[OpenWrt-Devel] [PATCH] wireguard: fix reload config on peer change
Rafał Miłecki
zajec5 at gmail.com
Tue Mar 14 07:50:16 PDT 2023
Hi,
On 29.11.2019 14:36, Florian Eckert wrote:
> If we change a peer section, then the interface of netifd gets not
> reloaded. Because the change were not made in an interface section.
> And so the netifd does not recognize the change. And the new config gets
> not applied until we do a network restart or we restart the interface
> with 'ifup <name>'.
>
> With this new wireguard init script, a md5sum will be calculated on
> every network change. The sum is generated over the wireguard peers for
> each wireguard interface. If a change in the peers section gets detected
> then only the detecated wireguard interface gets restarted.
>
> With this change we can see if the peer section has changed to the
> corresponding interface. The wireguard configuration is rewritten and
> reconfigured by the netif proto handler.
>
> Signed-off-by: Florian Eckert <fe at dev.tdt.de>
What has happened to this patch? It's marked as Superseded but I didn't
see V2 or anything.
It seems to be dealing with issue that WG users complain about, see:
https://forum.openwrt.org/t/wiregurad-does-not-reload-wireguard-iface-section-on-change/47137
https://forum.openwrt.org/t/restart-wireguard-via-cli/51935
https://forum.openwrt.org/t/restart-wireguard-interface/58037
> ---
> package/network/services/wireguard/Makefile | 2 +
> .../services/wireguard/files/wireguard.init | 49 +++++++++++++++++++
> 2 files changed, 51 insertions(+)
> create mode 100644 package/network/services/wireguard/files/wireguard.init
>
> diff --git a/package/network/services/wireguard/Makefile b/package/network/services/wireguard/Makefile
> index ea34b7550b..d78fcfface 100644
> --- a/package/network/services/wireguard/Makefile
> +++ b/package/network/services/wireguard/Makefile
> @@ -93,6 +93,8 @@ define Package/wireguard-tools/install
> $(INSTALL_BIN) ./files/wireguard_watchdog $(1)/usr/bin/
> $(INSTALL_DIR) $(1)/lib/netifd/proto/
> $(INSTALL_BIN) ./files/wireguard.sh $(1)/lib/netifd/proto/
> + $(INSTALL_DIR) $(1)/etc/init.d/
> + $(INSTALL_BIN) ./files/wireguard.init $(1)/etc/init.d/wireguard
> endef
>
> define KernelPackage/wireguard
> diff --git a/package/network/services/wireguard/files/wireguard.init b/package/network/services/wireguard/files/wireguard.init
> new file mode 100644
> index 0000000000..24569752b4
> --- /dev/null
> +++ b/package/network/services/wireguard/files/wireguard.init
> @@ -0,0 +1,49 @@
> +#!/bin/sh /etc/rc.common
> +
> +START=80
> +USE_PROCD=1
> +
> +WG_DIR="/tmp/wireguard"
> +
> +wireguard_check_peer(){
> + local cfg="${1}"
> + local cfile="${2}"
> +
> + uci show "network.${cfg}" >> "${cfile}"
> +}
> +
> +wireguard_check_interface() {
> + local cfg="${1}"
> + local proto cfile n_sum o_sum
> +
> + config_get proto "${cfg}" proto
> + [ "${proto}" = "wireguard" ] || return 0
> + cfile="$(mktemp -p "${WG_DIR}")"
> + config_foreach wireguard_check_peer "wireguard_${1}" "${cfile}"
> +
> + . /lib/functions/network.sh
> +
> + n_sum="$(md5sum "${cfile}" | cut -d" " -f1)"
> + rm -rf "${cfile}"
> + [ -f "${WG_DIR}/${cfg}.check" ] && {
> + o_sum="$(cat "${WG_DIR}/${cfg}.check")"
> + [ "${o_sum}" != "${n_sum}" ] && {
> + network_is_up "${cfg}" && ifup "${cfg}"
> + }
> + }
> + echo "$n_sum" > "${WG_DIR}/${cfg}.check"
> +}
> +
> +boot() {
> + config_load network
> + config_foreach wireguard_check_interface interface
> +}
> +
> +service_triggers() {
> + procd_add_reload_trigger "network"
> +}
> +
> +reload_service() {
> + config_load network
> + config_foreach wireguard_check_interface interface
> +}
More information about the openwrt-devel
mailing list