diff options
| author | diogo464 <[email protected]> | 2026-02-15 22:05:57 +0000 |
|---|---|---|
| committer | diogo464 <[email protected]> | 2026-02-15 22:05:57 +0000 |
| commit | 56ac8740b79e291eabe6427d722921533b3a9837 (patch) | |
| tree | c244662e382263efec95d6ac445cfc9f987e4758 /src/setup.rs | |
| parent | 75ccbd675c22fb3275c5763518c3b97819db4c53 (diff) | |
updated dependencies
Diffstat (limited to 'src/setup.rs')
| -rw-r--r-- | src/setup.rs | 108 |
1 files changed, 75 insertions, 33 deletions
diff --git a/src/setup.rs b/src/setup.rs index e7d454c..c36772f 100644 --- a/src/setup.rs +++ b/src/setup.rs | |||
| @@ -2,13 +2,46 @@ use std::net::{IpAddr, SocketAddr}; | |||
| 2 | 2 | ||
| 3 | use ipnet::IpNet; | 3 | use ipnet::IpNet; |
| 4 | use netlink_packet_wireguard::{ | 4 | use netlink_packet_wireguard::{ |
| 5 | constants::{AF_INET, AF_INET6, WGDEVICE_F_REPLACE_PEERS, WGPEER_F_REPLACE_ALLOWEDIPS}, | 5 | WireguardAddressFamily, WireguardAllowedIp, WireguardAllowedIpAttr, WireguardAttribute, |
| 6 | nlas::{WgAllowedIp, WgAllowedIpAttrs, WgDeviceAttrs, WgPeer, WgPeerAttrs}, | 6 | WireguardCmd, WireguardMessage, WireguardPeer, WireguardPeerAttribute, |
| 7 | Wireguard, WireguardCmd, | ||
| 8 | }; | 7 | }; |
| 9 | 8 | ||
| 10 | use super::Key; | 9 | use super::Key; |
| 11 | 10 | ||
| 11 | #[allow(unused)] | ||
| 12 | mod constants { | ||
| 13 | // this is copy pasted from the netlink_packet_wireguard's constants module because for some reason | ||
| 14 | // they stopped exposing constants in commit 3067a394fc7bc28fadbed5359c44cce95aac0f13 | ||
| 15 | pub const WGDEVICE_F_REPLACE_PEERS: u32 = 1 << 0; | ||
| 16 | |||
| 17 | pub const WGPEER_F_REMOVE_ME: u32 = 1 << 0; | ||
| 18 | pub const WGPEER_F_REPLACE_ALLOWEDIPS: u32 = 1 << 1; | ||
| 19 | pub const WGPEER_F_UPDATE_ONLY: u32 = 1 << 2; | ||
| 20 | |||
| 21 | pub const WGPEER_A_UNSPEC: u16 = 0; | ||
| 22 | pub const WGPEER_A_PUBLIC_KEY: u16 = 1; | ||
| 23 | pub const WGPEER_A_PRESHARED_KEY: u16 = 2; | ||
| 24 | pub const WGPEER_A_FLAGS: u16 = 3; | ||
| 25 | pub const WGPEER_A_ENDPOINT: u16 = 4; | ||
| 26 | pub const WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL: u16 = 5; | ||
| 27 | pub const WGPEER_A_LAST_HANDSHAKE_TIME: u16 = 6; | ||
| 28 | pub const WGPEER_A_RX_BYTES: u16 = 7; | ||
| 29 | pub const WGPEER_A_TX_BYTES: u16 = 8; | ||
| 30 | pub const WGPEER_A_ALLOWEDIPS: u16 = 9; | ||
| 31 | pub const WGPEER_A_PROTOCOL_VERSION: u16 = 10; | ||
| 32 | |||
| 33 | pub const WGALLOWEDIP_A_UNSPEC: u16 = 0; | ||
| 34 | pub const WGALLOWEDIP_A_FAMILY: u16 = 1; | ||
| 35 | pub const WGALLOWEDIP_A_IPADDR: u16 = 2; | ||
| 36 | pub const WGALLOWEDIP_A_CIDR_MASK: u16 = 3; | ||
| 37 | |||
| 38 | pub const AF_INET6: u16 = 10; | ||
| 39 | pub const AF_INET: u16 = 2; | ||
| 40 | } | ||
| 41 | |||
| 42 | #[allow(unused)] | ||
| 43 | pub(crate) use constants::*; | ||
| 44 | |||
| 12 | #[derive(Debug)] | 45 | #[derive(Debug)] |
| 13 | pub struct PeerDescriptor { | 46 | pub struct PeerDescriptor { |
| 14 | pub(super) public_key: Key, | 47 | pub(super) public_key: Key, |
| @@ -87,20 +120,25 @@ impl PeerDescriptor { | |||
| 87 | self | 120 | self |
| 88 | } | 121 | } |
| 89 | 122 | ||
| 90 | pub(super) fn into_wireguard(self) -> WgPeer { | 123 | pub(super) fn into_wireguard(self) -> WireguardPeer { |
| 91 | let mut nlas = Vec::new(); | 124 | let mut attributes = Vec::new(); |
| 92 | nlas.push(WgPeerAttrs::PublicKey(self.public_key.into_array())); | 125 | attributes.push(WireguardPeerAttribute::PublicKey( |
| 93 | nlas.extend( | 126 | self.public_key.into_array(), |
| 127 | )); | ||
| 128 | attributes.extend( | ||
| 94 | self.preshared_key | 129 | self.preshared_key |
| 95 | .map(|key| WgPeerAttrs::PresharedKey(key.into_array())), | 130 | .map(|key| WireguardPeerAttribute::PresharedKey(key.into_array())), |
| 96 | ); | 131 | ); |
