Hi all, I added netns support to wq-quick, works quite well for me. An example: # wg-quick up s2s [#] ip -n phy link add s2s type wireguard [#] ip -n phy link set s2s netns 1 [#] wg setconf s2s /dev/fd/63 [#] ip -4 address add 192.168.0.1/32 dev s2s [#] ip link set mtu 1420 up dev s2s ... Please go easy on me, this is my first time sending a patch. --Endre ---  contrib/highlighter/gui/highlight.cpp |  1 +  contrib/highlighter/highlight.c       |  1 +  contrib/highlighter/highlighter.h     |  1 +  src/man/wg-quick.8                    |  3 +++  src/wg-quick/linux.bash               | 16 +++++++++++++++-  5 files changed, 21 insertions(+), 1 deletion(-) diff --git a/contrib/highlighter/gui/highlight.cpp b/contrib/highlighter/gui/highlight.cpp index a95857b..a698d05 100644 --- a/contrib/highlighter/gui/highlight.cpp +++ b/contrib/highlighter/gui/highlight.cpp @@ -25,6 +25,7 @@ static QColor colormap[] = {      [HighlightDelimiter] = QColor("#7aa6da"),  #ifndef MOBILE_WGQUICK_SUBSET      [HighlightTable] = QColor("#c397d8"), +    [HighlightNetNS] = QColor("#c397d8"),      [HighlightFwMark] = QColor("#c397d8"),      [HighlightSaveConfig] = QColor("#c397d8"),      [HighlightCmd] = QColor("#969896"), diff --git a/contrib/highlighter/highlight.c b/contrib/highlighter/highlight.c index e9034f7..44b335c 100644 --- a/contrib/highlighter/highlight.c +++ b/contrib/highlighter/highlight.c @@ -51,6 +51,7 @@ static const char *colormap[] = {      [HighlightDelimiter] = TERMINAL_FG_CYAN,  #ifndef MOBILE_WGQUICK_SUBSET      [HighlightTable] = TERMINAL_FG_BLUE, +    [HighlightNetNS] = TERMINAL_FG_BLUE,      [HighlightFwMark] = TERMINAL_FG_BLUE,      [HighlightSaveConfig] = TERMINAL_FG_BLUE,      [HighlightCmd] = TERMINAL_FG_WHITE, diff --git a/contrib/highlighter/highlighter.h b/contrib/highlighter/highlighter.h index 65cc230..d1ed6d1 100644 --- a/contrib/highlighter/highlighter.h +++ b/contrib/highlighter/highlighter.h @@ -21,6 +21,7 @@ enum highlight_type {      HighlightDelimiter,  #ifndef MOBILE_WGQUICK_SUBSET      HighlightTable, +    HighlightNetNS,      HighlightFwMark,      HighlightSaveConfig,      HighlightCmd, diff --git a/src/man/wg-quick.8 b/src/man/wg-quick.8 index c38c7d9..3f0565a 100644 --- a/src/man/wg-quick.8 +++ b/src/man/wg-quick.8 @@ -91,6 +91,9 @@ special values: `off' disables the creation of routes altogether, and `auto'  (the default) adds routes to the default table and enables special handling of  default routes.  .IP \(bu +NetNS \(em Controls in which network namespace the WireGuard UDP socket is added to. The +namespace has to be created before WireGuard use. +.IP \(bu  PreUp, PostUp, PreDown, PostDown \(em script snippets which will be executed by  .BR bash (1)  before/after setting up/tearing down the interface, most commonly used diff --git a/src/wg-quick/linux.bash b/src/wg-quick/linux.bash index 7c2c002..6957cba 100755 --- a/src/wg-quick/linux.bash +++ b/src/wg-quick/linux.bash @@ -17,6 +17,7 @@ ADDRESSES=( )  MTU=""  DNS=( )  TABLE="" +NETNS=""  PRE_UP=( )  POST_UP=( )  PRE_DOWN=( ) @@ -58,6 +59,7 @@ parse_options() {              MTU) MTU="$value"; continue ;;              DNS) DNS+=( ${value//,/ } ); continue ;;              Table) TABLE="$value"; continue ;; +            NetNS) NETNS="$value"; continue ;;              PreUp) PRE_UP+=( "$value" ); continue ;;              PreDown) PRE_DOWN+=( "$value" ); continue ;;              PostUp) POST_UP+=( "$value" ); continue ;; @@ -84,7 +86,18 @@ auto_su() {  add_if() {      local ret -    if ! cmd ip link add "$INTERFACE" type wireguard; then +    if [[ -n $NETNS ]]; then +        if ! ip netns pids "${NETNS}" > /dev/null; then +            ret=$? +            echo "[!] Target namespace '${NETNS}' not found" +            exit $ret +        elif ! cmd ip -n "${NETNS}" link add "$INTERFACE" type wireguard; then +            ret=$? +            [[ -e /sys/module/wireguard ]] || ! command -v "${WG_QUICK_USERSPACE_IMPLEMENTATION:-wireguard-go}" >/dev/null && exit $ret +            echo "[!] Missing WireGuard kernel module. Falling back to slow userspace implementation." +        fi +        cmd ip -n "${NETNS}" link set "$INTERFACE" netns 1 +    elif ! cmd ip link add "$INTERFACE" type wireguard; then          ret=$?          [[ -e /sys/module/wireguard ]] || ! command -v "${WG_QUICK_USERSPACE_IMPLEMENTATION:-wireguard-go}" >/dev/null && exit $ret          echo "[!] Missing WireGuard kernel module. Falling back to slow userspace implementation." @@ -258,6 +271,7 @@ save_config() {      done < <(resolvconf -l "$(resolvconf_iface_prefix)$INTERFACE" 2>/dev/null || cat "/etc/resolvconf/run/interface/$(resolvconf_iface_prefix)$INTERFACE" 2>/dev/null)      [[ -n $MTU && $(ip link show dev "$INTERFACE") =~ mtu\ ([0-9]+) ]] && new_config+="MTU = ${BASH_REMATCH[1]}"$'\n'      [[ -n $TABLE ]] && new_config+="Table = $TABLE"$'\n' +    [[ -n $NETNS ]] && new_config+="NetNS = $NETNS"$'\n'      [[ $SAVE_CONFIG -eq 0 ]] || new_config+=$'SaveConfig = true\n'      for cmd in "${PRE_UP[@]}"; do          new_config+="PreUp = $cmd"$'\n' -- 2.25.1