Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[th/wireguard-pt3] #281

Closed
wants to merge 12 commits into from
Closed

[th/wireguard-pt3] #281

wants to merge 12 commits into from

Conversation

thom311
Copy link
Member

@thom311 thom311 commented Jan 13, 2019

A major part for WireGuard support.

Still missing:

  • nmcli support (but there is an example script that can be used instead)
  • support for preshared-key (and requesting secrets)
  • more testing
  • see TODO.txt file

But I think it's at a point where it could be merged. We can make it perfect afterwards.

@thom311 thom311 mentioned this pull request Jan 13, 2019
Closed
@thom311
Copy link
Member Author

thom311 commented Jan 13, 2019

I opened #282, which contains the early part of this branch. It is mostly preparation work, let's split this pull request in smaller chunks. If you care, review #282 first.

@lkundrak lkundrak force-pushed the th/wireguard-pt3 branch 8 times, most recently from 5a4b70d to 08d5311 Compare January 17, 2019 10:36
bengal
bengal reviewed Jan 17, 2019
View reviewed changes
Copy link
Contributor

@bengal bengal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I haven't reviewed all the code, but the API looks reasonable. I think we can merge this and improve it later.

libnm-core/nm-setting-wireguard.c Outdated Show resolved Hide resolved
libnm-core/nm-setting-wireguard.c Outdated Show resolved Hide resolved
libnm-core/nm-setting-wireguard.c Show resolved Hide resolved
src/devices/nm-device-wireguard.c Outdated Show resolved Hide resolved
@thom311
Copy link
Member Author

thom311 commented Jan 18, 2019

addressed comments so far and repushed.

@lkundrak lkundrak force-pushed the th/wireguard-pt3 branch 4 times, most recently from 61035b7 to 70301fe Compare January 20, 2019 14:20
@lkundrak lkundrak force-pushed the th/wireguard-pt3 branch 5 times, most recently from c479b99 to 04a27e9 Compare January 22, 2019 20:08
@thom311
libnm: add _nm_setting_emit_property_changed() function
81cc4c8 
Will be used next.
@thom311
libnm: emit "notify:name" signal when changing gendata property (NMSe…
39e48ef 
…ttingEthtool)

We want to emit a change notification when gendata-based settings (like
NMSettingEthtool) change. But instead of adding a separate signal, just
emit a fake "notify:name" notification.
@thom311
libnm: extend nm_setting_enumerate_values() to support non-GObject ba…
0f4558a 
…se properties

While nm_setting_enumerate_values() should not be used anymore, still
extend it to make it workable also for properties that are not based on
GObject properties.
@thom311
libnm: rework _nm_setting_aggregate() to delegate to setting class
80b59d5 
Instead of special-casing the aggregate implementation for NMSettingVpn,
delegate to a virtual function.

This will also work with other settings, that have properties/secrets
that are not GObject based properties.
@thom311
libnm,cli: add NMSettingWireGuard
faf181d 
For now only add the core settings, no peers' data.

To support peers and the allowed-ips of the peers is more complicated
and will be done later. It's more complicated because these are nested
lists (allowed-ips) inside a list (peers). That is quite unusual and to
conveniently support that in D-Bus API, in keyfile format, in libnm,
and nmcli, is a effort.
Also, it's further complicated by the fact that each peer has a secret (the
preshared-key). Thus we probably need secret flags for each peer, which
is a novelty as well (until now we require a fixed set of secrets per
profile that is well known).
@thom311
libnm: add NMSockAddrEndpoint API
b54977e 
NMSockAddrEndpoint is an immutable structure that contains the endpoint
string of a service. It also includes the (naive) parsing of the host and
port/service parts.

This will be used for the endpoint of WireGuard's peers. But since endpoints
are not something specifict to WireGuard, give it a general name (and
purpose) independent from WireGuard.

Essentially, this structure takes a string in a manner that libnm
understands, and uses it for node and service arguments for
getaddrinfo().

NMSockAddrEndpoint allows to have endpoints that are not parsable into
a host and port part. That is useful because our settings need to be
able to hold invalid values. That is for forward compatibility (server
sends a new endpoint format) and for better error handling (have
invalid settings that can be constructed without loss, but fail later
during the verify() step).
@thom311
libnm: add nm_sock_addr_endpoint_get_fixed_sockaddr() util
181c94e
@thom311
libnm: add NMWireGuardPeer and libnm support for peers
0314a77
@thom311
libnm/tests: add tests for creating wireguard connection profiles
4194169
@thom311
examples: add python example script "nm-wg-set" for modifying WireGua…
3593893 
…rd profile

Use the script to test how GObject introspection with libnm's WireGuard
support works.

Also, since support for WireGuard peers is not yet implemented in nmcli
(or other clients), this script is rather useful.
@thom311
wireguard: add basic support for creating wireguard devices
3025773 
Configuring peers (and allowed-ips of the peers) is not
yet supported.
@thom311
wireguard: add support for WireGuard peers
882b83e
@thom311
Copy link
Member Author

thom311 commented Jan 28, 2019

closing for the moment, to wait for #288 and #291 . Will be reopened later.

@thom311 thom311 closed this Jan 28, 2019
@thom311 thom311 mentioned this pull request Feb 9, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bengal bengal bengal left review comments

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
2 participants
@thom311 @bengal