mirror of
https://github.com/systemd/systemd
synced 2026-04-09 16:44:51 +02:00
Compare commits
No commits in common. "8feb9fa4f815ed486f725ef83642da70380ceb38" and "bf1e65a4fdb4b13dce6afdbc3ce8d9bbb718322e" have entirely different histories.
8feb9fa4f8
...
bf1e65a4fd
@ -644,7 +644,7 @@ int parse_ip_port(const char *s, uint16_t *ret) {
|
|||||||
uint16_t l;
|
uint16_t l;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
r = safe_atou16_full(s, SAFE_ATO_REFUSE_LEADING_WHITESPACE, &l);
|
r = safe_atou16(s, &l);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
|
|||||||
@ -12,7 +12,6 @@
|
|||||||
#include "sd-resolve.h"
|
#include "sd-resolve.h"
|
||||||
|
|
||||||
#include "alloc-util.h"
|
#include "alloc-util.h"
|
||||||
#include "dns-domain.h"
|
|
||||||
#include "event-util.h"
|
#include "event-util.h"
|
||||||
#include "fd-util.h"
|
#include "fd-util.h"
|
||||||
#include "fileio.h"
|
#include "fileio.h"
|
||||||
@ -25,14 +24,12 @@
|
|||||||
#include "networkd-util.h"
|
#include "networkd-util.h"
|
||||||
#include "parse-util.h"
|
#include "parse-util.h"
|
||||||
#include "path-util.h"
|
#include "path-util.h"
|
||||||
#include "random-util.h"
|
|
||||||
#include "resolve-private.h"
|
#include "resolve-private.h"
|
||||||
#include "string-util.h"
|
#include "string-util.h"
|
||||||
#include "strv.h"
|
#include "strv.h"
|
||||||
#include "wireguard.h"
|
#include "wireguard.h"
|
||||||
|
|
||||||
static void wireguard_resolve_endpoints(NetDev *netdev);
|
static void resolve_endpoints(NetDev *netdev);
|
||||||
static int peer_resolve_endpoint(WireguardPeer *peer);
|
|
||||||
|
|
||||||
static WireguardPeer* wireguard_peer_free(WireguardPeer *peer) {
|
static WireguardPeer* wireguard_peer_free(WireguardPeer *peer) {
|
||||||
WireguardIPmask *mask;
|
WireguardIPmask *mask;
|
||||||
@ -43,6 +40,9 @@ static WireguardPeer* wireguard_peer_free(WireguardPeer *peer) {
|
|||||||
if (peer->wireguard) {
|
if (peer->wireguard) {
|
||||||
LIST_REMOVE(peers, peer->wireguard->peers, peer);
|
LIST_REMOVE(peers, peer->wireguard->peers, peer);
|
||||||
|
|
||||||
|
set_remove(peer->wireguard->peers_with_unresolved_endpoint, peer);
|
||||||
|
set_remove(peer->wireguard->peers_with_failed_endpoint, peer);
|
||||||
|
|
||||||
if (peer->section)
|
if (peer->section)
|
||||||
hashmap_remove(peer->wireguard->peers_by_section, peer->section);
|
hashmap_remove(peer->wireguard->peers_by_section, peer->section);
|
||||||
}
|
}
|
||||||
@ -59,9 +59,6 @@ static WireguardPeer* wireguard_peer_free(WireguardPeer *peer) {
|
|||||||
free(peer->preshared_key_file);
|
free(peer->preshared_key_file);
|
||||||
explicit_bzero_safe(peer->preshared_key, WG_KEY_LEN);
|
explicit_bzero_safe(peer->preshared_key, WG_KEY_LEN);
|
||||||
|
|
||||||
sd_event_source_disable_unref(peer->resolve_retry_event_source);
|
|
||||||
sd_resolve_query_unref(peer->resolve_query);
|
|
||||||
|
|
||||||
return mfree(peer);
|
return mfree(peer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -290,151 +287,142 @@ static int wireguard_set_interface(NetDev *netdev) {
