...
 
Commits (8)
#!/usr/bin/lua
local util = require('gluon.util')
local uci = require('uci')
local x = uci.cursor()
-- set the bridge macaddr to the same address as mesh0
-- so we know the chosen SLAAC ipv6 from the batadv neighbour info
x:set('network', 'client' , 'macaddr', util.generate_mac(1))
x:commit('network')
#!/bin/sh
# create an interface to allow the node to
# get a ipv6 address on br-client
uci set network.client6=interface
uci set network.client6.ifname='br-client'
uci set network.client6.proto='dhcpv6'
uci set network.client6.ip6table='1'
uci set network.client6.sourcefilter='0'
uci set network.client6.peerdns='0'
uci set network.client6.reqprefix='no'
# allow client to get an ipv4 address by default
uci set network.client.proto='dhcp'
uci commit
......@@ -103,16 +103,16 @@ function apply_network(conf, target_state)
x:set('network', DHCP_IFACE, "proto", "static")
x:set('network', DHCP_IFACE, "ipaddr", conf.address4 .. "/" .. prefix_len)
x:set('network', DHCP_IFACE, "ip6addr", conf.address6 .. "/" .. prefix6_len)
x:set('network', 'client6', 'proto', 'static')
x:set("batman-adv", "bat0", "gw_mode", "server")
os.execute('echo 0 > /proc/sys/net/ipv6/conf/br-client/accept_ra')
else
print("network: routing state: inactive")
x:set('network', DHCP_IFACE, "proto", "dhcp")
x:delete('network', DHCP_IFACE, 'ipaddr')
x:delete('network', DHCP_IFACE, 'ip6addr')
x:set('network', 'client6', 'proto', 'dhcpv6')
x:set("batman-adv", "bat0", "gw_mode", "client")
os.execute('rm /tmp/range6')
os.execute('echo 2 > /proc/sys/net/ipv6/conf/br-client/accept_ra')
os.execute('rm /tmp/range6 -f')
end
local changes = x:changes()
......@@ -121,8 +121,10 @@ function apply_network(conf, target_state)
x:commit('dhcp')
x:commit('network')
x:commit('batman-adv')
print("Reconfiguring network...")
os.execute("/etc/init.d/network restart")
os.execute("/etc/init.d/dnsmasq restart")
util.sleep(20)
end
local range6 = util.read_file('/tmp/range6')
if range6 ~= conf.range6 then
......
include $(TOPDIR)/rules.mk
PKG_NAME:=gluon-wireguard
PKG_VERSION:=1
include $(TOPDIR)/../package/gluon.mk
define Package/gluon-wireguard
TITLE:=Support for connecting wireguard information with respondd
DEPENDS:=+gluon-core
endef
$(eval $(call BuildPackageGluon,gluon-wireguard))
all: respondd.so
CFLAGS += -Wall -fPIC
respondd.so: respondd.c wireguard.o
$(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -shared -D_GNU_SOURCE -o $@ $^ $(LDLIBS)
/*
on_ Copyright (c) 2016, Matthias Schiffer <mschiffer@universe-factory.net>
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <respondd.h>
#include <json-c/json.h>
#include <stdbool.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <sys/socket.h>
#include <sys/un.h>
#include "wireguard.h"
struct json_object * get_wireguard_handshakes()
{
char *device_names, *device_name;
size_t len;
json_object *json_val;
json_object *json_device;
json_object *json_peers;
json_object *json_ptr;
json_object *ret = json_object_new_object();
json_ptr = json_object_new_object();
json_object_object_add(ret, "interfaces", json_ptr);
device_names = wg_list_device_names();
if (!device_names) {
perror("Unable to get device names");
exit(1);
}
wg_for_each_device_name(device_names, device_name, len) {
wg_device *device;
wg_peer *peer;
if (wg_get_device(&device, device_name) < 0) {
perror("Unable to get device");
continue;
}
json_device = json_object_new_object();
json_object_object_add(json_ptr, device_name, json_device);
json_peers = json_object_new_object();
json_object_object_add(json_device, "peers",
json_peers);
wg_for_each_peer(device, peer) {
wg_key_b64_string pubkey;
json_ptr = json_object_new_object();
json_val = json_object_new_int64(peer->last_handshake_time.tv_sec);
json_object_object_add(json_ptr, "latest_handshake", json_val);
/* Yes, these values are uint64_t, we just take the risc
* off an overflow here since JSON can only handle
* 53-bit integers according to spec anyway
*/
json_val = json_object_new_int64(peer->rx_bytes);
json_object_object_add(json_ptr, "transfer_rx", json_val);
json_val = json_object_new_int64(peer->tx_bytes);
json_object_object_add(json_ptr, "transfer_tx", json_val);
wg_key_to_base64(pubkey, peer->public_key);
json_object_object_add(json_peers, pubkey, json_ptr);
}
wg_free_device(device);
}
free(device_names);
return ret;
}
static struct json_object * respondd_wireguard_handshake(void) {
struct json_object *ret = get_wireguard_handshakes();
if (ret)
return ret;
return NULL;
}
const struct respondd_provider_info respondd_providers[] = {
{"handshakes", respondd_wireguard_handshake},
{}
};
This diff is collapsed.
