updated dependencies

author: diogo464 <[email protected]> 2026-02-15 22:05:57 +0000
committer: diogo464 <[email protected]> 2026-02-15 22:05:57 +0000
commit: 56ac8740b79e291eabe6427d722921533b3a9837 (patch)
tree: c244662e382263efec95d6ac445cfc9f987e4758 /src
parent: 75ccbd675c22fb3275c5763518c3b97819db4c53 (diff)
4 files changed, 168 insertions, 99 deletions
diff --git a/src/key.rs b/src/key.rs
index 19bc127..49f9284 100644
--- a/src/key.rs
+++ b/src/key.rs
@@ -1,7 +1,8 @@
 use base64::Engine;
-use netlink_packet_wireguard::constants::WG_KEY_LEN;
 use rand::{rngs::OsRng, RngCore};
+const WG_KEY_LEN: usize = netlink_packet_wireguard::WireguardAttribute::WG_KEY_LEN;
 // Code from: https://git.zx2c4.com/wireguard-tools/tree/contrib/embeddable-wg-library/wireguard.c
 type Fe = [i64; 16];
diff --git a/src/lib.rs b/src/lib.rs
index c47d618..8ba36eb 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -3,18 +3,18 @@ mod key;
 mod setup;
 mod view;
-use std::borrow::Cow;
+use std::{
+    borrow::Cow,
+    net::{Ipv4Addr, Ipv6Addr},
+};
 use futures::{StreamExt, TryStreamExt};
 use genetlink::{GenetlinkError, GenetlinkHandle};
 use netlink_packet_core::{NetlinkMessage, NetlinkPayload, NLM_F_ACK, NLM_F_DUMP, NLM_F_REQUEST};
 use netlink_packet_generic::GenlMessage;
-use netlink_packet_route::{
+use netlink_packet_route::{link::LinkAttribute, route::RouteScope};
-    link::{InfoKind, LinkAttribute, LinkInfo},
+use netlink_packet_wireguard::{WireguardAttribute, WireguardCmd, WireguardMessage};
-    route::RouteScope,
+use rtnetlink::{Handle, LinkMessageBuilder, LinkSetRequest, LinkWireguard, RouteMessageBuilder};
-};
-use netlink_packet_wireguard::{nlas::WgDeviceAttrs, Wireguard, WireguardCmd};
-use rtnetlink::Handle;
 pub use conf::*;
 pub use key::*;
@@ -149,9 +149,9 @@ impl WireGuard {
    }
    pub async fn view_device(&mut self, device_name: &str) -> Result<DeviceView> {
-        let genlmsg: GenlMessage<Wireguard> = GenlMessage::from_payload(Wireguard {
+        let genlmsg: GenlMessage<WireguardMessage> = GenlMessage::from_payload(WireguardMessage {
            cmd: WireguardCmd::GetDevice,
-            nlas: vec![WgDeviceAttrs::IfName(device_name.to_string())],
+            attributes: vec![WireguardAttribute::IfName(device_name.to_string())],
        });
        let mut nlmsg = NetlinkMessage::from(genlmsg);
        nlmsg.header.flags = NLM_F_REQUEST | NLM_F_DUMP;
@@ -213,7 +213,7 @@ impl WireGuard {
        }
        let message = descriptor.into_wireguard(device_name.to_string());
-        let genlmsg: GenlMessage<Wireguard> = GenlMessage::from_payload(message);
+        let genlmsg: GenlMessage<WireguardMessage> = GenlMessage::from_payload(message);
        let mut nlmsg = NetlinkMessage::from(genlmsg);
        nlmsg.header.flags = NLM_F_REQUEST | NLM_F_ACK;
@@ -225,16 +225,12 @@ impl WireGuard {
    }
    async fn link_create(&self, name: &str) -> Result<()> {
-        let mut msg = self.rt_handle.link().add().replace();
+        self.rt_handle
-        msg.message_mut()
+            .link()
-            .attributes
+            .add(LinkMessageBuilder::<LinkWireguard>::new(name).build())
-            .push(LinkAttribute::LinkInfo(vec![LinkInfo::Kind(
+            .replace()
-                InfoKind::Wireguard,
+            .execute()
-            )]));
+            .await?;
-        msg.message_mut()
-            .attributes
-            .push(LinkAttribute::IfName(name.to_string()));
-        msg.execute().await?;
        Ok(())
    }
@@ -245,13 +241,31 @@ impl WireGuard {
    async fn link_up(&self, ifindex: u32) -> Result<()> {
        tracing::trace!("Bringing up interface {}", ifindex);
