From 9af84a9996130691b060da2b04b63564d2993a75 Mon Sep 17 00:00:00 2001 From: Endre Szabo Date: Tue, 3 Mar 2020 11:20:35 +0100 Subject: [PATCH 1/1] Added network namespacing support --- contrib/highlighter/gui/highlight.cpp | 1 + contrib/highlighter/highlight.c | 1 + contrib/highlighter/highlighter.h | 1 + src/man/wg-quick.8 | 3 +++ src/wg-quick/linux.bash | 16 +++++++++++++++- 5 files changed, 21 insertions(+), 1 deletion(-) diff --git a/contrib/highlighter/gui/highlight.cpp b/contrib/highlighter/gui/highlight.cpp index a95857b..a698d05 100644 --- a/contrib/highlighter/gui/highlight.cpp +++ b/contrib/highlighter/gui/highlight.cpp @@ -25,6 +25,7 @@ static QColor colormap[] = { [HighlightDelimiter] = QColor("#7aa6da"), #ifndef MOBILE_WGQUICK_SUBSET [HighlightTable] = QColor("#c397d8"), + [HighlightNetNS] = QColor("#c397d8"), [HighlightFwMark] = QColor("#c397d8"), [HighlightSaveConfig] = QColor("#c397d8"), [HighlightCmd] = QColor("#969896"), diff --git a/contrib/highlighter/highlight.c b/contrib/highlighter/highlight.c index e9034f7..44b335c 100644 --- a/contrib/highlighter/highlight.c +++ b/contrib/highlighter/highlight.c @@ -51,6 +51,7 @@ static const char *colormap[] = { [HighlightDelimiter] = TERMINAL_FG_CYAN, #ifndef MOBILE_WGQUICK_SUBSET [HighlightTable] = TERMINAL_FG_BLUE, + [HighlightNetNS] = TERMINAL_FG_BLUE, [HighlightFwMark] = TERMINAL_FG_BLUE, [HighlightSaveConfig] = TERMINAL_FG_BLUE, [HighlightCmd] = TERMINAL_FG_WHITE, diff --git a/contrib/highlighter/highlighter.h b/contrib/highlighter/highlighter.h index 65cc230..d1ed6d1 100644 --- a/contrib/highlighter/highlighter.h +++ b/contrib/highlighter/highlighter.h @@ -21,6 +21,7 @@ enum highlight_type { HighlightDelimiter, #ifndef MOBILE_WGQUICK_SUBSET HighlightTable, + HighlightNetNS, HighlightFwMark, HighlightSaveConfig, HighlightCmd, diff --git a/src/man/wg-quick.8 b/src/man/wg-quick.8 index c38c7d9..3f0565a 100644 --- a/src/man/wg-quick.8 +++ b/src/man/wg-quick.8 @@ -91,6 +91,9 @@ special values: `off' disables the creation of routes altogether, and `auto' (the default) adds routes to the default table and enables special handling of default routes. .IP \(bu +NetNS \(em Controls in which network namespace the WireGuard UDP socket is added to. The +namespace has to be created before WireGuard use. +.IP \(bu PreUp, PostUp, PreDown, PostDown \(em script snippets which will be executed by .BR bash (1) before/after setting up/tearing down the interface, most commonly used diff --git a/src/wg-quick/linux.bash b/src/wg-quick/linux.bash index 7c2c002..6957cba 100755 --- a/src/wg-quick/linux.bash +++ b/src/wg-quick/linux.bash @@ -17,6 +17,7 @@ ADDRESSES=( ) MTU="" DNS=( ) TABLE="" +NETNS="" PRE_UP=( ) POST_UP=( ) PRE_DOWN=( ) @@ -58,6 +59,7 @@ parse_options() { MTU) MTU="$value"; continue ;; DNS) DNS+=( ${value//,/ } ); continue ;; Table) TABLE="$value"; continue ;; + NetNS) NETNS="$value"; continue ;; PreUp) PRE_UP+=( "$value" ); continue ;; PreDown) PRE_DOWN+=( "$value" ); continue ;; PostUp) POST_UP+=( "$value" ); continue ;; @@ -84,7 +86,18 @@ auto_su() { add_if() { local ret - if ! cmd ip link add "$INTERFACE" type wireguard; then + if [[ -n $NETNS ]]; then + if ! ip netns pids "${NETNS}" > /dev/null; then + ret=$? + echo "[!] Target namespace '${NETNS}' not found" + exit $ret + elif ! cmd ip -n "${NETNS}" link add "$INTERFACE" type wireguard; then + ret=$? + [[ -e /sys/module/wireguard ]] || ! command -v "${WG_QUICK_USERSPACE_IMPLEMENTATION:-wireguard-go}" >/dev/null && exit $ret + echo "[!] Missing WireGuard kernel module. Falling back to slow userspace implementation." + fi + cmd ip -n "${NETNS}" link set "$INTERFACE" netns 1 + elif ! cmd ip link add "$INTERFACE" type wireguard; then ret=$? [[ -e /sys/module/wireguard ]] || ! command -v "${WG_QUICK_USERSPACE_IMPLEMENTATION:-wireguard-go}" >/dev/null && exit $ret echo "[!] Missing WireGuard kernel module. Falling back to slow userspace implementation." @@ -258,6 +271,7 @@ save_config() { done < <(resolvconf -l "$(resolvconf_iface_prefix)$INTERFACE" 2>/dev/null || cat "/etc/resolvconf/run/interface/$(resolvconf_iface_prefix)$INTERFACE" 2>/dev/null) [[ -n $MTU && $(ip link show dev "$INTERFACE") =~ mtu\ ([0-9]+) ]] && new_config+="MTU = ${BASH_REMATCH[1]}"$'\n' [[ -n $TABLE ]] && new_config+="Table = $TABLE"$'\n' + [[ -n $NETNS ]] && new_config+="NetNS = $NETNS"$'\n' [[ $SAVE_CONFIG -eq 0 ]] || new_config+=$'SaveConfig = true\n' for cmd in "${PRE_UP[@]}"; do new_config+="PreUp = $cmd"$'\n' -- 2.25.1