thu, 18 May 2023 22:01:24 -0400 Received: by mail-qk1-f174.google.com with SMTP id af79cd13be357-75776686671so148008485a.1 for <63402@debbugs.gnu.org>; Thu, 18 May 2023 19:01:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1684461678; x=1687053678; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=LbMFSR6UqxE7vqkbXGv83WQMr34nNAhGaT/gqxHYOnU=; b=YvDt0c4iwu9FX5JwzhJgHfoT63BRMKt9W8M33KsRPwtdk023FKnI071hbU86njf9WX ACl6C8QROkm6twSUW1k5YjROytcMbIEPAr0Vz47BhiQLw80VnYCMuesyi/mLO4/tiZtY OWOLy6AphDzFIBjBwYIXyC2HjGU9e0n/KgeGdgd0CQI78t8cXZuY+b9Lxom/LvVCFjw2 bTad2qZjlnLrS8Y/wHnFpsqoXeUdCLcvEqimgm7PjVcwi2NDVg9Xcmk/wh9fmaKfZlVk +F27Rw07DGTLkwYC3PJxzyzQAzkRQozKpMQnvuSiVJ4Il4naQFPho0D4umrq19JoMuPS e4yw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684461678; x=1687053678; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LbMFSR6UqxE7vqkbXGv83WQMr34nNAhGaT/gqxHYOnU=; b=fPRUHfRDtlol6QkjGcsx6cb4URZ2J3P6PZ8UeqaaWcY0DQ7Wwbtq8Nx6KsOJ/ixc66 xkca697JEcQ1YkINS88vdOkGiix8raEXpaJaMn2Qd+Bt+50CFbo/Nsp/EZXqlf3WXP3s QVlPp6ro8MS+sa3GWqM8k1nxJ02ebFuHV2McrPNfNKZfxpqcMYpazMNHvc0V0z5nudmo f34xR38DdLf/EvebptkBDPqNHxGtNESBvZYxDCvArqsHNDe+AmzzAX+dt+YiWgu1T3w1 NMRzymCKsI3DBffWbnQMcHGVIgXaLHvREXX0jU7kiyNlQXsfQlGruCEQQUq8z9vXa2MV XODg== X-Gm-Message-State: AC+VfDwJgSLWJf8KJ0F4qC8ahXdFEHl8m7/C74wxoN5xLHmJbSYxQH0n 16XP1MQALVur2XYDsFI24inkzr8rQ0bagA== X-Google-Smtp-Source: ACHHUZ5mNaZgME8/cQ6YPVg0AjrfZk73YlDzFBHDH3uIdyRNrtyj7s/kuecJwZ5+MQc/BFfsyfLxNw== X-Received: by 2002:a05:6214:627:b0:5ee:e28f:ac4a with SMTP id a7-20020a056214062700b005eee28fac4amr1538976qvx.41.1684461678217; Thu, 18 May 2023 19:01:18 -0700 (PDT) Received: from localhost.localdomain (dsl-150-33.b2b2c.ca. [66.158.150.33]) by smtp.gmail.com with ESMTPSA id mg14-20020a056214560e00b0062389d885f5sm964348qvb.47.2023.05.18.19.01.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 May 2023 19:01:17 -0700 (PDT) From: Maxim Cournoyer Date: Thu, 18 May 2023 21:59:16 -0400 Message-Id: X-Mailer: git-send-email 2.40.1 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/services/vpn.scm (wireguard-shepherd-service) [actions]: New field. --- gnu/services/vpn.scm | 1 + 1 file changed, 1 insertion(+) diff --git a/gnu/services/vpn.scm b/gnu/services/vpn.scm index 8740722b6f..e1d9f5f044 100644 --- a/gnu/services/vpn.scm +++ b/gnu/services/vpn.scm @@ -914,6 +914,7 @@ (define (wireguard-shepherd-service config) (stop #~(lambda _ (invoke #$wg-quick "down" #$config) #f)) ;stopped! + (actions (list (shepherd-configuration-action config))) (documentation "Run the Wireguard VPN tunnel")))))) (define (wireguard-monitoring-jobs config) From patchwork Fri May 19 01:59:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Maxim Cournoyer X-Patchwork-Id: 50142 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id B3A4F27BBE9; Fri, 19 May 2023 03:02:25 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 5198A27BBE2 for ; Fri, 19 May 2023 03:02:23 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pzpRW-0000bf-04; Thu, 