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void wireguard_peer_destroy_callback(WireguardPeer *peer) {
|
||||||
|
NetDev *netdev;
|
||||||
|
|
||||||
|
assert(peer);
|
||||||
|
assert(peer->wireguard);
|
||||||
|
|
||||||
|
netdev = NETDEV(peer->wireguard);
|
||||||
|
|
||||||
|
if (section_is_invalid(peer->section))
|
||||||
|
wireguard_peer_free(peer);
|
||||||
|
|
||||||
|
netdev_unref(netdev);
|
||||||
|
}
|
||||||
|
|
||||||
static int on_resolve_retry(sd_event_source *s, usec_t usec, void *userdata) {
|
static int on_resolve_retry(sd_event_source *s, usec_t usec, void *userdata) {
|
||||||
WireguardPeer *peer = userdata;
|
NetDev *netdev = userdata;
|
||||||
NetDev *netdev;
|
|
||||||
|
|
||||||
assert(peer);
|
|
||||||
assert(peer->wireguard);
|
|
||||||
|
|
||||||
netdev = NETDEV(peer->wireguard);
|
|
||||||
|
|
||||||
if (!netdev_is_managed(netdev))
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
peer->resolve_query = sd_resolve_query_unref(peer->resolve_query);
|
|
||||||
|
|
||||||
(void) peer_resolve_endpoint(peer);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static usec_t peer_next_resolve_usec(WireguardPeer *peer) {
|
|
||||||
usec_t usec;
|
|
||||||
|
|
||||||
/* Given the number of retries this function will return an exponential increasing amount of
|
|
||||||
* milliseconds to wait starting at 200ms and capped at 25 seconds. */
|
|
||||||
|
|
||||||
assert(peer);
|
|
||||||
|
|
||||||
usec = (2 << MIN(peer->n_retries, 7U)) * 100 * USEC_PER_MSEC;
|
|
||||||
|
|
||||||
return random_u64_range(usec / 10) + usec * 9 / 10;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int wireguard_peer_resolve_handler(
|
|
||||||
sd_resolve_query *q,
|
|
||||||
int ret,
|
|
||||||
const struct addrinfo *ai,
|
|
||||||
void *userdata) {
|
|
||||||
|
|
||||||
WireguardPeer *peer = userdata;
|
|
||||||
NetDev *netdev;
|
|
||||||
int r;
|
|
||||||
|
|
||||||
assert(peer);
|
|
||||||
assert(peer->wireguard);
|
|
||||||
|
|
||||||
netdev = NETDEV(peer->wireguard);
|
|
||||||
|
|
||||||
if (!netdev_is_managed(netdev))
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
if (ret != 0) {
|
|
||||||
log_netdev_warning(netdev, "Failed to resolve host '%s:%s', ignoring: %s",
|
|
||||||
peer->endpoint_host, peer->endpoint_port, gai_strerror(ret));
|
|
||||||
peer->n_retries++;
|
|
||||||
|
|
||||||
} else {
|
|
||||||
bool found = false;
|
|
||||||
for (; ai; ai = ai->ai_next) {
|
|
||||||
if (!IN_SET(ai->ai_family, AF_INET, AF_INET6))
|
|
||||||
continue;
|
|
||||||
|
|
||||||
if (ai->ai_addrlen != (ai->ai_family == AF_INET ? sizeof(struct sockaddr_in) : sizeof(struct sockaddr_in6)))
|
|
||||||
continue;
|
|
||||||
|
|
||||||
memcpy(&peer->endpoint, ai->ai_addr, ai->ai_addrlen);
|
|
||||||
(void) wireguard_set_interface(netdev);
|
|
||||||
peer->n_retries = 0;
|
|
||||||
found = true;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!found) {
|
|
||||||
log_netdev_warning(netdev, "Neither IPv4 nor IPv6 address found for peer endpoint %s:%s, ignoring the endpoint.",
|
|
||||||
peer->endpoint_host, peer->endpoint_port);
|
