From 56ac8740b79e291eabe6427d722921533b3a9837 Mon Sep 17 00:00:00 2001
From: diogo464 <diogo464@d464.sh>
Date: Sun, 15 Feb 2026 22:05:57 +0000
Subject: updated dependencies

---
 src/key.rs   |   3 +-
 src/lib.rs   |  97 ++++++++++++++++++++++++++++++++---------------------
 src/setup.rs | 108 +++++++++++++++++++++++++++++++++++++++++------------------
 src/view.rs  |  59 +++++++++++++++++---------------
 4 files changed, 168 insertions(+), 99 deletions(-)

(limited to 'src')

diff --git a/src/key.rs b/src/key.rs
index 19bc127..49f9284 100644
--- a/src/key.rs
+++ b/src/key.rs
@@ -1,7 +1,8 @@
 use base64::Engine;
-use netlink_packet_wireguard::constants::WG_KEY_LEN;
 use rand::{rngs::OsRng, RngCore};
 
+const WG_KEY_LEN: usize = netlink_packet_wireguard::WireguardAttribute::WG_KEY_LEN;
+
 // Code from: https://git.zx2c4.com/wireguard-tools/tree/contrib/embeddable-wg-library/wireguard.c
 
 type Fe = [i64; 16];
diff --git a/src/lib.rs b/src/lib.rs
index c47d618..8ba36eb 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -3,18 +3,18 @@ mod key;
 mod setup;
 mod view;
 
-use std::borrow::Cow;
+use std::{
+    borrow::Cow,
+    net::{Ipv4Addr, Ipv6Addr},
+};
 
 use futures::{StreamExt, TryStreamExt};
 use genetlink::{GenetlinkError, GenetlinkHandle};
 use netlink_packet_core::{NetlinkMessage, NetlinkPayload, NLM_F_ACK, NLM_F_DUMP, NLM_F_REQUEST};
 use netlink_packet_generic::GenlMessage;
-use netlink_packet_route::{
-    link::{InfoKind, LinkAttribute, LinkInfo},
-    route::RouteScope,
-};
-use netlink_packet_wireguard::{nlas::WgDeviceAttrs, Wireguard, WireguardCmd};
-use rtnetlink::Handle;
+use netlink_packet_route::{link::LinkAttribute, route::RouteScope};
+use netlink_packet_wireguard::{WireguardAttribute, WireguardCmd, WireguardMessage};
+use rtnetlink::{Handle, LinkMessageBuilder, LinkSetRequest, LinkWireguard, RouteMessageBuilder};
 
 pub use conf::*;
 pub use key::*;
@@ -149,9 +149,9 @@ impl WireGuard {
     }
 
     pub async fn view_device(&mut self, device_name: &str) -> Result<DeviceView> {
-        let genlmsg: GenlMessage<Wireguard> = GenlMessage::from_payload(Wireguard {
+        let genlmsg: GenlMessage<WireguardMessage> = GenlMessage::from_payload(WireguardMessage {
             cmd: WireguardCmd::GetDevice,
-            nlas: vec![WgDeviceAttrs::IfName(device_name.to_string())],
+            attributes: vec![WireguardAttribute::IfName(device_name.to_string())],
         });
         let mut nlmsg = NetlinkMessage::from(genlmsg);
         nlmsg.header.flags = NLM_F_REQUEST | NLM_F_DUMP;
@@ -213,7 +213,7 @@ impl WireGuard {
         }
 
         let message = descriptor.into_wireguard(device_name.to_string());
-        let genlmsg: GenlMessage<Wireguard> = GenlMessage::from_payload(message);
+        let genlmsg: GenlMessage<WireguardMessage> = GenlMessage::from_payload(message);
         let mut nlmsg = NetlinkMessage::from(genlmsg);
         nlmsg.header.flags = NLM_F_REQUEST | NLM_F_ACK;
 
@@ -225,16 +225,12 @@ impl WireGuard {
     }
 
     async fn link_create(&self, name: &str) -> Result<()> {
-        let mut msg = self.rt_handle.link().add().replace();
-        msg.message_mut()
-            .attributes
-            .push(LinkAttribute::LinkInfo(vec![LinkInfo::Kind(
-                InfoKind::Wireguard,
-            )]));
-        msg.message_mut()
-            .attributes
-            .push(LinkAttribute::IfName(name.to_string()));
-        msg.execute().await?;
+        self.rt_handle
+            .link()
+            .add(LinkMessageBuilder::<LinkWireguard>::new(name).build())
+            .replace()
+            .execute()
+            .await?;
         Ok(())
     }
 