18 May 2023 22:02:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pzpRU-0000b8-Ga for guix-patches@gnu.org; Thu, 18 May 2023 22:02:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pzpRU-0006Jp-8Q for guix-patches@gnu.org; Thu, 18 May 2023 22:02:04 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1pzpRT-00074r-Rm; Thu, 18 May 2023 22:02:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#63402] [PATCH v5 5/5] gnu: linux-libre: Apply wireguard patch fixing keep-alive bug. Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: leo@famulari.name, me@tobias.gr, guix-patches@gnu.org Resent-Date: Fri, 19 May 2023 02:02:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 63402 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 63402@debbugs.gnu.org Cc: Maxim Cournoyer , Leo Famulari , Tobias Geerinckx-Rice X-Debbugs-Original-Xcc: Leo Famulari , Tobias Geerinckx-Rice Received: via spool by 63402-submit@debbugs.gnu.org id=B63402.168446168927144 (code B ref 63402); Fri, 19 May 2023 02:02:03 +0000 Received: (at 63402) by debbugs.gnu.org; 19 May 2023 02:01:29 +0000 Received: from localhost ([127.0.0.1]:54958 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pzpQv-00073j-1G for submit@debbugs.gnu.org; Thu, 18 May 2023 22:01:29 -0400 Received: from mail-qv1-f48.google.com ([209.85.219.48]:61442) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pzpQs-000738-16 for 63402@debbugs.gnu.org; Thu, 18 May 2023 22:01:27 -0400 Received: by mail-qv1-f48.google.com with SMTP id 6a1803df08f44-5ed99ebe076so22055006d6.2 for <63402@debbugs.gnu.org>; Thu, 18 May 2023 19:01:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1684461680; x=1687053680; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=nk18v72OkXiEgIaJmaInj1e1IAwp3OZ2Gf8kq1v3zUg=; b=iXdrqA686+9E6Trc++mxquHTEmOYw7hxl5x6lLkf8MwP8DkSZZy57vInBnQISHPO0C OJ2iej7OraqE3ntSHFU5KQiyUpBpDYop+Fj2lAToewwp7pDsIqnVMuKQemRehINk/jQQ Ny27iLgUelP2pXB1jvo2Q0wAg2v2PEk710eGuKKdGvqJBJN2+MUx4CS9i1IPfpi3UKC6 s2EYGVsew1uXFNfbFC7aW12hdhE3jNIAHgS0icUDSOEVodOAJxSP+Ik5DGPdQUe7MqGK IePwdcnvnUrTdWcVam6vdHV4djRuxvoLcrGENcRy3y4LGKGH+wh+GHpffdN8VtpI6zeB n+QQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684461680; x=1687053680; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nk18v72OkXiEgIaJmaInj1e1IAwp3OZ2Gf8kq1v3zUg=; b=am9l3+0Vj6sQl19Ae7oUR5OWMmax4OEhVgvUS8F24ZeAqtZGvnH+if6blBc5aNHpml pgPwDNoDsYpsaE27PuImdfLfJ/cHzw2AtgghyXEEWGchu7e+tVS+Ut5cLaT1diWHyGwa QKlcGWxRfFvxE7SyQAJ/G4mHOB+qIrDPZhGZIAQ6//Z7WuZXcF8nCD+BjOBZGaxq4Q3N hz819z6yAGcH0h7zGyDh47A1+5i0PXXJ+P/hXznTrbGzv7V7prrI+09zuLc44dM20BJC p6CP4D/hf8ZIF96wm9I+d484NXqbTJF8jFmPPx3sFci5othZAJ3MbxKzWFE6/8MwuKBe MFJA== X-Gm-Message-State: AC+VfDzo61AIqEgluunqKUkUkESw07sQfEHVOQUlSuZefl/EFddvzM2g MnDa/5IH8tllhTLkm+/ZJUGqDkiVNPke6w== X-Google-Smtp-Source: ACHHUZ7Gft2LO6G2I+EY8FY+JhddaEeq7zNTDpwbKMonCq6g8/KSw7xhYc7STRIRLYUmBo5b1gkmiQ== X-Received: by 2002:a05:6214:d4b:b0:614:9b92:cac1 with SMTP id 11-20020a0562140d4b00b006149b92cac1mr2077997qvr.47.1684461680252; Thu, 18 May 2023 19:01:20 -0700 (PDT) Received: from localhost.localdomain (dsl-150-33.b2b2c.ca. [66.158.150.33]) by smtp.gmail.com with ESMTPSA id mg14-20020a056214560e00b0062389d885f5sm964348qvb.47.2023.05.18.19.01.