|
||||||
peer->n_retries++;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (peer->n_retries > 0) {
|
|
||||||
r = event_reset_time_relative(netdev->manager->event,
|
|
||||||
&peer->resolve_retry_event_source,
|
|
||||||
clock_boottime_or_monotonic(),
|
|
||||||
peer_next_resolve_usec(peer), 0,
|
|
||||||
on_resolve_retry, peer, 0, "wireguard-resolve-retry", true);
|
|
||||||
if (r < 0)
|
|
||||||
log_netdev_warning_errno(netdev, r, "Could not arm resolve retry handler for endpoint %s:%s, ignoring: %m",
|
|
||||||
peer->endpoint_host, peer->endpoint_port);
|
|
||||||
}
|
|
||||||
|
|
||||||
wireguard_resolve_endpoints(netdev);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int peer_resolve_endpoint(WireguardPeer *peer) {
|
|
||||||
static const struct addrinfo hints = {
|
|
||||||
.ai_family = AF_UNSPEC,
|
|
||||||
.ai_socktype = SOCK_DGRAM,
|
|
||||||
.ai_protocol = IPPROTO_UDP
|
|
||||||
};
|
|
||||||
NetDev *netdev;
|
|
||||||
int r;
|
|
||||||
|
|
||||||
assert(peer);
|
|
||||||
assert(peer->wireguard);
|
|
||||||
|
|
||||||
netdev = NETDEV(peer->wireguard);
|
|
||||||
|
|
||||||
if (!peer->endpoint_host || !peer->endpoint_port)
|
|
||||||
/* Not necessary to resolve the endpoint. */
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
if (event_source_is_enabled(peer->resolve_retry_event_source) > 0)
|
|
||||||
/* Timer event source is enabled. The endpoint will be resolved later. */
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
if (peer->resolve_query)
|
|
||||||
/* Being resolved, or already resolved. */
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
r = sd_resolve_getaddrinfo(netdev->manager->resolve,
|
|
||||||
&peer->resolve_query,
|
|
||||||
peer->endpoint_host,
|
|
||||||
peer->endpoint_port,
|
|
||||||
&hints,
|
|
||||||
wireguard_peer_resolve_handler,
|
|
||||||
peer);
|
|
||||||
if (r < 0)
|
|
||||||
return log_netdev_full_errno(netdev, r == -ENOBUFS ? LOG_DEBUG : LOG_WARNING, r,
|
|
||||||
"Failed to create endpoint resolver for %s:%s, ignoring: %m",
|
|
||||||
peer->endpoint_host, peer->endpoint_port);
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static void wireguard_resolve_endpoints(NetDev *netdev) {
|
|
||||||
WireguardPeer *peer;
|
|
||||||
Wireguard *w;
|
Wireguard *w;
|
||||||
|
|
||||||
assert(netdev);
|
assert(netdev);
|
||||||
w = WIREGUARD(netdev);
|
w = WIREGUARD(netdev);
|
||||||
assert(w);
|
assert(w);
|
||||||
|
|
||||||
LIST_FOREACH(peers, peer, w->peers)
|
if (!netdev_is_managed(netdev))
|
||||||
if (peer_resolve_endpoint(peer) == -ENOBUFS)
|
return 0;
|
||||||
/* Too many requests. Let's resolve remaining endpoints later. */
|
|
||||||
|
assert(set_isempty(w->peers_with_unresolved_endpoint));
|
||||||
|
|
||||||
|
SWAP_TWO(w->peers_with_unresolved_endpoint, w->peers_with_failed_endpoint);
|
||||||
|
|
||||||
|
resolve_endpoints(netdev);
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Given the number of retries this function will return will an exponential
|
||||||
|
* increasing time in milliseconds to wait starting at 200ms and capped at 25 seconds.