@@ -245,13 +241,31 @@ impl WireGuard {
 
     async fn link_up(&self, ifindex: u32) -> Result<()> {
         tracing::trace!("Bringing up interface {}", ifindex);
-        self.rt_handle.link().set(ifindex).up().execute().await?;
+        self.rt_handle
+            .link()
+            .set(
+                LinkMessageBuilder::<LinkSetRequest>::default()
+                    .index(ifindex)
+                    .up()
+                    .build(),
+            )
+            .execute()
+            .await?;
         Ok(())
     }
 
     async fn link_down(&self, ifindex: u32) -> Result<()> {
         tracing::trace!("Bringing down interface {}", ifindex);
-        self.rt_handle.link().set(ifindex).down().execute().await?;
+        self.rt_handle
+            .link()
+            .set(
+                LinkMessageBuilder::<LinkSetRequest>::default()
+                    .index(ifindex)
+                    .down()
+                    .build(),
+            )
+            .execute()
+            .await?;
         Ok(())
     }
 
@@ -314,30 +328,37 @@ impl WireGuard {
     #[allow(unused)]
     async fn route_add(&self, ifindex: u32, net: ipnet::IpNet) -> Result<()> {
         tracing::trace!("Adding route {} to {}", net, ifindex);
-        let request = self
-            .rt_handle
-            .route()
-            .add()
-            .scope(RouteScope::Link)
-            .output_interface(ifindex)
-            .replace();
 
         match net.addr() {
             std::net::IpAddr::V4(ip) => {
-                request
-                    .v4()
-                    .destination_prefix(ip, net.prefix_len())
+                self.rt_handle
+                    .route()
+                    .add(
+                        RouteMessageBuilder::<Ipv4Addr>::default()
+                            .scope(RouteScope::Link)
+                            .output_interface(ifindex)
+                            .destination_prefix(ip, net.prefix_len())
+                            .build(),
+                    )
+                    .replace()
                     .execute()
-                    .await
+                    .await?;
             }
             std::net::IpAddr::V6(ip) => {
-                request
-                    .v6()
-                    .destination_prefix(ip, net.prefix_len())
+                self.rt_handle
+                    .route()
+                    .add(
+                        RouteMessageBuilder::<Ipv6Addr>::default()
+                            .scope(RouteScope::Link)
+                            .output_interface(ifindex)
+                            .destination_prefix(ip, net.prefix_len())
+                            .build(),
+                    )
+                    .replace()
                     .execute()
-                    .await
+                    .await?;
             }
-        }?;
+        };
 
         Ok(())
     }
diff --git a/src/setup.rs b/src/setup.rs
index e7d454c..c36772f 100644
--- a/src/setup.rs
+++ b/src/setup.rs
@@ -2,13 +2,46 @@ use std::net::{IpAddr, SocketAddr};
 
 use ipnet::IpNet;
 use netlink_packet_wireguard::{
-    constants::{AF_INET, AF_INET6, WGDEVICE_F_REPLACE_PEERS, WGPEER_F_REPLACE_ALLOWEDIPS},
-    nlas::{WgAllowedIp, WgAllowedIpAttrs, WgDeviceAttrs, WgPeer, WgPeerAttrs},
-    Wireguard, WireguardCmd,
+    WireguardAddressFamily, WireguardAllowedIp, WireguardAllowedIpAttr, WireguardAttribute,
+    WireguardCmd, WireguardMessage, WireguardPeer, WireguardPeerAttribute,
 };
 
 use super::Key;
 
