diff options
| author | Kyle Evans <kevans@FreeBSD.org> | 2021-03-08 01:00:58 +0000 |
|---|---|---|
| committer | Kyle Evans <kevans@FreeBSD.org> | 2021-03-09 11:16:42 +0000 |
| commit | b3dac3913dc90fbc6f909ee5c4a876097cd90791 (patch) | |
| tree | 4a70da8e2cc5633fc091ce8aaa393757c2cc6e43 | |
| parent | 172a8241c9c9a7273a78ad73a32501d3a01afd28 (diff) | |
ifconfig: allow displaying/setting persistent-keepalive
The kernel-side already accepted a persistent-keepalive-interval, so
just add a verb to ifconfig(8) for it and start exporting it so that
ifconfig(8) can view it.
PR: 253790
MFC after: 3 days
Discussed with: decke
| -rw-r--r-- | sbin/ifconfig/ifwg.c | 28 | ||||
| -rw-r--r-- | sys/dev/if_wg/module/module.c | 8 |
2 files changed, 35 insertions, 1 deletions
diff --git a/sbin/ifconfig/ifwg.c b/sbin/ifconfig/ifwg.c index 105ee7ac31d1..86bacc59f50d 100644 --- a/sbin/ifconfig/ifwg.c +++ b/sbin/ifconfig/ifwg.c @@ -280,6 +280,7 @@ dump_peer(const nvlist_t *nvl_peer) char addr_buf[INET6_ADDRSTRLEN]; size_t size; int count, port; + uint16_t persistent_keepalive; printf("[Peer]\n"); if (nvlist_exists_binary(nvl_peer, "public-key")) { @@ -292,7 +293,11 @@ dump_peer(const nvlist_t *nvl_peer) sa_ntop(endpoint, addr_buf, &port); printf("Endpoint = %s:%d\n", addr_buf, ntohs(port)); } - + if (nvlist_exists_number(nvl_peer, "persistent-keepalive-interval")) { + persistent_keepalive = nvlist_get_number(nvl_peer, + "persistent-keepalive-interval"); + printf("PersistentKeepalive = %d\n", persistent_keepalive); + } if (!nvlist_exists_binary(nvl_peer, "allowed-ips")) return; aips = nvlist_get_binary(nvl_peer, "allowed-ips", &size); @@ -476,6 +481,26 @@ DECL_CMD_FUNC(setwgpubkey, val, d) } static +DECL_CMD_FUNC(setwgpersistentkeepalive, val, d) +{ + unsigned long persistent_keepalive; + char *endp; + + if (!do_peer) + errx(1, "setting persistent keepalive only valid when adding peer"); + + errno = 0; + persistent_keepalive = strtoul(val, &endp, 0); + if (errno != 0 || *endp != '\0') + errx(1, "persistent-keepalive must be numeric (seconds)"); + if (persistent_keepalive > USHRT_MAX) + errx(1, "persistent-keepalive '%lu' too large", + persistent_keepalive); + nvlist_add_number(nvl_params, "persistent-keepalive-interval", + persistent_keepalive); +} + +static DECL_CMD_FUNC(setallowedips, val, d) { char *base, *allowedip, *mask; @@ -563,6 +588,7 @@ static struct cmd wireguard_cmds[] = { DEF_CMD("peer-list", 0, peerlist), DEF_CMD("peer", 0, peerstart), DEF_CMD_ARG("public-key", setwgpubkey), + DEF_CMD_ARG("persistent-keepalive", setwgpersistentkeepalive), DEF_CMD_ARG("allowed-ips", setallowedips), DEF_CMD_ARG("endpoint", setendpoint), }; diff --git a/sys/dev/if_wg/module/module.c b/sys/dev/if_wg/module/module.c index 6ae3bf9db022..ad2f17c1e803 100644 --- a/sys/dev/if_wg/module/module.c +++ b/sys/dev/if_wg/module/module.c @@ -75,6 +75,7 @@ struct wg_peer_export { size_t endpoint_sz; struct wg_allowedip *aip; int aip_count; + uint16_t persistent_keepalive; }; static int clone_count; @@ -416,6 +417,9 @@ wg_peer_to_export(struct wg_peer *peer, struct wg_peer_export *exp) memcpy(exp->public_key, peer->p_remote.r_public, sizeof(exp->public_key)); + exp->persistent_keepalive = + peer->p_timers.t_persistent_keepalive_interval; + exp->aip_count = 0; CK_LIST_FOREACH(rt, &peer->p_routes, r_entry) { exp->aip_count++; @@ -458,6 +462,10 @@ wg_peer_export_to_nvl(struct wg_peer_export *exp) nvlist_add_binary(nvl, "allowed-ips", exp->aip, exp->aip_count * sizeof(*exp->aip)); + if (exp->persistent_keepalive != 0) + nvlist_add_number(nvl, "persistent-keepalive-interval", + exp->persistent_keepalive); + return (nvl); } |