From a29898b2ea15b7d9cea7fade1b27d38967c52d52 Mon Sep 17 00:00:00 2001
From: hagbard <vyosdev@derith.de>
Date: Fri, 30 Nov 2018 10:26:36 -0800
Subject: Fixes: T1061: Wireguard: Missing option to administrativly shutdown
 interface

---
 debian/changelog                    |  6 ++++++
 interface-definitions/wireguard.xml |  6 ++++++
 src/conf_mode/wireguard.py          | 15 ++++++++++++++-
 3 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 8157d97f8..7666cfd68 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+vyos-1x (1.2.0-7) unstable; urgency=low
+
+  * T1061: Wireguard: Missing option to administrativly shutdown interface
+
+ -- hagbard <vyosdev@derith.de>  Fri, 30 Nov 2018 10:22:41 -0800
+
 vyos-1x (1.2.0-6) unstable; urgency=medium
 
   * adding vyos-accel-ppp-ipoe-kmod for T989
diff --git a/interface-definitions/wireguard.xml b/interface-definitions/wireguard.xml
index b0923bbe0..8bfffac9d 100644
--- a/interface-definitions/wireguard.xml
+++ b/interface-definitions/wireguard.xml
@@ -39,6 +39,12 @@
               <constraintErrorMessage>interface description is too long (limit 100 characters)</constraintErrorMessage>
             </properties>
           </leafNode>
+          <leafNode name="disable">
+            <properties>
+              <help>disables the wireguard interface</help>
+              <valueless />
+            </properties>
+          </leafNode>
           <leafNode name="port">
             <properties>
               <help>Local port number to accept connections</help>
diff --git a/src/conf_mode/wireguard.py b/src/conf_mode/wireguard.py
index 353528aba..f5452579e 100755
--- a/src/conf_mode/wireguard.py
+++ b/src/conf_mode/wireguard.py
@@ -89,6 +89,9 @@ def get_config():
       ### addresses
       if c.exists(cnf + ' address'):
         config_data['interfaces'][intfc]['addr'] = c.return_values(cnf + ' address')
+      ### interface up/down
+      if c.exists(cnf + ' disable'):
+        config_data['interfaces'][intfc]['state'] = 'disable' 
       ### listen port
       if c.exists(cnf + ' port'):
         config_data['interfaces'][intfc]['lport'] = c.return_value(cnf + ' port')
@@ -121,6 +124,7 @@ def get_config():
           if c.exists(cnf + ' peer ' + p + ' preshared-key'):
             config_data['interfaces'][intfc]['peer'][p]['psk'] = c.return_value(cnf + ' peer ' + p + ' preshared-key')
   
+
   return config_data
 
 def verify(c):
@@ -159,12 +163,21 @@ def apply(c):
   c_eff = Config()
   c_eff.set_level('interfaces wireguard')
 
+  ### link status up/down aka interface disable
+
+  for intf in c['interfaces']:
+    if c['interfaces'][intf]['state'] == 'disable':
+      sl.syslog(sl.LOG_NOTICE, "disable interface " + intf)
+      subprocess.call(['ip l s dev ' + intf + ' down ' + ' &>/dev/null'], shell=True)
+    else:
+      sl.syslog(sl.LOG_NOTICE, "enable interface " + intf)
+      subprocess.call(['ip l s dev ' + intf + ' up ' + ' &>/dev/null'], shell=True)
+
   ### deletion of a specific interface
   for intf in c['interfaces']:
     if c['interfaces'][intf]['status'] == 'delete':
       sl.syslog(sl.LOG_NOTICE, "removing interface " + intf)
       subprocess.call(['ip l d dev ' + intf + ' &>/dev/null'], shell=True)
-      
 
     ### peer deletion
     peer_eff = c_eff.list_effective_nodes( intf + ' peer')
-- 
cgit v1.2.3