diff options
| author | Alex W <embezzle.dev@proton.me> | 2025-01-25 12:39:43 +0000 |
|---|---|---|
| committer | Alex W <embezzle.dev@proton.me> | 2025-01-25 12:39:43 +0000 |
| commit | f07e1fb09a59b7d9c2b60d91e3438269ddc59a8f (patch) | |
| tree | 90ba2b14a72bc89d1e168754d910e5774cf41163 | |
| parent | 10ee7ac1d2bfd20bd11b5ebaa33c2f07dd561d48 (diff) | |
| download | vyos-1x-f07e1fb09a59b7d9c2b60d91e3438269ddc59a8f.tar.gz vyos-1x-f07e1fb09a59b7d9c2b60d91e3438269ddc59a8f.zip | |
wireguard: T7087: Fix vyos-domain-resolver failing if no wireguard interfaces defined
| -rwxr-xr-x | src/services/vyos-domain-resolver | 65 |
1 files changed, 33 insertions, 32 deletions
diff --git a/src/services/vyos-domain-resolver b/src/services/vyos-domain-resolver index fe0f40a07..bfc8caa0a 100755 --- a/src/services/vyos-domain-resolver +++ b/src/services/vyos-domain-resolver @@ -177,39 +177,40 @@ def update_fqdn(config, node): def update_interfaces(config, node): if node == 'interfaces': wg_interfaces = dict_search_args(config, 'wireguard') + if wg_interfaces: + + peer_public_keys = {} + # for each wireguard interfaces + for interface, wireguard in wg_interfaces.items(): + peer_public_keys[interface] = [] + for peer, peer_config in wireguard['peer'].items(): + # check peer if peer host-name or address is set + if 'host_name' in peer_config or 'address' in peer_config: + # check latest handshake + peer_public_keys[interface].append( + peer_config['public_key'] + ) + + now_time = time.time() + for (interface, check_peer_public_keys) in peer_public_keys.items(): + if len(check_peer_public_keys) == 0: + continue - peer_public_keys = {} - # for each wireguard interfaces - for interface, wireguard in wg_interfaces.items(): - peer_public_keys[interface] = [] - for peer, peer_config in wireguard['peer'].items(): - # check peer if peer host-name or address is set - if 'host_name' in peer_config or 'address' in peer_config: - # check latest handshake - peer_public_keys[interface].append( - peer_config['public_key'] - ) - - now_time = time.time() - for (interface, check_peer_public_keys) in peer_public_keys.items(): - if len(check_peer_public_keys) == 0: - continue - - intf = WireGuardIf(interface, create=False, debug=False) - handshakes = intf.operational.get_latest_handshakes() - - # WireGuard performs a handshake every WIREGUARD_REKEY_AFTER_TIME - # if data is being transmitted between the peers. If no data is - # transmitted, the handshake will not be initiated unless new - # data begins to flow. Each handshake generates a new session - # key, and the key is rotated at least every 120 seconds or - # upon data transmission after a prolonged silence. - for public_key, handshake_time in handshakes.items(): - if public_key in check_peer_public_keys and ( - handshake_time == 0 - or (now_time - handshake_time > 3*WIREGUARD_REKEY_AFTER_TIME) - ): - intf.operational.reset_peer(public_key=public_key) + intf = WireGuardIf(interface, create=False, debug=False) + handshakes = intf.operational.get_latest_handshakes() + + # WireGuard performs a handshake every WIREGUARD_REKEY_AFTER_TIME + # if data is being transmitted between the peers. If no data is + # transmitted, the handshake will not be initiated unless new + # data begins to flow. Each handshake generates a new session + # key, and the key is rotated at least every 120 seconds or + # upon data transmission after a prolonged silence. + for public_key, handshake_time in handshakes.items(): + if public_key in check_peer_public_keys and ( + handshake_time == 0 + or (now_time - handshake_time > 3*WIREGUARD_REKEY_AFTER_TIME) + ): + intf.operational.reset_peer(public_key=public_key) if __name__ == '__main__': logger.info('VyOS domain resolver') |