mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-25 00:11:13 +00:00
wireguard: converted whitespaces from space to tab
With this change, the file is reduced from 5186 bytes to 4649 bytes that its approximately 10.5 percent less memory consumption. For small devices, sometimes every byte counts. Also, all other protocol handler use tabs instead of spaces. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This commit is contained in:
parent
c8a8294f6e
commit
78b6931a1a
@ -2,200 +2,193 @@
|
|||||||
# Copyright 2016-2017 Dan Luedtke <mail@danrl.com>
|
# Copyright 2016-2017 Dan Luedtke <mail@danrl.com>
|
||||||
# Licensed to the public under the Apache License 2.0.
|
# Licensed to the public under the Apache License 2.0.
|
||||||
|
|
||||||
|
|
||||||
WG=/usr/bin/wg
|
WG=/usr/bin/wg
|
||||||
if [ ! -x $WG ]; then
|
if [ ! -x $WG ]; then
|
||||||
logger -t "wireguard" "error: missing wireguard-tools (${WG})"
|
logger -t "wireguard" "error: missing wireguard-tools (${WG})"
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
[ -n "$INCLUDE_ONLY" ] || {
|
[ -n "$INCLUDE_ONLY" ] || {
|
||||||
. /lib/functions.sh
|
. /lib/functions.sh
|
||||||
. ../netifd-proto.sh
|
. ../netifd-proto.sh
|
||||||
init_proto "$@"
|
init_proto "$@"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
proto_wireguard_init_config() {
|
proto_wireguard_init_config() {
|
||||||
proto_config_add_string "private_key"
|
proto_config_add_string "private_key"
|
||||||
proto_config_add_int "listen_port"
|
proto_config_add_int "listen_port"
|
||||||
proto_config_add_int "mtu"
|
proto_config_add_int "mtu"
|
||||||
proto_config_add_string "fwmark"
|
proto_config_add_string "fwmark"
|
||||||
available=1
|
available=1
|
||||||
no_proto_task=1
|
no_proto_task=1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
proto_wireguard_setup_peer() {
|
proto_wireguard_setup_peer() {
|
||||||
local peer_config="$1"
|
local peer_config="$1"
|
||||||
|
|
||||||
local public_key
|
local public_key
|
||||||
local preshared_key
|
local preshared_key
|
||||||
local allowed_ips
|
local allowed_ips
|
||||||
local route_allowed_ips
|
local route_allowed_ips
|
||||||
local endpoint_host
|
local endpoint_host
|
||||||
local endpoint_port
|
local endpoint_port
|
||||||
local persistent_keepalive
|
local persistent_keepalive
|
||||||
|
|
||||||
config_get public_key "${peer_config}" "public_key"
|
config_get public_key "${peer_config}" "public_key"
|
||||||
config_get preshared_key "${peer_config}" "preshared_key"
|
config_get preshared_key "${peer_config}" "preshared_key"
|
||||||
config_get allowed_ips "${peer_config}" "allowed_ips"
|
config_get allowed_ips "${peer_config}" "allowed_ips"
|
||||||
config_get_bool route_allowed_ips "${peer_config}" "route_allowed_ips" 0
|
config_get_bool route_allowed_ips "${peer_config}" "route_allowed_ips" 0
|
||||||
config_get endpoint_host "${peer_config}" "endpoint_host"
|
config_get endpoint_host "${peer_config}" "endpoint_host"
|
||||||
config_get endpoint_port "${peer_config}" "endpoint_port"
|
config_get endpoint_port "${peer_config}" "endpoint_port"
|
||||||
config_get persistent_keepalive "${peer_config}" "persistent_keepalive"
|
config_get persistent_keepalive "${peer_config}" "persistent_keepalive"
|
||||||
|
|
||||||
# peer configuration
|
# peer configuration
|
||||||
echo "[Peer]" >> "${wg_cfg}"
|
echo "[Peer]" >> "${wg_cfg}"
|
||||||
echo "PublicKey=${public_key}" >> "${wg_cfg}"
|
echo "PublicKey=${public_key}" >> "${wg_cfg}"
|
||||||
if [ "${preshared_key}" ]; then
|
if [ "${preshared_key}" ]; then
|
||||||
echo "PresharedKey=${preshared_key}" >> "${wg_cfg}"
|
echo "PresharedKey=${preshared_key}" >> "${wg_cfg}"
|
||||||
fi
|
fi
|
||||||
for allowed_ip in $allowed_ips; do
|
for allowed_ip in $allowed_ips; do
|
||||||
echo "AllowedIPs=${allowed_ip}" >> "${wg_cfg}"
|
echo "AllowedIPs=${allowed_ip}" >> "${wg_cfg}"
|
||||||
done
|
done
|
||||||
if [ "${endpoint_host}" ]; then
|
if [ "${endpoint_host}" ]; then
|
||||||
case "${endpoint_host}" in
|
case "${endpoint_host}" in
|
||||||
*:*)
|
*:*)
|
||||||
endpoint="[${endpoint_host}]"
|
endpoint="[${endpoint_host}]"
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
endpoint="${endpoint_host}"
|
endpoint="${endpoint_host}"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
if [ "${endpoint_port}" ]; then
|
