[OpenWrt-Devel] wireguard: fix reload config on peer change
diff mbox series

Message ID 20191129133617.8512-1-fe@dev.tdt.de
State Superseded
Delegated to: John Crispin
Headers show
Series
  • [OpenWrt-Devel] wireguard: fix reload config on peer change
Related show

Commit Message

Florian Eckert Nov. 29, 2019, 1:36 p.m. UTC
If we change a peer section, then the interface of netifd gets not
reloaded. Because the change were not made in an interface section.
And so the netifd does not recognize the change. And the new config gets
not applied until we do a network restart or we restart the interface
with 'ifup <name>'.

With this new wireguard init script, a md5sum will be calculated on
every network change. The sum is generated over the wireguard peers for
each wireguard interface. If a change in the peers section gets detected
then only the detecated wireguard interface gets restarted.

With this change we can see if the peer section has changed to the
corresponding interface. The wireguard configuration is rewritten and
reconfigured by the netif proto handler.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
---
 package/network/services/wireguard/Makefile   |  2 +
 .../services/wireguard/files/wireguard.init   | 49 +++++++++++++++++++
 2 files changed, 51 insertions(+)
 create mode 100644 package/network/services/wireguard/files/wireguard.init

Patch
diff mbox series

diff --git a/package/network/services/wireguard/Makefile b/package/network/services/wireguard/Makefile
index ea34b7550b..d78fcfface 100644
--- a/package/network/services/wireguard/Makefile
+++ b/package/network/services/wireguard/Makefile
@@ -93,6 +93,8 @@  define Package/wireguard-tools/install
 	$(INSTALL_BIN) ./files/wireguard_watchdog $(1)/usr/bin/
 	$(INSTALL_DIR) $(1)/lib/netifd/proto/
 	$(INSTALL_BIN) ./files/wireguard.sh $(1)/lib/netifd/proto/
+	$(INSTALL_DIR) $(1)/etc/init.d/
+	$(INSTALL_BIN) ./files/wireguard.init $(1)/etc/init.d/wireguard
 endef
 
 define KernelPackage/wireguard
diff --git a/package/network/services/wireguard/files/wireguard.init b/package/network/services/wireguard/files/wireguard.init
new file mode 100644
index 0000000000..24569752b4
--- /dev/null
+++ b/package/network/services/wireguard/files/wireguard.init
@@ -0,0 +1,49 @@ 
+#!/bin/sh /etc/rc.common
+
+START=80
+USE_PROCD=1
+
+WG_DIR="/tmp/wireguard"
+
+wireguard_check_peer(){
+	local cfg="${1}"
+	local cfile="${2}"
+
+	uci show "network.${cfg}" >> "${cfile}"
+}
+
+wireguard_check_interface() {
+	local cfg="${1}"
+	local proto cfile n_sum o_sum
+
+	config_get proto "${cfg}" proto
+	[ "${proto}" = "wireguard" ] || return 0
+	cfile="$(mktemp -p "${WG_DIR}")"
+	config_foreach wireguard_check_peer "wireguard_${1}" "${cfile}"
+
+	. /lib/functions/network.sh
+
+	n_sum="$(md5sum "${cfile}" | cut -d" " -f1)"
+	rm -rf "${cfile}"
+	[ -f "${WG_DIR}/${cfg}.check" ] && {
+		o_sum="$(cat "${WG_DIR}/${cfg}.check")"
+		[ "${o_sum}" != "${n_sum}" ] && {
+			network_is_up "${cfg}" && ifup "${cfg}"
+		}
+	}
+	echo "$n_sum" > "${WG_DIR}/${cfg}.check"
+}
+
+boot() {
+	config_load network
+	config_foreach wireguard_check_interface interface
+}
+
+service_triggers() {
+	procd_add_reload_trigger "network"
+}
+
+reload_service() {
+	config_load network
+	config_foreach wireguard_check_interface interface
+}