-        self.rt_handle.link().set(ifindex).up().execute().await?;
+        self.rt_handle
+            .link()
+            .set(
+                LinkMessageBuilder::<LinkSetRequest>::default()
+                    .index(ifindex)
+                    .up()
+                    .build(),
+            )
+            .execute()
+            .await?;
        Ok(())
    }
    async fn link_down(&self, ifindex: u32) -> Result<()> {
        tracing::trace!("Bringing down interface {}", ifindex);
-        self.rt_handle.link().set(ifindex).down().execute().await?;
+        self.rt_handle
+            .link()
+            .set(
+                LinkMessageBuilder::<LinkSetRequest>::default()
+                    .index(ifindex)
+                    .down()
+                    .build(),
+            )
+            .execute()
+            .await?;
        Ok(())
    }
@@ -314,30 +328,37 @@ impl WireGuard {
    #[allow(unused)]
    async fn route_add(&self, ifindex: u32, net: ipnet::IpNet) -> Result<()> {
        tracing::trace!("Adding route {} to {}", net, ifindex);
-        let request = self
-            .rt_handle
-            .route()
-            .add()
-            .scope(RouteScope::Link)
-            .output_interface(ifindex)
-            .replace();
        match net.addr() {
            std::net::IpAddr::V4(ip) => {
-                request
+                self.rt_handle
-                    .v4()
+                    .route()
-                    .destination_prefix(ip, net.prefix_len())
+                    .add(
+                        RouteMessageBuilder::<Ipv4Addr>::default()
+                            .scope(RouteScope::Link)
+                            .output_interface(ifindex)
+                            .destination_prefix(ip, net.prefix_len())
+                            .build(),
+                    )
+                    .replace()
                    .execute()
-                    .await
+                    .await?;
            }
            std::net::IpAddr::V6(ip) => {
-                request
+                self.rt_handle
-                    .v6()
+                    .route()
-                    .destination_prefix(ip, net.prefix_len())
+                    .add(
+                        RouteMessageBuilder::<Ipv6Addr>::default()
+                            .scope(RouteScope::Link)
+                            .output_interface(ifindex)
+                            .destination_prefix(ip, net.prefix_len())
+                            .build(),
+                    )
+                    .replace()
                    .execute()
-                    .await
+                    .await?;
            }
-        }?;
+        };
        Ok(())
    }
diff --git a/src/setup.rs b/src/setup.rs
index e7d454c..c36772f 100644
--- a/src/setup.rs
+++ b/src/setup.rs
@@ -2,13 +2,46 @@ use std::net::{IpAddr, SocketAddr};
 use ipnet::IpNet;
 use netlink_packet_wireguard::{
-    constants::{AF_INET, AF_INET6, WGDEVICE_F_REPLACE_PEERS, WGPEER_F_REPLACE_ALLOWEDIPS},
+    WireguardAddressFamily, WireguardAllowedIp, WireguardAllowedIpAttr, WireguardAttribute,
-    nlas::{WgAllowedIp, WgAllowedIpAttrs, WgDeviceAttrs, WgPeer, WgPeerAttrs},
+    WireguardCmd, WireguardMessage, WireguardPeer, WireguardPeerAttribute,
-    Wireguard, WireguardCmd,
 };
 use super::Key;
+#[allow(unused)]
+mod constants {
+    // this is copy pasted from the netlink_packet_wireguard's constants module because for some reason
+    // they stopped exposing constants in commit 3067a394fc7bc28fadbed5359c44cce95aac0f13
+    pub const WGDEVICE_F_REPLACE_PEERS: u32 = 1 << 0;
