diff options
| author | hagbard <vyosdev@derith.de> | 2018-08-23 13:50:12 -0700 |
|---|---|---|
| committer | hagbard <vyosdev@derith.de> | 2018-08-23 13:50:12 -0700 |
| commit | 96778964422910e5d07cfa02b1edb01f6bd870e1 (patch) | |
| tree | 9ebe7a8221b88d228af8c9447c2087b361737cd4 | |
| parent | 8e685a16a1a478a7aead5b655dac99c3987af35c (diff) | |
| download | vyos-1x-96778964422910e5d07cfa02b1edb01f6bd870e1.tar.gz vyos-1x-96778964422910e5d07cfa02b1edb01f6bd870e1.zip | |
T793: fwmark implementation
| -rw-r--r-- | interface-definitions/wireguard.xml | 18 | ||||
| -rwxr-xr-x | src/conf_mode/wireguard.py | 11 |
2 files changed, 22 insertions, 7 deletions
diff --git a/interface-definitions/wireguard.xml b/interface-definitions/wireguard.xml index 3b301fc3b..f025eb0da 100644 --- a/interface-definitions/wireguard.xml +++ b/interface-definitions/wireguard.xml @@ -16,12 +16,6 @@ </valueHelp> </properties> <children> - <!-- - <leafNode name="mtu"> - <properties> - <help>set interface mtu (default: 1420)</help> - </leafNode> - --> <leafNode name="address"> <properties> <help>IP address</help> @@ -56,6 +50,18 @@ </constraint> </properties> </leafNode> + <leafNode name="fwmark"> + <properties> + <help>A 32-bit fwmark value set on all outgoing packets</help> + <valueHelp> + <format>number</format> + <description>value which marks the packet for QoS/shaper</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> <tagNode name="peer"> <properties> <help>peer alias</help> diff --git a/src/conf_mode/wireguard.py b/src/conf_mode/wireguard.py index 032a407ca..4e83537bf 100755 --- a/src/conf_mode/wireguard.py +++ b/src/conf_mode/wireguard.py @@ -18,6 +18,7 @@ #### TODO: # fwmark # preshared key +# mtu #### @@ -71,7 +72,8 @@ def get_config(): 'status' : 'exists', 'state' : 'enabled', 'mtu' : 1420, - 'peer' : {} + 'peer' : {}, + 'fwmark' : 0 } } ) @@ -104,6 +106,9 @@ def get_config(): ### mtu if c.exists(cnf + ' mtu'): config_data['interfaces'][intfc]['mtu'] = c.return_value(cnf + ' mtu') + ### fwmark + if c.exists(cnf + ' fwmark'): + config_data['interfaces'][intfc]['fwmark'] = c.return_value(cnf + ' fwmark') ### peers if c.exists(cnf + ' peer'): @@ -259,10 +264,14 @@ def configure_interface(c, intf): ## persistent-keepalive if 'persistent-keepalive' in c['interfaces'][intf]['peer'][p]: wg_config['keepalive'] = c['interfaces'][intf]['peer'][p]['persistent-keepalive'] + + ## fwmark + wg_config['fwmark'] = hex(int(c['interfaces'][intf]['fwmark'])) ### assemble wg command cmd = "sudo wg set " + intf cmd += " listen-port " + str(wg_config['listen-port']) + cmd += " fwmark " + wg_config['fwmark'] cmd += " private-key " + wg_config['private-key'] cmd += " peer " + wg_config['peer']['pubkey'] cmd += " allowed-ips " |