|
||||||
|
*/
|
||||||
|
static int exponential_backoff_milliseconds(unsigned n_retries) {
|
||||||
|
return (2 << MIN(n_retries, 7U)) * 100 * USEC_PER_MSEC;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int wireguard_resolve_handler(sd_resolve_query *q,
|
||||||
|
int ret,
|
||||||
|
const struct addrinfo *ai,
|
||||||
|
WireguardPeer *peer) {
|
||||||
|
NetDev *netdev;
|
||||||
|
Wireguard *w;
|
||||||
|
int r;
|
||||||
|
|
||||||
|
assert(peer);
|
||||||
|
assert(peer->wireguard);
|
||||||
|
|
||||||
|
w = peer->wireguard;
|
||||||
|
netdev = NETDEV(w);
|
||||||
|
|
||||||
|
if (!netdev_is_managed(netdev))
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
if (ret != 0) {
|
||||||
|
log_netdev_error(netdev, "Failed to resolve host '%s:%s': %s", peer->endpoint_host, peer->endpoint_port, gai_strerror(ret));
|
||||||
|
|
||||||
|
r = set_ensure_put(&w->peers_with_failed_endpoint, NULL, peer);
|
||||||
|
if (r < 0) {
|
||||||
|
log_netdev_error(netdev, "Failed to save a peer, dropping the peer: %m");
|
||||||
|
peer->section->invalid = true;
|
||||||
|
goto resolve_next;
|
||||||
|
}
|
||||||
|
|
||||||
|
} else if ((ai->ai_family == AF_INET && ai->ai_addrlen == sizeof(struct sockaddr_in)) ||
|
||||||
|
(ai->ai_family == AF_INET6 && ai->ai_addrlen == sizeof(struct sockaddr_in6)))
|
||||||
|
memcpy(&peer->endpoint, ai->ai_addr, ai->ai_addrlen);
|
||||||
|
else
|
||||||
|
log_netdev_error(netdev, "Neither IPv4 nor IPv6 address found for peer endpoint %s:%s, ignoring the address.",
|
||||||
|
peer->endpoint_host, peer->endpoint_port);
|
||||||
|
|
||||||
|
resolve_next:
|
||||||
|
if (!set_isempty(w->peers_with_unresolved_endpoint)) {
|
||||||
|
resolve_endpoints(netdev);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
(void) wireguard_set_interface(netdev);
|
||||||
|
|
||||||
|
if (!set_isempty(w->peers_with_failed_endpoint)) {
|
||||||
|
usec_t usec;
|
||||||
|
|
||||||
|
w->n_retries++;
|
||||||
|
usec = usec_add(now(CLOCK_MONOTONIC), exponential_backoff_milliseconds(w->n_retries));
|
||||||
|
r = event_reset_time(netdev->manager->event, &w->resolve_retry_event_source,
|
||||||
|
CLOCK_MONOTONIC, usec, 0, on_resolve_retry, netdev,
|
||||||
|
0, "wireguard-resolve-retry", true);
|
||||||
|
if (r < 0) {
|
||||||
|
log_netdev_warning_errno(netdev, r, "Could not arm resolve retry handler: %m");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void resolve_endpoints(NetDev *netdev) {
|
||||||
|
static const struct addrinfo hints = {
|
||||||
|
.ai_family = AF_UNSPEC,
|
||||||
|
.ai_socktype = SOCK_DGRAM,
|
||||||
|
.ai_protocol = IPPROTO_UDP
|
||||||
|
};
|
||||||
|
WireguardPeer *peer;
|
||||||
|
Wireguard *w;
|
||||||
|
int r;
|
||||||
|
|
||||||
|
assert(netdev);
|
||||||
|
w = WIREGUARD(netdev);
|
||||||
|
assert(w);
|
||||||
|
|
||||||
|
SET_FOREACH(peer, w->peers_with_unresolved_endpoint) {
|
||||||
|
r = resolve_getaddrinfo(netdev->manager->resolve,
|
||||||
|
NULL,
|
||||||
|
peer->endpoint_host,