+    pub const WGPEER_F_REMOVE_ME: u32 = 1 << 0;
+    pub const WGPEER_F_REPLACE_ALLOWEDIPS: u32 = 1 << 1;
+    pub const WGPEER_F_UPDATE_ONLY: u32 = 1 << 2;
+    pub const WGPEER_A_UNSPEC: u16 = 0;
+    pub const WGPEER_A_PUBLIC_KEY: u16 = 1;
+    pub const WGPEER_A_PRESHARED_KEY: u16 = 2;
+    pub const WGPEER_A_FLAGS: u16 = 3;
+    pub const WGPEER_A_ENDPOINT: u16 = 4;
+    pub const WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL: u16 = 5;
+    pub const WGPEER_A_LAST_HANDSHAKE_TIME: u16 = 6;
+    pub const WGPEER_A_RX_BYTES: u16 = 7;
+    pub const WGPEER_A_TX_BYTES: u16 = 8;
+    pub const WGPEER_A_ALLOWEDIPS: u16 = 9;
+    pub const WGPEER_A_PROTOCOL_VERSION: u16 = 10;
+    pub const WGALLOWEDIP_A_UNSPEC: u16 = 0;
+    pub const WGALLOWEDIP_A_FAMILY: u16 = 1;
+    pub const WGALLOWEDIP_A_IPADDR: u16 = 2;
+    pub const WGALLOWEDIP_A_CIDR_MASK: u16 = 3;
+    pub const AF_INET6: u16 = 10;
+    pub const AF_INET: u16 = 2;
+}
+#[allow(unused)]
+pub(crate) use constants::*;
 #[derive(Debug)]
 pub struct PeerDescriptor {
    pub(super) public_key: Key,
@@ -87,20 +120,25 @@ impl PeerDescriptor {
        self
    }
-    pub(super) fn into_wireguard(self) -> WgPeer {
+    pub(super) fn into_wireguard(self) -> WireguardPeer {
-        let mut nlas = Vec::new();
+        let mut attributes = Vec::new();
-        nlas.push(WgPeerAttrs::PublicKey(self.public_key.into_array()));
+        attributes.push(WireguardPeerAttribute::PublicKey(
-        nlas.extend(
+            self.public_key.into_array(),
+        ));
+        attributes.extend(
            self.preshared_key
-                .map(|key| WgPeerAttrs::PresharedKey(key.into_array())),
+                .map(|key| WireguardPeerAttribute::PresharedKey(key.into_array())),
        );
-        nlas.extend(self.endpoint.map(WgPeerAttrs::Endpoint));
+        attributes.extend(self.endpoint.map(WireguardPeerAttribute::Endpoint));
-        nlas.extend(self.keepalive.map(WgPeerAttrs::PersistentKeepalive));
+        attributes.extend(
-        nlas.extend(self.allowed_ips.map(|allowed_ips| {
+            self.keepalive
-            WgPeerAttrs::AllowedIps(allowed_ips.into_iter().map(ipnet_to_wg).collect())
+                .map(WireguardPeerAttribute::PersistentKeepalive),
+        );
+        attributes.extend(self.allowed_ips.map(|allowed_ips| {
+            WireguardPeerAttribute::AllowedIps(allowed_ips.into_iter().map(ipnet_to_wg).collect())
        }));
-        nlas.push(WgPeerAttrs::Flags(WGPEER_F_REPLACE_ALLOWEDIPS));
+        attributes.push(WireguardPeerAttribute::Flags(WGPEER_F_REPLACE_ALLOWEDIPS));
-        WgPeer(nlas)
+        WireguardPeer(attributes)
    }
 }
@@ -174,39 +212,43 @@ impl DeviceDescriptor {
        self
    }
-    pub(super) fn into_wireguard(self, device_name: String) -> Wireguard {
+    pub(super) fn into_wireguard(self, device_name: String) -> WireguardMessage {
-        let mut nlas = Vec::new();
+        let mut attributes = Vec::new();
-        nlas.push(WgDeviceAttrs::IfName(device_name));
+        attributes.push(WireguardAttribute::IfName(device_name));
-        nlas.extend(
+        attributes.extend(
            self.private_key
-                .map(|key| WgDeviceAttrs::PrivateKey(key.into_array())),
+                .map(|key| WireguardAttribute::PrivateKey(key.into_array())),
        );
-        nlas.extend(self.listen_port.map(WgDeviceAttrs::ListenPort));
+        attributes.extend(self.listen_port.map(WireguardAttribute::ListenPort));
-        nlas.extend(self.fwmark.map(WgDeviceAttrs::Fwmark));
+        attributes.extend(self.fwmark.map(WireguardAttribute::Fwmark));
-        nlas.extend(self.peers.map(|peers| {