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 May 2023 19:01:19 -0700 (PDT) From: Maxim Cournoyer Date: Thu, 18 May 2023 21:59:17 -0400 Message-Id: <7ad316feb164d04c47c9f61257f771a1a33209ba.1684461197.git.maxim.cournoyer@gmail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/packages/patches/linux-libre-wireguard-postup-privkey.patch: New patch. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/linux.scm (linux-libre-6.3-source, linux-libre-6.2-source) (linux-libre-6.1-source, linux-libre-5.15-source) (linux-libre-5.10-source): Apply it. --- gnu/local.mk | 1 + gnu/packages/linux.scm | 27 ++-- ...linux-libre-wireguard-postup-privkey.patch | 119 ++++++++++++++++++ 3 files changed, 139 insertions(+), 8 deletions(-) create mode 100644 gnu/packages/patches/linux-libre-wireguard-postup-privkey.patch diff --git a/gnu/local.mk b/gnu/local.mk index 42514ded8e..0b0aafa016 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1515,6 +1515,7 @@ dist_patch_DATA = \ %D%/packages/patches/linphone-desktop-without-sdk.patch \ %D%/packages/patches/linux-libre-infodocs-target.patch \ %D%/packages/patches/linux-libre-support-for-Pinebook-Pro.patch \ + %D%/packages/patches/linux-libre-wireguard-postup-privkey.patch \ %D%/packages/patches/linux-pam-no-setfsuid.patch \ %D%/packages/patches/linux-pam-unix_chkpwd.patch \ %D%/packages/patches/linuxdcpp-openssl-1.1.patch \ diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 1aa87d3965..2780aa47dc 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -34,7 +34,7 @@ ;;; Copyright © 2018 Vasile Dumitrascu ;;; Copyright © 2019 Tim Gesthuizen ;;; Copyright © 2019 mikadoZero -;;; Copyright © 2019, 2020, 2021, 2022 Maxim Cournoyer +;;; Copyright © 2019, 2020, 2021, 2022, 2023 Maxim Cournoyer ;;; Copyright © 2019 Stefan Stefanović ;;; Copyright © 2019-2022 Brice Waegeneire ;;; Copyright © 2019 Kei Kebreau @@ -639,28 +639,39 @@ (define (source-with-patches source patches) (define-public linux-libre-6.3-source (source-with-patches linux-libre-6.3-pristine-source (list %boot-logo-patch - %linux-libre-arm-export-__sync_icache_dcache-patch))) + %linux-libre-arm-export-__sync_icache_dcache-patch + (search-patch + "linux-libre-wireguard-postup-privkey.patch")))) (define-public linux-libre-6.2-source (source-with-patches linux-libre-6.2-pristine-source (list %boot-logo-patch - %linux-libre-arm-export-__sync_icache_dcache-patch))) + %linux-libre-arm-export-__sync_icache_dcache-patch + (search-patch + "linux-libre-wireguard-postup-privkey.patch")))) (define-public linux-libre-6.1-source (source-with-patches linux-libre-6.1-pristine-source - (list %boot-logo-patch - %linux-libre-arm-export-__sync_icache_dcache-patch - (search-patch "linux-libre-infodocs-target.patch")))) + (append + (list %boot-logo-patch + %linux-libre-arm-export-__sync_icache_dcache-patch) + (search-patches + "linux-libre-infodocs-target.patch" + "linux-libre-wireguard-postup-privkey.patch")))) (define-public linux-libre-5.15-source (source-with-patches linux-libre-5.15-pristine-source (list %boot-logo-patch - %linux-libre-arm-export-__sync_icache_dcache-patch))) + %linux-libre-arm-export-__sync_icache_dcache-patch + (search-patch + "linux-libre-wireguard-postup-privkey.patch")))) (define-public linux-libre-5.10-source (source-with-patches linux-libre-5.10-pristine-source (list %boot-logo-patch - %linux-libre-arm-export-__sync_icache_dcache-patch))) + %linux-libre-arm-export-__sync_icache_dcache-patch + (search-patch + "linux-libre-wireguard-postup-privkey.patch")))) (define-public linux-libre-5.4-source (source-with-patches linux-libre-5.4-pristine-source diff --git a/gnu/packages/patches/linux-libre-wireguard-postup-privkey.patch b/gnu/packages/patches/linux-libre-wireguard-postup-privkey.patch new file mode 100644 index 0000000000..a6050499e1 --- /dev/null +++ b/gnu/packages/patches/linux-libre-wireguard-postup-privkey.patch @@ -0,0 +1,119 @@ +From 3ac1bf099766f1e9735883d5127148054cd5b30a Mon Sep 17 00:00:00 2001 +From: "Jason A. Donenfeld" +Date: Thu, 18 May 2023 03:08:44 +0200 +Subject: wireguard: netlink: send staged packets when setting initial private + key + +Packets bound for peers can queue up prior to the device private key +being set. For example, if persistent keepalive is set, a packet is +queued up to be sent as soon as the device comes up. However, if the +private key hasn't been set yet, the handshake message never sends, and +no timer is armed to retry, since that would be pointless. + +But, if a user later sets a private key, the expectation is that those +queued packets, such as a persistent keepalive, are actually sent. So +adjust the configuration logic to account for this edge case, and add a +test case to make sure this works. + +Maxim noticed this with a wg-quick(8) config to the tune of: + + [Interface] + PostUp = wg set %i private-key somefile + + [Peer] + PublicKey = ... + Endpoint = ... + PersistentKeepalive = 25 + +Here, the private key gets set after the device comes up using a PostUp +script, triggering the bug. + +Fixes: e7096c131e51 ("net: WireGuard secure network tunnel") +Cc: stable@vger.kernel.org +Reported-by: Maxim Cournoyer +Link: https://lore.kernel.org/wireguard/87fs7xtqrv.fsf@gmail.com/ +Signed-off-by: Jason A. Donenfeld +--- + drivers/net/wireguard/netlink.c | 14 +++++++++----- + tools/testing/selftests/wireguard/netns.sh | 30 ++++++++++++++++++++++++++---- + 2 files changed, 35 insertions(+), 9 deletions(-) + +diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlink.c +index 43c8c84e7ea8..6d1bd9f52d02 100644 +--- a/drivers/net/wireguard/netlink.c ++++ b/drivers/net/wireguard/netlink.c +@@ -546,6 +546,7 @@ static