[PATCH 1/1] Added network namespacing support to wq-quick

endre.szabo at wg-ml-rkaofgr.redir.email endre.szabo at wg-ml-rkaofgr.redir.email
Tue Mar 3 11:35:43 CET 2020 

Hi all,

I added netns support to wq-quick, works quite well for me. An example:

# wg-quick up s2s
[#] ip -n phy link add s2s type wireguard
[#] ip -n phy link set s2s netns 1
[#] wg setconf s2s /dev/fd/63
[#] ip -4 address add 192.168.0.1/32 dev s2s
[#] ip link set mtu 1420 up dev s2s
...

Please go easy on me, this is my first time sending a patch.

--Endre

---

  contrib/highlighter/gui/highlight.cpp |  1 +
  contrib/highlighter/highlight.c       |  1 +
  contrib/highlighter/highlighter.h     |  1 +
  src/man/wg-quick.8                    |  3 +++
  src/wg-quick/linux.bash               | 16 +++++++++++++++-
  5 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/contrib/highlighter/gui/highlight.cpp 
b/contrib/highlighter/gui/highlight.cpp
index a95857b..a698d05 100644
--- a/contrib/highlighter/gui/highlight.cpp
+++ b/contrib/highlighter/gui/highlight.cpp
@@ -25,6 +25,7 @@ static QColor colormap[] = {
      [HighlightDelimiter] = QColor("#7aa6da"),
  #ifndef MOBILE_WGQUICK_SUBSET
      [HighlightTable] = QColor("#c397d8"),
+    [HighlightNetNS] = QColor("#c397d8"),
      [HighlightFwMark] = QColor("#c397d8"),
      [HighlightSaveConfig] = QColor("#c397d8"),
      [HighlightCmd] = QColor("#969896"),
diff --git a/contrib/highlighter/highlight.c 
b/contrib/highlighter/highlight.c
index e9034f7..44b335c 100644
--- a/contrib/highlighter/highlight.c
+++ b/contrib/highlighter/highlight.c
@@ -51,6 +51,7 @@ static const char *colormap[] = {
      [HighlightDelimiter] = TERMINAL_FG_CYAN,
  #ifndef MOBILE_WGQUICK_SUBSET
      [HighlightTable] = TERMINAL_FG_BLUE,
+    [HighlightNetNS] = TERMINAL_FG_BLUE,
      [HighlightFwMark] = TERMINAL_FG_BLUE,
      [HighlightSaveConfig] = TERMINAL_FG_BLUE,
      [HighlightCmd] = TERMINAL_FG_WHITE,
diff --git a/contrib/highlighter/highlighter.h 
b/contrib/highlighter/highlighter.h
index 65cc230..d1ed6d1 100644
--- a/contrib/highlighter/highlighter.h
+++ b/contrib/highlighter/highlighter.h
@@ -21,6 +21,7 @@ enum highlight_type {
      HighlightDelimiter,
  #ifndef MOBILE_WGQUICK_SUBSET
      HighlightTable,
+    HighlightNetNS,
      HighlightFwMark,
      HighlightSaveConfig,
      HighlightCmd,
diff --git a/src/man/wg-quick.8 b/src/man/wg-quick.8
index c38c7d9..3f0565a 100644
--- a/src/man/wg-quick.8
+++ b/src/man/wg-quick.8
@@ -91,6 +91,9 @@ special values: `off' disables the creation of routes 
altogether, and `auto'
  (the default) adds routes to the default table and enables special 
handling of
  default routes.
  .IP \(bu
+NetNS \(em Controls in which network namespace the WireGuard UDP socket 
is added to. The
+namespace has to be created before WireGuard use.
+.IP \(bu
  PreUp, PostUp, PreDown, PostDown \(em script snippets which will be 
executed by
  .BR bash (1)
  before/after setting up/tearing down the interface, most commonly used
diff --git a/src/wg-quick/linux.bash b/src/wg-quick/linux.bash
index 7c2c002..6957cba 100755
--- a/src/wg-quick/linux.bash
+++ b/src/wg-quick/linux.bash
@@ -17,6 +17,7 @@ ADDRESSES=( )
  MTU=""
  DNS=( )
  TABLE=""
+NETNS=""
  PRE_UP=( )
  POST_UP=( )
  PRE_DOWN=( )
@@ -58,6 +59,7 @@ parse_options() {
              MTU) MTU="$value"; continue ;;
              DNS) DNS+=( ${value//,/ } ); continue ;;
              Table) TABLE="$value"; continue ;;
+            NetNS) NETNS="$value"; continue ;;
              PreUp) PRE_UP+=( "$value" ); continue ;;
              PreDown) PRE_DOWN+=( "$value" ); continue ;;
              PostUp) POST_UP+=( "$value" ); continue ;;
@@ -84,7 +86,18 @@ auto_su() {

  add_if() {
      local ret
-    if ! cmd ip link add "$INTERFACE" type wireguard; then
+    if [[ -n $NETNS ]]; then
+        if ! ip netns pids "${NETNS}" > /dev/null; then
+            ret=$?
+            echo "[!] Target namespace '${NETNS}' not found"
+            exit $ret
+        elif ! cmd ip -n "${NETNS}" link add "$INTERFACE" type 
wireguard; then
+            ret=$?
+            [[ -e /sys/module/wireguard ]] || ! command -v 
"${WG_QUICK_USERSPACE_IMPLEMENTATION:-wireguard-go}" >/dev/null && exit $ret
+            echo "[!] Missing WireGuard kernel module. Falling back to 
slow userspace implementation."
+        fi
+        cmd ip -n "${NETNS}" link set "$INTERFACE" netns 1
+    elif ! cmd ip link add "$INTERFACE" type wireguard; then
          ret=$?
          [[ -e /sys/module/wireguard ]] || ! command -v 
"${WG_QUICK_USERSPACE_IMPLEMENTATION:-wireguard-go}" >/dev/null && exit $ret
          echo "[!] Missing WireGuard kernel module. Falling back to 
slow userspace implementation."
@@ -258,6 +271,7 @@ save_config() {
      done < <(resolvconf -l "$(resolvconf_iface_prefix)$INTERFACE" 
2>/dev/null || cat 
"/etc/resolvconf/run/interface/$(resolvconf_iface_prefix)$INTERFACE" 
2>/dev/null)
      [[ -n $MTU && $(ip link show dev "$INTERFACE") =~ mtu\ ([0-9]+) ]] 
&& new_config+="MTU = ${BASH_REMATCH[1]}"$'\n'
      [[ -n $TABLE ]] && new_config+="Table = $TABLE"$'\n'
+    [[ -n $NETNS ]] && new_config+="NetNS = $NETNS"$'\n'
      [[ $SAVE_CONFIG -eq 0 ]] || new_config+=$'SaveConfig = true\n'
      for cmd in "${PRE_UP[@]}"; do
          new_config+="PreUp = $cmd"$'\n'
-- 
2.25.1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Added-network-namespacing-support.patch
Type: text/x-patch
Size: 4672 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20200303/573145ce/attachment.bin>

More information about the WireGuard mailing list