+        attributes.extend(self.peers.map(|peers| {
-            WgDeviceAttrs::Peers(
+            WireguardAttribute::Peers(
                peers
                    .into_iter()
                    .map(PeerDescriptor::into_wireguard)
                    .collect(),
            )
        }));
-        nlas.push(WgDeviceAttrs::Flags(WGDEVICE_F_REPLACE_PEERS));
+        attributes.push(WireguardAttribute::Flags(WGDEVICE_F_REPLACE_PEERS));
-        Wireguard {
+        WireguardMessage {
            cmd: WireguardCmd::SetDevice,
-            nlas,
+            attributes,
        }
    }
 }
-fn ipnet_to_wg(net: IpNet) -> WgAllowedIp {
+fn ipnet_to_wg(net: IpNet) -> WireguardAllowedIp {
-    let mut nlas = Vec::default();
+    let mut attributes = Vec::default();
-    nlas.push(WgAllowedIpAttrs::Cidr(net.prefix_len()));
+    attributes.push(WireguardAllowedIpAttr::Cidr(net.prefix_len()));
-    nlas.push(WgAllowedIpAttrs::IpAddr(net.addr()));
+    attributes.push(WireguardAllowedIpAttr::IpAddr(net.addr()));
    match net.addr() {
-        IpAddr::V4(_) => nlas.push(WgAllowedIpAttrs::Family(AF_INET)),
+        IpAddr::V4(_) => {
-        IpAddr::V6(_) => nlas.push(WgAllowedIpAttrs::Family(AF_INET6)),
+            attributes.push(WireguardAllowedIpAttr::Family(WireguardAddressFamily::Ipv4))
+        }
+        IpAddr::V6(_) => {
+            attributes.push(WireguardAllowedIpAttr::Family(WireguardAddressFamily::Ipv6))
+        }
    }
-    WgAllowedIp(nlas)
+    WireguardAllowedIp(attributes)
 }
diff --git a/src/view.rs b/src/view.rs
index 2858811..69f718a 100644
--- a/src/view.rs
+++ b/src/view.rs
@@ -1,9 +1,12 @@
-use std::{net::SocketAddr, time::SystemTime};
+use std::{
+    net::SocketAddr,
+    time::{Duration, SystemTime},
+};
 use ipnet::IpNet;
 use netlink_packet_wireguard::{
-    nlas::{WgAllowedIp, WgAllowedIpAttrs, WgDeviceAttrs, WgPeer, WgPeerAttrs},
+    WireguardAllowedIp, WireguardAllowedIpAttr, WireguardAttribute, WireguardMessage,
-    Wireguard,
+    WireguardPeer, WireguardPeerAttribute,
 };
 use super::{Error, Key, Result};
@@ -31,7 +34,7 @@ pub struct PeerView {
    pub allowed_ips: Vec<IpNet>,
 }
-pub(super) fn device_view_from_payload(wg: Wireguard) -> Result<DeviceView> {
+pub(super) fn device_view_from_payload(wg: WireguardMessage) -> Result<DeviceView> {
    let mut if_index = None;
    let mut if_name = None;
    let mut private_key = None;
@@ -40,15 +43,15 @@ pub(super) fn device_view_from_payload(wg: Wireguard) -> Result<DeviceView> {
    let mut fwmark = None;
    let mut peers = None;
-    for nla in wg.nlas {
+    for attr in wg.attributes {
-        match nla {
+        match attr {
-            WgDeviceAttrs::IfIndex(v) => if_index = Some(v),
+            WireguardAttribute::IfIndex(v) => if_index = Some(v),
-            WgDeviceAttrs::IfName(v) => if_name = Some(v),
+            WireguardAttribute::IfName(v) => if_name = Some(v),
-            WgDeviceAttrs::PrivateKey(v) => private_key = Some(Key::from(v)),
+            WireguardAttribute::PrivateKey(v) => private_key = Some(Key::from(v)),
-            WgDeviceAttrs::PublicKey(v) => public_key = Some(Key::from(v)),
+            WireguardAttribute::PublicKey(v) => public_key = Some(Key::from(v)),
-            WgDeviceAttrs::ListenPort(v) => listen_port = Some(v),
+            WireguardAttribute::ListenPort(v) => listen_port = Some(v),
-            WgDeviceAttrs::Fwmark(v) => fwmark = Some(v),
+            WireguardAttribute::Fwmark(v) => fwmark = Some(v),
-            WgDeviceAttrs::Peers(v) => peers = Some(peers_from_wg_peers(v)?),
+            WireguardAttribute::Peers(v) => peers = Some(peers_from_wg_peers(v)?),