| 97 | nlas.extend(self.endpoint.map(WgPeerAttrs::Endpoint)); | 132 | attributes.extend(self.endpoint.map(WireguardPeerAttribute::Endpoint)); |
| 98 | nlas.extend(self.keepalive.map(WgPeerAttrs::PersistentKeepalive)); | 133 | attributes.extend( |
| 99 | nlas.extend(self.allowed_ips.map(|allowed_ips| { | 134 | self.keepalive |
| 100 | WgPeerAttrs::AllowedIps(allowed_ips.into_iter().map(ipnet_to_wg).collect()) | 135 | .map(WireguardPeerAttribute::PersistentKeepalive), |
| 136 | ); | ||
| 137 | attributes.extend(self.allowed_ips.map(|allowed_ips| { | ||
| 138 | WireguardPeerAttribute::AllowedIps(allowed_ips.into_iter().map(ipnet_to_wg).collect()) | ||
| 101 | })); | 139 | })); |
| 102 | nlas.push(WgPeerAttrs::Flags(WGPEER_F_REPLACE_ALLOWEDIPS)); | 140 | attributes.push(WireguardPeerAttribute::Flags(WGPEER_F_REPLACE_ALLOWEDIPS)); |
| 103 | WgPeer(nlas) | 141 | WireguardPeer(attributes) |
| 104 | } | 142 | } |
| 105 | } | 143 | } |
| 106 | 144 | ||
| @@ -174,39 +212,43 @@ impl DeviceDescriptor { | |||
| 174 | self | 212 | self |
| 175 | } | 213 | } |
| 176 | 214 | ||
| 177 | pub(super) fn into_wireguard(self, device_name: String) -> Wireguard { | 215 | pub(super) fn into_wireguard(self, device_name: String) -> WireguardMessage { |
| 178 | let mut nlas = Vec::new(); | 216 | let mut attributes = Vec::new(); |
| 179 | nlas.push(WgDeviceAttrs::IfName(device_name)); | 217 | attributes.push(WireguardAttribute::IfName(device_name)); |
| 180 | nlas.extend( | 218 | attributes.extend( |
| 181 | self.private_key | 219 | self.private_key |
| 182 | .map(|key| WgDeviceAttrs::PrivateKey(key.into_array())), | 220 | .map(|key| WireguardAttribute::PrivateKey(key.into_array())), |
| 183 | ); | 221 | ); |
| 184 | nlas.extend(self.listen_port.map(WgDeviceAttrs::ListenPort)); | 222 | attributes.extend(self.listen_port.map(WireguardAttribute::ListenPort)); |
| 185 | nlas.extend(self.fwmark.map(WgDeviceAttrs::Fwmark)); | 223 | attributes.extend(self.fwmark.map(WireguardAttribute::Fwmark)); |
| 186 | nlas.extend(self.peers.map(|peers| { | 224 | attributes.extend(self.peers.map(|peers| { |
| 187 | WgDeviceAttrs::Peers( | 225 | WireguardAttribute::Peers( |
| 188 | peers | 226 | peers |
| 189 | .into_iter() | 227 | .into_iter() |
| 190 | .map(PeerDescriptor::into_wireguard) | 228 | .map(PeerDescriptor::into_wireguard) |
| 191 | .collect(), | 229 | .collect(), |
| 192 | ) | 230 | ) |
| 193 | })); | 231 | })); |
| 194 | nlas.push(WgDeviceAttrs::Flags(WGDEVICE_F_REPLACE_PEERS)); | 232 | attributes.push(WireguardAttribute::Flags(WGDEVICE_F_REPLACE_PEERS)); |
| 195 | 233 | ||
| 196 | Wireguard { | 234 | WireguardMessage { |
| 197 | cmd: WireguardCmd::SetDevice, | 235 | cmd: WireguardCmd::SetDevice, |
| 198 | nlas, | 236 | attributes, |
| 199 | } | 237 | } |
| 200 | } | 238 | } |
| 201 | } | 239 | } |
| 202 | 240 | ||
| 203 | fn ipnet_to_wg(net: IpNet) -> WgAllowedIp { | 241 | fn ipnet_to_wg(net: IpNet) -> WireguardAllowedIp { |
| 204 | let mut nlas = Vec::default(); | 242 | let mut attributes = Vec::default(); |
| 205 | nlas.push(WgAllowedIpAttrs::Cidr(net.prefix_len())); | 243 | attributes.push(WireguardAllowedIpAttr::Cidr(net.prefix_len())); |
| 206 | nlas.push(WgAllowedIpAttrs::IpAddr(net.addr())); | 244 | attributes.push(WireguardAllowedIpAttr::IpAddr(net.addr())); |
| 207 | match net.addr() { | 245 | match net.addr() { |
| 208 | IpAddr::V4(_) => nlas.push(WgAllowedIpAttrs::Family(AF_INET)), | 246 | IpAddr::V4(_) => { |
| 209 | IpAddr::V6(_) => nlas.push(WgAllowedIpAttrs::Family(AF_INET6)), | 247 | attributes.push(WireguardAllowedIpAttr::Family(WireguardAddressFamily::Ipv4)) |
| 248 | } | ||
| 249 | IpAddr::V6(_) => { | ||
| 250 | attributes.push(WireguardAllowedIpAttr::Family(WireguardAddressFamily::Ipv6)) | ||
| 251 | } | ||
| 210 | } | 252 | } |
| 211 | WgAllowedIp(nlas) | 253 | WireguardAllowedIp(attributes) |
| 212 | } | 254 | } |