+#[allow(unused)]
+mod constants {
+    // this is copy pasted from the netlink_packet_wireguard's constants module because for some reason
+    // they stopped exposing constants in commit 3067a394fc7bc28fadbed5359c44cce95aac0f13
+    pub const WGDEVICE_F_REPLACE_PEERS: u32 = 1 << 0;
+
+    pub const WGPEER_F_REMOVE_ME: u32 = 1 << 0;
+    pub const WGPEER_F_REPLACE_ALLOWEDIPS: u32 = 1 << 1;
+    pub const WGPEER_F_UPDATE_ONLY: u32 = 1 << 2;
+
+    pub const WGPEER_A_UNSPEC: u16 = 0;
+    pub const WGPEER_A_PUBLIC_KEY: u16 = 1;
+    pub const WGPEER_A_PRESHARED_KEY: u16 = 2;
+    pub const WGPEER_A_FLAGS: u16 = 3;
+    pub const WGPEER_A_ENDPOINT: u16 = 4;
+    pub const WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL: u16 = 5;
+    pub const WGPEER_A_LAST_HANDSHAKE_TIME: u16 = 6;
+    pub const WGPEER_A_RX_BYTES: u16 = 7;
+    pub const WGPEER_A_TX_BYTES: u16 = 8;
+    pub const WGPEER_A_ALLOWEDIPS: u16 = 9;
+    pub const WGPEER_A_PROTOCOL_VERSION: u16 = 10;
+
+    pub const WGALLOWEDIP_A_UNSPEC: u16 = 0;
+    pub const WGALLOWEDIP_A_FAMILY: u16 = 1;
+    pub const WGALLOWEDIP_A_IPADDR: u16 = 2;
+    pub const WGALLOWEDIP_A_CIDR_MASK: u16 = 3;
+
+    pub const AF_INET6: u16 = 10;
+    pub const AF_INET: u16 = 2;
+}
+
+#[allow(unused)]
+pub(crate) use constants::*;
+
 #[derive(Debug)]
 pub struct PeerDescriptor {
     pub(super) public_key: Key,
@@ -87,20 +120,25 @@ impl PeerDescriptor {
         self
     }
 
-    pub(super) fn into_wireguard(self) -> WgPeer {
-        let mut nlas = Vec::new();
-        nlas.push(WgPeerAttrs::PublicKey(self.public_key.into_array()));
-        nlas.extend(
+    pub(super) fn into_wireguard(self) -> WireguardPeer {
+        let mut attributes = Vec::new();
+        attributes.push(WireguardPeerAttribute::PublicKey(
+            self.public_key.into_array(),
+        ));
+        attributes.extend(
             self.preshared_key
-                .map(|key| WgPeerAttrs::PresharedKey(key.into_array())),
+                .map(|key| WireguardPeerAttribute::PresharedKey(key.into_array())),
         );
-        nlas.extend(self.endpoint.map(WgPeerAttrs::Endpoint));
-        nlas.extend(self.keepalive.map(WgPeerAttrs::PersistentKeepalive));
-        nlas.extend(self.allowed_ips.map(|allowed_ips| {
-            WgPeerAttrs::AllowedIps(allowed_ips.into_iter().map(ipnet_to_wg).collect())
+        attributes.extend(self.endpoint.map(WireguardPeerAttribute::Endpoint));
+        attributes.extend(
+            self.keepalive
+                .map(WireguardPeerAttribute::PersistentKeepalive),
+        );
+        attributes.extend(self.allowed_ips.map(|allowed_ips| {
+            WireguardPeerAttribute::AllowedIps(allowed_ips.into_iter().map(ipnet_to_wg).collect())
         }));
-        nlas.push(WgPeerAttrs::Flags(WGPEER_F_REPLACE_ALLOWEDIPS));
-        WgPeer(nlas)
+        attributes.push(WireguardPeerAttribute::Flags(WGPEER_F_REPLACE_ALLOWEDIPS));
+        WireguardPeer(attributes)
     }
 }
 
@@ -174,39 +212,43 @@ impl DeviceDescriptor {
         self
     }
 
-    pub(super) fn into_wireguard(self, device_name: String) -> Wireguard {
-        let mut nlas = Vec::new();
-        nlas.push(WgDeviceAttrs::IfName(device_name));
-        nlas.extend(
+    pub(super) fn into_wireguard(self, device_name: String) -> WireguardMessage {
+        let mut attributes = Vec::new();
+        attributes.push(WireguardAttribute::IfName(device_name));
+        attributes.extend(
             self.private_key
-                .map(|key| WgDeviceAttrs::PrivateKey(key.into_array())),
+                .map(|key| WireguardAttribute::PrivateKey(key.into_array())),
         );
-        nlas.extend(self.listen_port.map(WgDeviceAttrs::ListenPort));
-        nlas.extend(self.fwmark.map(WgDeviceAttrs::Fwmark));
-        nlas.extend(self.peers.map(|peers| {
-            WgDeviceAttrs::Peers(
+        attributes.extend(self.listen_port.map(WireguardAttribute::ListenPort));
+        attributes.extend(self.fwmark.map(WireguardAttribute::Fwmark));
+        attributes.extend(self.peers.map(|peers| {
+            WireguardAttribute::Peers(
                 peers
                     .into_iter()
                     .map(PeerDescriptor::into_wireguard)
                     .collect(),
             )
         }));
-        nlas.push(WgDeviceAttrs::Flags(WGDEVICE_F_REPLACE_PEERS));
+        attributes.push(WireguardAttribute::Flags(WGDEVICE_F_REPLACE_PEERS));
 
