0788f90810
Extend the interface of `wg set` to leverage the WGALLOWEDIP_F_REMOVE_ME flag, a direct way of removing a single allowed ip from a peer, allowing for incremental updates to a peer's configuration. By default, allowed-ips fully replaces a peer's allowed ips using WGPEER_REPLACE_ALLOWEDIPS under the hood. When '+' or '-' is prepended to any ip in the list, wg clears WGPEER_F_REPLACE_ALLOWEDIPS and sets the WGALLOWEDIP_F_REMOVE_ME flag on any ip prefixed with '-'. $ wg set wg0 peer <PUBKEY> allowed-ips +192.168.88.0/24,-192.168.0.1/32 This command means "add 192.168.88.0/24 to this peer's allowed ips if not present, and remove 192.168.0.1/32 if present". Use -isystem so that headers in uapi/ take precedence over system headers; otherwise, the build will fail on systems running kernels without the WGALLOWEDIP_F_REMOVE_ME flag. Note that this patch is meant to be merged alongside the kernel patch that introduces the flag. Signed-off-by: Jordan Rife <jordan@jrife.io> [Jason: removed linux ifdefs; this will eventually come to other platforms too. minor style nits.] Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> |
||
|---|---|---|
| contrib | ||
| src | ||
| .gitattributes | ||
| .gitignore | ||
| COPYING | ||
| README.md | ||
wireguard-tools — tools for configuring WireGuard
This supplies the main userspace tooling for using and configuring WireGuard
tunnels, including the
wg(8) and
wg-quick(8)
utilities. This project supports Linux, OpenBSD, FreeBSD, macOS, Windows, and
Android.
More information may be found at WireGuard.com.
Building
$ cd src
$ make
There are no dependencies other than a good C compiler and a sane libc.
Installing
# make install
This command takes into account several environment variables:
-
PREFIXdefault:/usr -
DESTDIRdefault: -
BINDIRdefault:$(PREFIX)/bin -
LIBDIRdefault:$(PREFIX)/lib -
MANDIRdefault:$(PREFIX)/share/man -
BASHCOMPDIRdefault:$(PREFIX)/share/bash-completion/completions -
RUNSTATEDIRdefault:/var/run -
PKG_CONFIGdefault:pkg-config -
WITH_BASHCOMPLETIONdefault: [auto-detect] -
WITH_WGQUICKdefault: [auto-detect] -
WITH_SYSTEMDUNITSdefault: [auto-detect] -
DEBUGdefault:
The first section is rather standard. The second section is not:
-
WITH_BASHCOMPLETIONdecides whether or not bash completion files for the tools are installed. This is just a nice thing for people who have bash. If you don't have bash, or don't want this, set the environment variable tono. If you'd like to force its use, even if bash-completion isn't detected inDESTDIR, then set it toyes. -
WITH_WGQUICKdecides whether or not the wg-quick(8) script is installed. This is a very quick and dirty bash script for reading a few extra variables from wg(8)-style configuration files, and automatically configures the interface. If you don't have bash, you probably don't want this at all. Likewise, if you already have a working network management tool or configuration, you probably want to integrate wg(8) or the direct WireGuard API into your network manager, rather than using wg-quick(8). But for folks who like simple quick and dirty scripts, this is nice. If you'd like to force its use, even if bash isn't detected in DESTDIR, then set it toyes. -
WITH_SYSTEMDUNITSdecides whether or not systemd units are installed for wg-quick(8). If you don't use systemd, you certainly don't want this, and should set it tono. If systemd isn't auto-detected, but you still would like to install it, set this toyes. -
DEBUGdecides whether to build with-g, when set toyes.
If you're a simple make && make install kind of user, you can get away with
not setting these variables and relying on the auto-detection. However, if
you're writing a package for a distro, you'll want to explicitly set these,
depending on what you want.
contrib/
The contrib/ subdirectory contains various scripts and examples. Most of these
are not immediately useful for production use, but should provide inspiration for
creating fully-featured tools. See the README in each directory.
License
This project is released under the GPLv2.