int wg_set_device(struct sk_buff *skb, struct genl_info *info) + u8 *private_key = nla_data(info->attrs[WGDEVICE_A_PRIVATE_KEY]); + u8 public_key[NOISE_PUBLIC_KEY_LEN]; + struct wg_peer *peer, *temp; ++ bool send_staged_packets; + + if (!crypto_memneq(wg->static_identity.static_private, + private_key, NOISE_PUBLIC_KEY_LEN)) +@@ -564,14 +565,17 @@ static int wg_set_device(struct sk_buff *skb, struct genl_info *info) + } + + down_write(&wg->static_identity.lock); +- wg_noise_set_static_identity_private_key(&wg->static_identity, +- private_key); +- list_for_each_entry_safe(peer, temp, &wg->peer_list, +- peer_list) { ++ send_staged_packets = !wg->static_identity.has_identity && netif_running(wg->dev); ++ wg_noise_set_static_identity_private_key(&wg->static_identity, private_key); ++ send_staged_packets = send_staged_packets && wg->static_identity.has_identity; ++ ++ wg_cookie_checker_precompute_device_keys(&wg->cookie_checker); ++ list_for_each_entry_safe(peer, temp, &wg->peer_list, peer_list) { + wg_noise_precompute_static_static(peer); + wg_noise_expire_current_peer_keypairs(peer); ++ if (send_staged_packets) ++ wg_packet_send_staged_packets(peer); + } +- wg_cookie_checker_precompute_device_keys(&wg->cookie_checker); + up_write(&wg->static_identity.lock); + } + skip_set_private_key: +diff --git a/tools/testing/selftests/wireguard/netns.sh b/tools/testing/selftests/wireguard/netns.sh +index 69c7796c7ca9..405ff262ca93 100755 +--- a/tools/testing/selftests/wireguard/netns.sh ++++ b/tools/testing/selftests/wireguard/netns.sh +@@ -514,10 +514,32 @@ n2 bash -c 'printf 0 > /proc/sys/net/ipv4/conf/all/rp_filter' + n1 ping -W 1 -c 1 192.168.241.2 + [[ $(n2 wg show wg0 endpoints) == "$pub1 10.0.0.3:1" ]] + +-ip1 link del veth1 +-ip1 link del veth3 +-ip1 link del wg0 +-ip2 link del wg0 ++ip1 link del dev veth3 ++ip1 link del dev wg0 ++ip2 link del dev wg0 ++ ++# Make sure persistent keep alives are sent when an adapter comes up ++ip1 link add dev wg0 type wireguard ++n1 wg set wg0 private-key <(echo "$key1") peer "$pub2" endpoint 10.0.0.1:1 persistent-keepalive 1 ++read _ _ tx_bytes < <(n1 wg show wg0 transfer) ++[[ $tx_bytes -eq 0 ]] ++ip1 link set dev wg0 up ++read _ _ tx_bytes < <(n1 wg show wg0 transfer) ++[[ $tx_bytes -gt 0 ]] ++ip1 link del dev wg0 ++# This should also happen even if the private key is set later ++ip1 link add dev wg0 type wireguard ++n1 wg set wg0 peer "$pub2" endpoint 10.0.0.1:1 persistent-keepalive 1 ++read _ _ tx_bytes < <(n1 wg show wg0 transfer) ++[[ $tx_bytes -eq 0 ]] ++ip1 link set dev wg0 up ++read _ _ tx_bytes < <(n1 wg show wg0 transfer) ++[[ $tx_bytes -eq 0 ]] ++n1 wg set wg0 private-key <(echo "$key1") ++read _ _ tx_bytes < <(n1 wg show wg0 transfer) ++[[ $tx_bytes -gt 0 ]] ++ip1 link del dev veth1 ++ip1 link del dev wg0 + + # We test that Netlink/IPC is working properly by doing things that usually cause split responses + ip0 link add dev wg0 type wireguard +-- +cgit v1.2.3-59-g8ed1b +