if [ "${endpoint_port}" ]; then
|
||||||
endpoint="${endpoint}:${endpoint_port}"
|
endpoint="${endpoint}:${endpoint_port}"
|
||||||
else
|
else
|
||||||
endpoint="${endpoint}:51820"
|
endpoint="${endpoint}:51820"
|
||||||
fi
|
fi
|
||||||
echo "Endpoint=${endpoint}" >> "${wg_cfg}"
|
echo "Endpoint=${endpoint}" >> "${wg_cfg}"
|
||||||
fi
|
fi
|
||||||
if [ "${persistent_keepalive}" ]; then
|
if [ "${persistent_keepalive}" ]; then
|
||||||
echo "PersistentKeepalive=${persistent_keepalive}" >> "${wg_cfg}"
|
echo "PersistentKeepalive=${persistent_keepalive}" >> "${wg_cfg}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# add routes for allowed ips
|
# add routes for allowed ips
|
||||||
if [ ${route_allowed_ips} -ne 0 ]; then
|
if [ ${route_allowed_ips} -ne 0 ]; then
|
||||||
for allowed_ip in ${allowed_ips}; do
|
for allowed_ip in ${allowed_ips}; do
|
||||||
case "${allowed_ip}" in
|
case "${allowed_ip}" in
|
||||||
*:*/*)
|
*:*/*)
|
||||||
proto_add_ipv6_route "${allowed_ip%%/*}" "${allowed_ip##*/}"
|
proto_add_ipv6_route "${allowed_ip%%/*}" "${allowed_ip##*/}"
|
||||||
;;
|
;;
|
||||||
*.*/*)
|
*.*/*)
|
||||||
proto_add_ipv4_route "${allowed_ip%%/*}" "${allowed_ip##*/}"
|
proto_add_ipv4_route "${allowed_ip%%/*}" "${allowed_ip##*/}"
|
||||||
;;
|
;;
|
||||||
*:*)
|
*:*)
|
||||||
proto_add_ipv6_route "${allowed_ip%%/*}" "128"
|
proto_add_ipv6_route "${allowed_ip%%/*}" "128"
|
||||||
;;
|
;;
|
||||||
*.*)
|
*.*)
|
||||||
proto_add_ipv4_route "${allowed_ip%%/*}" "32"
|
proto_add_ipv4_route "${allowed_ip%%/*}" "32"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
proto_wireguard_setup() {
|
proto_wireguard_setup() {
|
||||||
local config="$1"
|
local config="$1"
|
||||||
local wg_dir="/tmp/wireguard"
|
local wg_dir="/tmp/wireguard"
|
||||||
local wg_cfg="${wg_dir}/${config}"
|
local wg_cfg="${wg_dir}/${config}"
|
||||||
|
|
||||||
local private_key
|
local private_key
|
||||||
local listen_port
|
local listen_port
|
||||||
local mtu
|
local mtu
|
||||||
|
|
||||||
# load configuration
|
# load configuration
|
||||||
config_load network
|
config_load network
|
||||||
config_get private_key "${config}" "private_key"
|
config_get private_key "${config}" "private_key"
|
||||||
config_get listen_port "${config}" "listen_port"
|
config_get listen_port "${config}" "listen_port"
|
||||||
config_get addresses "${config}" "addresses"
|
config_get addresses "${config}" "addresses"
|
||||||
config_get mtu "${config}" "mtu"
|
config_get mtu "${config}" "mtu"
|
||||||
config_get fwmark "${config}" "fwmark"
|
config_get fwmark "${config}" "fwmark"
|
||||||
config_get ip6prefix "${config}" "ip6prefix"
|
config_get ip6prefix "${config}" "ip6prefix"
|
||||||
config_get nohostroute "${config}" "nohostroute"
|
config_get nohostroute "${config}" "nohostroute"
|
||||||
|
|
||||||
# create interface
|
# create interface
|
||||||
ip link del dev "${config}" 2>/dev/null
|
ip link del dev "${config}" 2>/dev/null
|
||||||
ip link add dev "${config}" type wireguard
|
ip link add dev "${config}" type wireguard
|
||||||
|
|
||||||
if [ "${mtu}" ]; then
|
if [ "${mtu}" ]; then
|
||||||
ip link set mtu "${mtu}" dev "${config}"
|
ip link set mtu "${mtu}" dev "${config}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
proto_init_update "${config}" 1
|
proto_init_update "${config}" 1
|
||||||
|
|
||||||
# generate configuration file
|
# generate configuration file
|
||||||
umask 077
|
umask 077
|
||||||
mkdir -p "${wg_dir}"
|
mkdir -p "${wg_dir}"
|
||||||
echo "[Interface]" > "${wg_cfg}"
|
echo "[Interface]" > "${wg_cfg}"
|
||||||
echo "PrivateKey=${private_key}" >> "${wg_cfg}"
|
echo "PrivateKey=${private_key}" >> "${wg_cfg}"
|
||||||
if [ "${listen_port}" ]; then
|
if [ "${listen_port}" ]; then
|
||||||
echo "ListenPort=${listen_port}" >> "${wg_cfg}"
|
echo "ListenPort=${listen_port}" >> "${wg_cfg}"
|
||||||
fi
|
fi
|
||||||
if [ "${fwmark}" ]; then
|
if [ "${fwmark}" ]; then
|
||||||
echo "FwMark=${fwmark}" >> "${wg_cfg}"
|
echo "FwMark=${fwmark}" >> "${wg_cfg}"
|
||||||
fi
|
fi
|
||||||
config_foreach proto_wireguard_setup_peer "wireguard_${config}"
|
config_foreach proto_wireguard_setup_peer "wireguard_${config}"
|
||||||
|
|
||||||
# apply configuration file
|
# apply configuration file
|
||||||
${WG} setconf ${config} "${wg_cfg}"
|
${WG} setconf ${config} "${wg_cfg}"
|
||||||
WG_RETURN=$?