|
||||||
|
peer->endpoint_port,
|
||||||
|
&hints,
|
||||||
|
wireguard_resolve_handler,
|
||||||
|
wireguard_peer_destroy_callback,
|
||||||
|
peer);
|
||||||
|
if (r == -ENOBUFS)
|
||||||
break;
|
break;
|
||||||
|
if (r < 0) {
|
||||||
|
log_netdev_error_errno(netdev, r, "Failed to create resolver: %m");
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Avoid freeing netdev. It will be unrefed by the destroy callback. */
|
||||||
|
netdev_ref(netdev);
|
||||||
|
|
||||||
|
(void) set_remove(w->peers_with_unresolved_endpoint, peer);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static int netdev_wireguard_post_create(NetDev *netdev, Link *link, sd_netlink_message *m) {
|
static int netdev_wireguard_post_create(NetDev *netdev, Link *link, sd_netlink_message *m) {
|
||||||
@ -442,7 +430,7 @@ static int netdev_wireguard_post_create(NetDev *netdev, Link *link, sd_netlink_m
|
|||||||
assert(WIREGUARD(netdev));
|
assert(WIREGUARD(netdev));
|
||||||
|
|
||||||
(void) wireguard_set_interface(netdev);
|
(void) wireguard_set_interface(netdev);
|
||||||
wireguard_resolve_endpoints(netdev);
|
resolve_endpoints(netdev);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -735,85 +723,65 @@ int config_parse_wireguard_endpoint(
|
|||||||
void *userdata) {
|
void *userdata) {
|
||||||
|
|
||||||
_cleanup_(wireguard_peer_free_or_set_invalidp) WireguardPeer *peer = NULL;
|
_cleanup_(wireguard_peer_free_or_set_invalidp) WireguardPeer *peer = NULL;
|
||||||
_cleanup_free_ char *host = NULL;
|
const char *begin, *end;
|
||||||
union in_addr_union addr;
|
|
||||||
const char *p;
|
|
||||||
uint16_t port;
|
|
||||||
Wireguard *w;
|
Wireguard *w;
|
||||||
int family, r;
|
size_t len;
|
||||||
|
int r;
|
||||||
|
|
||||||
assert(filename);
|
assert(data);
|
||||||
assert(rvalue);
|
assert(rvalue);
|
||||||
assert(userdata);
|
|
||||||
|
|
||||||
w = WIREGUARD(userdata);
|
w = WIREGUARD(data);
|
||||||
assert(w);
|
assert(w);
|
||||||
|
|
||||||
r = wireguard_peer_new_static(w, filename, section_line, &peer);
|
if (rvalue[0] == '[') {
|
||||||
if (r < 0)
|
begin = &rvalue[1];
|
||||||
return log_oom();
|
end = strchr(rvalue, ']');
|
||||||
|
if (!end) {
|
||||||
r = in_addr_port_ifindex_name_from_string_auto(rvalue, &family, &addr, &port, NULL, NULL);
|
log_syntax(unit, LOG_WARNING, filename, line, 0,
|
||||||
if (r >= 0) {
|
"Unable to find matching brace of endpoint, ignoring assignment: %s",
|
||||||
if (family == AF_INET)
|
rvalue);
|
||||||
peer->endpoint.in = (struct sockaddr_in) {
|
|
||||||
.sin_family = AF_INET,
|
|
||||||
.sin_addr = addr.in,
|
|
||||||
.sin_port = htobe16(port),
|
|
||||||
};
|
|
||||||
else if (family == AF_INET6)
|
|
||||||
peer->endpoint.in6 = (struct sockaddr_in6) {
|
|
||||||
.sin6_family = AF_INET6,
|
|
||||||
.sin6_addr = addr.in6,
|
|
||||||
.sin6_port = htobe16(port),
|
|
||||||
};
|
|
||||||
else
|
|
||||||
assert_not_reached();
|
|
||||||
|
|
||||||
peer->endpoint_host = mfree(peer->endpoint_host);
