[PATCH] Don't delete peers if not needed on `setconf`

Grzegorz Nosek root at localdomain.pl
Sun Nov 17 14:59:27 CET 2019

Disclaimer: this patch has received only very light testing. Consider it
an invitation to discussion rather than battle-tested production code.

Disclaimer 2: I'm not subscribed, so please CC all replies.

Disclaimer 3: this is the first email ever I'm sending via git-send-email,
so please excuse any etiquette breaches :)

Without this patch, `wg setconf` causes a brief outage on the wg interface
since all peers are removed and have to be readded and redo the handshake.
I'm running WireGuard in a highly dynamic environment where peers come
and go and the reloads are frequent enough that the downtime is noticeable
(several seconds of downtime per minute isn't really acceptable for me).

Right now I'm working around by using `addconf` instead of `setconf`
and a bash one-liner in cron to clean the dead peers once in a while[*].

Still, I took a look at the driver code and it looks like it would be pretty
easy to not remove the peers unless they're really going away:
1. Mark all peers for potential deletion instead of removing them outright
2. Unmark any peer touched by set_peer (i.e. present in the netlink message)
3. Remove all marked peers

My patch basically does just that.

Please take a look and let me know what you think.

 Grzegorz Nosek

* Here's the one-liner if anyone cares :)



diff -u <(wg showconf $INTERFACE | grep PublicKey | sort) <(grep PublicKey /etc/wireguard/$INTERFACE.conf | sort) | grep ^-PublicKey | awk '{ print $3 }' | xargs -iPEER wg set $INTERFACE peer PEER remove

More information about the WireGuard mailing list