            _ => {}
        }
    }
@@ -64,7 +67,7 @@ pub(super) fn device_view_from_payload(wg: Wireguard) -> Result<DeviceView> {
    })
 }
-fn peers_from_wg_peers(wg_peers: Vec<WgPeer>) -> Result<Vec<PeerView>> {
+fn peers_from_wg_peers(wg_peers: Vec<WireguardPeer>) -> Result<Vec<PeerView>> {
    let mut peers = Vec::with_capacity(wg_peers.len());
    for wg_peer in wg_peers {
        peers.push(peer_from_wg_peer(wg_peer)?);
@@ -72,7 +75,7 @@ fn peers_from_wg_peers(wg_peers: Vec<WgPeer>) -> Result<Vec<PeerView>> {
    Ok(peers)
 }
-fn peer_from_wg_peer(wg_peer: WgPeer) -> Result<PeerView> {
+fn peer_from_wg_peer(wg_peer: WireguardPeer) -> Result<PeerView> {
    let mut public_key = None;
    let mut preshared_key = None;
    let mut endpoint = None;
@@ -84,14 +87,14 @@ fn peer_from_wg_peer(wg_peer: WgPeer) -> Result<PeerView> {
    for attr in wg_peer.iter() {
        match attr {
-            WgPeerAttrs::PublicKey(v) => public_key = Some(Key::from(v)),
+            WireguardPeerAttribute::PublicKey(v) => public_key = Some(Key::from(v)),
-            WgPeerAttrs::PresharedKey(v) => preshared_key = Some(Key::from(v)),
+            WireguardPeerAttribute::PresharedKey(v) => preshared_key = Some(Key::from(v)),
-            WgPeerAttrs::Endpoint(v) => endpoint = Some(*v),
+            WireguardPeerAttribute::Endpoint(v) => endpoint = Some(*v),
-            WgPeerAttrs::PersistentKeepalive(v) => persistent_keepalive = Some(*v),
+            WireguardPeerAttribute::PersistentKeepalive(v) => persistent_keepalive = Some(*v),
-            WgPeerAttrs::LastHandshake(v) => last_handshake = Some(*v),
+            WireguardPeerAttribute::LastHandshake(v) => last_handshake = Some(*v),
-            WgPeerAttrs::RxBytes(v) => rx_bytes = Some(*v),
+            WireguardPeerAttribute::RxBytes(v) => rx_bytes = Some(*v),
-            WgPeerAttrs::TxBytes(v) => tx_bytes = Some(*v),
+            WireguardPeerAttribute::TxBytes(v) => tx_bytes = Some(*v),
-            WgPeerAttrs::AllowedIps(v) => {
+            WireguardPeerAttribute::AllowedIps(v) => {
                for ip in v {
                    allowed_ips.push(ipnet_from_wg(ip)?);
                }
@@ -105,20 +108,22 @@ fn peer_from_wg_peer(wg_peer: WgPeer) -> Result<PeerView> {
        preshared_key,
        endpoint,
        persistent_keepalive,
-        last_handshake: last_handshake.ok_or_else(|| Error::message("missing last_handshake"))?,
+        last_handshake: last_handshake
+            .map(|ts| SystemTime::now() - Duration::new(ts.seconds as u64, ts.nano_seconds as u32))
+            .ok_or_else(|| Error::message("missing last_handshake"))?,
        rx_bytes: rx_bytes.ok_or_else(|| Error::message("missing rx_bytes"))?,
        tx_bytes: tx_bytes.ok_or_else(|| Error::message("missing tx_bytes"))?,
        allowed_ips,
    })
 }
-fn ipnet_from_wg(wg: &WgAllowedIp) -> Result<IpNet> {
+fn ipnet_from_wg(wg: &WireguardAllowedIp) -> Result<IpNet> {
    let mut ip = None;
    let mut prefix = None;
    for attr in wg.iter() {
        match attr {
-            WgAllowedIpAttrs::IpAddr(v) => ip = Some(*v),
+            WireguardAllowedIpAttr::IpAddr(v) => ip = Some(*v),
-            WgAllowedIpAttrs::Cidr(v) => prefix = Some(*v),
+            WireguardAllowedIpAttr::Cidr(v) => prefix = Some(*v),
            _ => {}
        }
    }
author	diogo464 <[email protected]>	2026-02-15 22:05:57 +0000
committer	diogo464 <[email protected]>	2026-02-15 22:05:57 +0000
commit	56ac8740b79e291eabe6427d722921533b3a9837 (patch)
tree	c244662e382263efec95d6ac445cfc9f987e4758 /src
parent	75ccbd675c22fb3275c5763518c3b97819db4c53 (diff)