|
|
||||||
peer->endpoint_port = mfree(peer->endpoint_port);
|
|
||||||
|
|
||||||
TAKE_PTR(peer);
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
len = end - begin;
|
||||||
p = strrchr(rvalue, ':');
|
++end;
|
||||||
if (!p) {
|
if (*end != ':' || !*(end + 1)) {
|
||||||
log_syntax(unit, LOG_WARNING, filename, line, 0,
|
log_syntax(unit, LOG_WARNING, filename, line, 0,
|
||||||
"Unable to find port of endpoint, ignoring assignment: %s",
|
"Unable to find port of endpoint, ignoring assignment: %s",
|
||||||
rvalue);
|
rvalue);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
++end;
|
||||||
host = strndup(rvalue, p - rvalue);
|
} else {
|
||||||
if (!host)
|
begin = rvalue;
|
||||||
return log_oom();
|
end = strrchr(rvalue, ':');
|
||||||
|
if (!end || !*(end + 1)) {
|
||||||
if (!dns_name_is_valid(host)) {
|
|
||||||
log_syntax(unit, LOG_WARNING, filename, line, 0,
|
log_syntax(unit, LOG_WARNING, filename, line, 0,
|
||||||
"Invalid domain name of endpoint, ignoring assignment: %s",
|
"Unable to find port of endpoint, ignoring assignment: %s",
|
||||||
rvalue);
|
rvalue);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
len = end - begin;
|
||||||
p++;
|
++end;
|
||||||
r = parse_ip_port(p, &port);
|
|
||||||
if (r < 0) {
|
|
||||||
log_syntax(unit, LOG_WARNING, filename, line, r,
|
|
||||||
"Invalid port of endpoint, ignoring assignment: %s",
|
|
||||||
rvalue);
|
|
||||||
return 0;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
peer->endpoint = (union sockaddr_union) {};
|
r = wireguard_peer_new_static(w, filename, section_line, &peer);
|
||||||
|
|
||||||
free_and_replace(peer->endpoint_host, host);
|
|
||||||
|
|
||||||
r = free_and_strdup(&peer->endpoint_port, p);
|
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_oom();
|
return log_oom();
|
||||||
|
|
||||||
|
r = free_and_strndup(&peer->endpoint_host, begin, len);
|
||||||
|
if (r < 0)
|
||||||
|
return log_oom();
|
||||||
|
|
||||||
|
r = free_and_strdup(&peer->endpoint_port, end);
|
||||||
|
if (r < 0)
|
||||||
|
return log_oom();
|
||||||
|
|
||||||
|
r = set_ensure_put(&w->peers_with_unresolved_endpoint, NULL, peer);
|
||||||
|
if (r < 0)
|
||||||
|
return log_oom();
|
||||||
TAKE_PTR(peer); /* The peer may already have been in the hash map, that is fine too. */
|
TAKE_PTR(peer); /* The peer may already have been in the hash map, that is fine too. */
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1060,10 +1028,14 @@ static void wireguard_done(NetDev *netdev) {
|
|||||||
w = WIREGUARD(netdev);
|
w = WIREGUARD(netdev);
|
||||||
assert(w);
|
assert(w);
|
||||||
|
|
||||||
|
sd_event_source_unref(w->resolve_retry_event_source);
|
||||||
|
|
||||||
explicit_bzero_safe(w->private_key, WG_KEY_LEN);
|
explicit_bzero_safe(w->private_key, WG_KEY_LEN);
|
||||||
free(w->private_key_file);
|
free(w->private_key_file);
|
||||||
|
|
||||||
hashmap_free_with_destructor(w->peers_by_section, wireguard_peer_free);
|