|
WG_RETURN=$?
|
||||||
|
|
||||||
# delete configuration file
|
# delete configuration file
|
||||||
rm -f "${wg_cfg}"
|
rm -f "${wg_cfg}"
|
||||||
|
|
||||||
# check status
|
# check status
|
||||||
if [ ${WG_RETURN} -ne 0 ]; then
|
if [ ${WG_RETURN} -ne 0 ]; then
|
||||||
sleep 5
|
sleep 5
|
||||||
proto_setup_failed "${config}"
|
proto_setup_failed "${config}"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# add ip addresses
|
# add ip addresses
|
||||||
for address in ${addresses}; do
|
for address in ${addresses}; do
|
||||||
case "${address}" in
|
case "${address}" in
|
||||||
*:*/*)
|
*:*/*)
|
||||||
proto_add_ipv6_address "${address%%/*}" "${address##*/}"
|
proto_add_ipv6_address "${address%%/*}" "${address##*/}"
|
||||||
;;
|
;;
|
||||||
*.*/*)
|
*.*/*)
|
||||||
proto_add_ipv4_address "${address%%/*}" "${address##*/}"
|
proto_add_ipv4_address "${address%%/*}" "${address##*/}"
|
||||||
;;
|
;;
|
||||||
*:*)
|
*:*)
|
||||||
proto_add_ipv6_address "${address%%/*}" "128"
|
proto_add_ipv6_address "${address%%/*}" "128"
|
||||||
;;
|
;;
|
||||||
*.*)
|
*.*)
|
||||||
proto_add_ipv4_address "${address%%/*}" "32"
|
proto_add_ipv4_address "${address%%/*}" "32"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
|
|
||||||
# support ip6 prefixes
|
# support ip6 prefixes
|
||||||
for prefix in ${ip6prefix}; do
|
for prefix in ${ip6prefix}; do
|
||||||
proto_add_ipv6_prefix "$prefix"
|
proto_add_ipv6_prefix "$prefix"
|
||||||
done
|
done
|
||||||
|
|
||||||
# endpoint dependency
|
# endpoint dependency
|
||||||
if [ "${nohostroute}" != "1" ]; then
|
if [ "${nohostroute}" != "1" ]; then
|
||||||
wg show "${config}" endpoints | \
|
wg show "${config}" endpoints | \
|
||||||
sed -E 's/\[?([0-9.:a-f]+)\]?:([0-9]+)/\1 \2/' | \
|
sed -E 's/\[?([0-9.:a-f]+)\]?:([0-9]+)/\1 \2/' | \
|
||||||
while IFS=$'\t ' read -r key address port; do
|
while IFS=$'\t ' read -r key address port; do
|
||||||
[ -n "${port}" ] || continue
|
[ -n "${port}" ] || continue
|
||||||
proto_add_host_dependency "${config}" "${address}"
|
proto_add_host_dependency "${config}" "${address}"
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
proto_send_update "${config}"
|
proto_send_update "${config}"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
proto_wireguard_teardown() {
|
proto_wireguard_teardown() {
|
||||||
local config="$1"
|
local config="$1"
|
||||||
ip link del dev "${config}" >/dev/null 2>&1
|
ip link del dev "${config}" >/dev/null 2>&1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
[ -n "$INCLUDE_ONLY" ] || {
|
[ -n "$INCLUDE_ONLY" ] || {
|
||||||
add_protocol wireguard
|
add_protocol wireguard
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user