/* SPDX-License-Identifier: LGPL-2.1+ */
/*
* Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
*/
#ifndef WIREGUARD_H
#define WIREGUARD_H
#include <net/if.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <time.h>
#include <stdint.h>
#include <stdbool.h>
typedef uint8_t wg_key[32];
typedef char wg_key_b64_string[((sizeof(wg_key) + 2) / 3) * 4 + 1];
/* Cross platform __kernel_timespec */
struct timespec64 {
int64_t tv_sec;
int64_t tv_nsec;
};
typedef struct wg_allowedip {
uint16_t family;
union {
struct in_addr ip4;
struct in6_addr ip6;
};
uint8_t cidr;
struct wg_allowedip *next_allowedip;
} wg_allowedip;
enum wg_peer_flags {
WGPEER_REMOVE_ME = 1U << 0,
WGPEER_REPLACE_ALLOWEDIPS = 1U << 1,
WGPEER_HAS_PUBLIC_KEY = 1U << 2,
WGPEER_HAS_PRESHARED_KEY = 1U << 3,
WGPEER_HAS_PERSISTENT_KEEPALIVE_INTERVAL = 1U << 4
};
typedef struct wg_peer {
enum wg_peer_flags flags;
wg_key public_key;
wg_key preshared_key;
union {
struct sockaddr addr;
struct sockaddr_in addr4;
struct sockaddr_in6 addr6;
} endpoint;
struct timespec64 last_handshake_time;
uint64_t rx_bytes, tx_bytes;
uint16_t persistent_keepalive_interval;
struct wg_allowedip *first_allowedip, *last_allowedip;
struct wg_peer *next_peer;
} wg_peer;
enum wg_device_flags {
WGDEVICE_REPLACE_PEERS = 1U << 0,
WGDEVICE_HAS_PRIVATE_KEY = 1U << 1,
WGDEVICE_HAS_PUBLIC_KEY = 1U << 2,
WGDEVICE_HAS_LISTEN_PORT = 1U << 3,
WGDEVICE_HAS_FWMARK = 1U << 4
};
typedef struct wg_device {
char name[IFNAMSIZ];
uint32_t ifindex;
enum wg_device_flags flags;
wg_key public_key;
wg_key private_key;
uint32_t fwmark;
uint16_t listen_port;
struct wg_peer *first_peer, *last_peer;
} wg_device;
#define wg_for_each_device_name(__names, __name, __len) for ((__name) = (__names), (__len) = 0; ((__len) = strlen(__name)); (__name) += (__len) + 1)
#define wg_for_each_peer(__dev, __peer) for ((__peer) = (__dev)->first_peer; (__peer); (__peer) = (__peer)->next_peer)
#define wg_for_each_allowedip(__peer, __allowedip) for ((__allowedip) = (__peer)->first_allowedip; (__allowedip); (__allowedip) = (__allowedip)->next_allowedip)
int wg_set_device(wg_device *dev);
int wg_get_device(wg_device **dev, const char *device_name);
int wg_add_device(const char *device_name);
int wg_del_device(const char *device_name);
void wg_free_device(wg_device *dev);
char *wg_list_device_names(void); /* first\0second\0third\0forth\0last\0\0 */
void wg_key_to_base64(wg_key_b64_string base64, const wg_key key);
int wg_key_from_base64(wg_key key, const wg_key_b64_string base64);
bool wg_key_is_zero(const wg_key key);
void wg_generate_public_key(wg_key public_key, const wg_key private_key);
void wg_generate_private_key(wg_key private_key);
void wg_generate_preshared_key(wg_key preshared_key);
#endif