hashmap_free_with_destructor(w->peers_by_section, wireguard_peer_free);
|
||||||
|
set_free(w->peers_with_unresolved_endpoint);
|
||||||
|
set_free(w->peers_with_failed_endpoint);
|
||||||
|
|
||||||
set_free(w->routes);
|
set_free(w->routes);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -7,9 +7,6 @@ typedef struct Wireguard Wireguard;
|
|||||||
#include <netinet/in.h>
|
#include <netinet/in.h>
|
||||||
#include <linux/wireguard.h>
|
#include <linux/wireguard.h>
|
||||||
|
|
||||||
#include "sd-event.h"
|
|
||||||
#include "sd-resolve.h"
|
|
||||||
|
|
||||||
#include "in-addr-util.h"
|
#include "in-addr-util.h"
|
||||||
#include "netdev.h"
|
#include "netdev.h"
|
||||||
#include "socket-util.h"
|
#include "socket-util.h"
|
||||||
@ -36,10 +33,6 @@ typedef struct WireguardPeer {
|
|||||||
char *endpoint_host;
|
char *endpoint_host;
|
||||||
char *endpoint_port;
|
char *endpoint_port;
|
||||||
|
|
||||||
unsigned n_retries;
|
|
||||||
sd_event_source *resolve_retry_event_source;
|
|
||||||
sd_resolve_query *resolve_query;
|
|
||||||
|
|
||||||
uint32_t route_table;
|
uint32_t route_table;
|
||||||
uint32_t route_priority;
|
uint32_t route_priority;
|
||||||
bool route_table_set;
|
bool route_table_set;
|
||||||
@ -60,8 +53,14 @@ struct Wireguard {
|
|||||||
uint32_t fwmark;
|
uint32_t fwmark;
|
||||||
|
|
||||||
Hashmap *peers_by_section;
|
Hashmap *peers_by_section;
|
||||||
|
Set *peers_with_unresolved_endpoint;
|
||||||
|
Set *peers_with_failed_endpoint;
|
||||||
|
|
||||||
LIST_HEAD(WireguardPeer, peers);
|
LIST_HEAD(WireguardPeer, peers);
|
||||||
|
|
||||||
|
unsigned n_retries;
|
||||||
|
sd_event_source *resolve_retry_event_source;
|
||||||
|
|
||||||
Set *routes;
|
Set *routes;
|
||||||
uint32_t route_table;
|
uint32_t route_table;
|
||||||
uint32_t route_priority;
|
uint32_t route_priority;
|
||||||
|
|||||||
@ -1394,6 +1394,20 @@ int manager_rtnl_process_address(sd_netlink *rtnl, sd_netlink_message *message,
|
|||||||
address->scope = tmp->scope;
|
address->scope = tmp->scope;
|
||||||
address_set_lifetime(address, &cinfo);
|
address_set_lifetime(address, &cinfo);
|
||||||
address_enter_configured(address);
|
address_enter_configured(address);
|
||||||
|
|
||||||
|
if (address->family == AF_INET6 &&
|
||||||
|
address->source == NETWORK_CONFIG_SOURCE_FOREIGN &&
|
||||||
|
FLAGS_SET(address->flags, IFA_F_SECONDARY | IFA_F_DEPRECATED)) {
|
||||||
|
|
||||||
|
/* The temporary address became deprecated, i.e. preferred lifetime == 0. */
|
||||||
|
log_address_debug(address, "Received deprecated", link);
|
||||||
|
r = address_remove(address);
|
||||||
|
if (r < 0)
|
||||||
|
link_enter_failed(link);
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
log_address_debug(address, "Received updated", link);
|
log_address_debug(address, "Received updated", link);
|
||||||
} else {
|
} else {
|
||||||
address_set_lifetime(tmp, &cinfo);
|
address_set_lifetime(tmp, &cinfo);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user