-        Wireguard {
+        WireguardMessage {
             cmd: WireguardCmd::SetDevice,
-            nlas,
+            attributes,
         }
     }
 }
 
-fn ipnet_to_wg(net: IpNet) -> WgAllowedIp {
-    let mut nlas = Vec::default();
-    nlas.push(WgAllowedIpAttrs::Cidr(net.prefix_len()));
-    nlas.push(WgAllowedIpAttrs::IpAddr(net.addr()));
+fn ipnet_to_wg(net: IpNet) -> WireguardAllowedIp {
+    let mut attributes = Vec::default();
+    attributes.push(WireguardAllowedIpAttr::Cidr(net.prefix_len()));
+    attributes.push(WireguardAllowedIpAttr::IpAddr(net.addr()));
     match net.addr() {
-        IpAddr::V4(_) => nlas.push(WgAllowedIpAttrs::Family(AF_INET)),
-        IpAddr::V6(_) => nlas.push(WgAllowedIpAttrs::Family(AF_INET6)),
+        IpAddr::V4(_) => {
+            attributes.push(WireguardAllowedIpAttr::Family(WireguardAddressFamily::Ipv4))
+        }
+        IpAddr::V6(_) => {
+            attributes.push(WireguardAllowedIpAttr::Family(WireguardAddressFamily::Ipv6))
+        }
     }
-    WgAllowedIp(nlas)
+    WireguardAllowedIp(attributes)
 }
diff --git a/src/view.rs b/src/view.rs
index 2858811..69f718a 100644
--- a/src/view.rs
+++ b/src/view.rs
@@ -1,9 +1,12 @@
-use std::{net::SocketAddr, time::SystemTime};
+use std::{
+    net::SocketAddr,
+    time::{Duration, SystemTime},
+};
 
 use ipnet::IpNet;
 use netlink_packet_wireguard::{
-    nlas::{WgAllowedIp, WgAllowedIpAttrs, WgDeviceAttrs, WgPeer, WgPeerAttrs},
-    Wireguard,
+    WireguardAllowedIp, WireguardAllowedIpAttr, WireguardAttribute, WireguardMessage,
+    WireguardPeer, WireguardPeerAttribute,
 };
 
 use super::{Error, Key, Result};
@@ -31,7 +34,7 @@ pub struct PeerView {
     pub allowed_ips: Vec<IpNet>,
 }
 
-pub(super) fn device_view_from_payload(wg: Wireguard) -> Result<DeviceView> {
+pub(super) fn device_view_from_payload(wg: WireguardMessage) -> Result<DeviceView> {
     let mut if_index = None;
     let mut if_name = None;
     let mut private_key = None;
@@ -40,15 +43,15 @@ pub(super) fn device_view_from_payload(wg: Wireguard) -> Result<DeviceView> {
     let mut fwmark = None;
     let mut peers = None;
 
-    for nla in wg.nlas {
-        match nla {
-            WgDeviceAttrs::IfIndex(v) => if_index = Some(v),
-            WgDeviceAttrs::IfName(v) => if_name = Some(v),
-            WgDeviceAttrs::PrivateKey(v) => private_key = Some(Key::from(v)),
-            WgDeviceAttrs::PublicKey(v) => public_key = Some(Key::from(v)),
-            WgDeviceAttrs::ListenPort(v) => listen_port = Some(v),
-            WgDeviceAttrs::Fwmark(v) => fwmark = Some(v),
-            WgDeviceAttrs::Peers(v) => peers = Some(peers_from_wg_peers(v)?),
+    for attr in wg.attributes {
+        match attr {
+            WireguardAttribute::IfIndex(v) => if_index = Some(v),
+            WireguardAttribute::IfName(v) => if_name = Some(v),
+            WireguardAttribute::PrivateKey(v) => private_key = Some(Key::from(v)),
+            WireguardAttribute::PublicKey(v) => public_key = Some(Key::from(v)),
+            WireguardAttribute::ListenPort(v) => listen_port = Some(v),
+            WireguardAttribute::Fwmark(v) => fwmark = Some(v),
+            WireguardAttribute::Peers(v) => peers = Some(peers_from_wg_peers(v)?),
             _ => {}
         }
     }
@@ -64,7 +67,7 @@ pub(super) fn device_view_from_payload(wg: Wireguard) -> Result<DeviceView> {
     })
 }
 
