wg: give "off" value for fwmark

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
Jason A. Donenfeld 2017-02-22 21:45:03 +01:00
parent a9bcd0d401
commit d4edc7baa8
4 changed files with 19 additions and 5 deletions

View file

@ -97,6 +97,12 @@ static inline bool parse_fwmark(uint32_t *fwmark, unsigned int *flags, const cha
char *end; char *end;
int base = 10; int base = 10;
if (!strcasecmp(value, "off")) {
*fwmark = 0;
*flags |= WGDEVICE_REMOVE_FWMARK;
return true;
}
if (value[0] == '0' && value[1] == 'x') { if (value[0] == '0' && value[1] == 'x') {
value += 2; value += 2;
base = 16; base = 16;

View file

@ -276,7 +276,10 @@ static bool ugly_print(struct wgdevice *device, const char *param, bool with_int
} else if (!strcmp(param, "fwmark")) { } else if (!strcmp(param, "fwmark")) {
if (with_interface) if (with_interface)
printf("%s\t", device->interface); printf("%s\t", device->interface);
if (device->fwmark)
printf("0x%x\n", device->fwmark); printf("0x%x\n", device->fwmark);
else
printf("off\n");
} else if (!strcmp(param, "endpoints")) { } else if (!strcmp(param, "endpoints")) {
if (with_interface) if (with_interface)
printf("%s\t", device->interface); printf("%s\t", device->interface);

View file

@ -79,7 +79,9 @@ add_if() {
} }
del_if() { del_if() {
DEFAULT_TABLE=$(( $(wg show "$INTERFACE" fwmark) )) local fwmark="$(wg show "$INTERFACE" fwmark)"
DEFAULT_TABLE=0
[[ $fwmark != off ]] && DEFAULT_TABLE=$(( $fwmark ))
if [[ $DEFAULT_TABLE -ne 0 ]]; then if [[ $DEFAULT_TABLE -ne 0 ]]; then
while [[ -n $(ip -4 rule show table $DEFAULT_TABLE) ]]; do while [[ -n $(ip -4 rule show table $DEFAULT_TABLE) ]]; do
cmd ip -4 rule delete table $DEFAULT_TABLE cmd ip -4 rule delete table $DEFAULT_TABLE

View file

@ -67,14 +67,16 @@ it adds an additional layer of symmetric-key cryptography to be mixed into
the already existing public-key cryptography, for post-quantum resistance. the already existing public-key cryptography, for post-quantum resistance.
If \fIallowed-ips\fP is specified, but the value is the empty string, all If \fIallowed-ips\fP is specified, but the value is the empty string, all
allowed ips are removed from the peer. The use of \fIpersistent-keepalive\fP allowed ips are removed from the peer. The use of \fIpersistent-keepalive\fP
is optional and is by default off; setting it to 0 or "off", disables it. is optional and is by default off; setting it to 0 or "off" disables it.
Otherwise it represents, in seconds, between 1 and 65535 inclusive, how often Otherwise it represents, in seconds, between 1 and 65535 inclusive, how often
to send an authenticated empty packet to the peer, for the purpose of keeping to send an authenticated empty packet to the peer, for the purpose of keeping
a stateful firewall or NAT mapping valid persistently. For example, if the a stateful firewall or NAT mapping valid persistently. For example, if the
interface very rarely sends traffic, but it might at anytime receive traffic interface very rarely sends traffic, but it might at anytime receive traffic
from a peer, and it is behind NAT, the interface might benefit from having a from a peer, and it is behind NAT, the interface might benefit from having a
persistent keepalive interval of 25 seconds; however, most users will not need persistent keepalive interval of 25 seconds; however, most users will not need
this. this. The use of \fIfwmark\fP is optional and is by default off; setting it to
0 or "off" disables it. Otherwise it is a 32-bit fwmark for outgoing packets
and may be specified in hexadecimal by prepending "0x".
.TP .TP
\fBsetconf\fP \fI<interface>\fP \fI<configuration-filename>\fP \fBsetconf\fP \fI<interface>\fP \fI<configuration-filename>\fP
Sets the current configuration of \fI<interface>\fP to the contents of Sets the current configuration of \fI<interface>\fP to the contents of
@ -126,7 +128,8 @@ for post-quantum resistance.
ListenPort \(em a 16-bit port for listening. Optional; if not specified, chosen ListenPort \(em a 16-bit port for listening. Optional; if not specified, chosen
randomly. randomly.
.IP \(bu .IP \(bu
FwMark \(em a 32-bit fwmark for outgoing packets. Optional. FwMark \(em a 32-bit fwmark for outgoing packets. If set to 0 or "off", this
option is disabled. May be specified in hexadecimal by prepending "0x". Optional.
.P .P
The \fIPeer\fP sections may contain the following fields: The \fIPeer\fP sections may contain the following fields:
.IP \(bu .IP \(bu