-fn peers_from_wg_peers(wg_peers: Vec<WgPeer>) -> Result<Vec<PeerView>> {
+fn peers_from_wg_peers(wg_peers: Vec<WireguardPeer>) -> Result<Vec<PeerView>> {
     let mut peers = Vec::with_capacity(wg_peers.len());
     for wg_peer in wg_peers {
         peers.push(peer_from_wg_peer(wg_peer)?);
@@ -72,7 +75,7 @@ fn peers_from_wg_peers(wg_peers: Vec<WgPeer>) -> Result<Vec<PeerView>> {
     Ok(peers)
 }
 
-fn peer_from_wg_peer(wg_peer: WgPeer) -> Result<PeerView> {
+fn peer_from_wg_peer(wg_peer: WireguardPeer) -> Result<PeerView> {
     let mut public_key = None;
     let mut preshared_key = None;
     let mut endpoint = None;
@@ -84,14 +87,14 @@ fn peer_from_wg_peer(wg_peer: WgPeer) -> Result<PeerView> {
 
     for attr in wg_peer.iter() {
         match attr {
-            WgPeerAttrs::PublicKey(v) => public_key = Some(Key::from(v)),
-            WgPeerAttrs::PresharedKey(v) => preshared_key = Some(Key::from(v)),
-            WgPeerAttrs::Endpoint(v) => endpoint = Some(*v),
-            WgPeerAttrs::PersistentKeepalive(v) => persistent_keepalive = Some(*v),
-            WgPeerAttrs::LastHandshake(v) => last_handshake = Some(*v),
-            WgPeerAttrs::RxBytes(v) => rx_bytes = Some(*v),
-            WgPeerAttrs::TxBytes(v) => tx_bytes = Some(*v),
-            WgPeerAttrs::AllowedIps(v) => {
+            WireguardPeerAttribute::PublicKey(v) => public_key = Some(Key::from(v)),
+            WireguardPeerAttribute::PresharedKey(v) => preshared_key = Some(Key::from(v)),
+            WireguardPeerAttribute::Endpoint(v) => endpoint = Some(*v),
+            WireguardPeerAttribute::PersistentKeepalive(v) => persistent_keepalive = Some(*v),
+            WireguardPeerAttribute::LastHandshake(v) => last_handshake = Some(*v),
+            WireguardPeerAttribute::RxBytes(v) => rx_bytes = Some(*v),
+            WireguardPeerAttribute::TxBytes(v) => tx_bytes = Some(*v),
+            WireguardPeerAttribute::AllowedIps(v) => {
                 for ip in v {
                     allowed_ips.push(ipnet_from_wg(ip)?);
                 }
@@ -105,20 +108,22 @@ fn peer_from_wg_peer(wg_peer: WgPeer) -> Result<PeerView> {
         preshared_key,
         endpoint,
         persistent_keepalive,
-        last_handshake: last_handshake.ok_or_else(|| Error::message("missing last_handshake"))?,
+        last_handshake: last_handshake
+            .map(|ts| SystemTime::now() - Duration::new(ts.seconds as u64, ts.nano_seconds as u32))
+            .ok_or_else(|| Error::message("missing last_handshake"))?,
         rx_bytes: rx_bytes.ok_or_else(|| Error::message("missing rx_bytes"))?,
         tx_bytes: tx_bytes.ok_or_else(|| Error::message("missing tx_bytes"))?,
         allowed_ips,
     })
 }
 
-fn ipnet_from_wg(wg: &WgAllowedIp) -> Result<IpNet> {
+fn ipnet_from_wg(wg: &WireguardAllowedIp) -> Result<IpNet> {
     let mut ip = None;
     let mut prefix = None;
     for attr in wg.iter() {
         match attr {
-            WgAllowedIpAttrs::IpAddr(v) => ip = Some(*v),
-            WgAllowedIpAttrs::Cidr(v) => prefix = Some(*v),
+            WireguardAllowedIpAttr::IpAddr(v) => ip = Some(*v),
+            WireguardAllowedIpAttr::Cidr(v) => prefix = Some(*v),
             _ => {}
         }
     }
-- 
cgit