summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorhagbard <vyosdev@derith.de>2018-11-30 10:26:36 -0800
committerhagbard <vyosdev@derith.de>2018-11-30 10:26:36 -0800
commita29898b2ea15b7d9cea7fade1b27d38967c52d52 (patch)
tree6671d0d67faae1d5be2ef04a7b9596900352b1f2
parent652c626644d03ccf7d03de8f51ae5a2a6e27fd66 (diff)
downloadvyos-1x-a29898b2ea15b7d9cea7fade1b27d38967c52d52.tar.gz
vyos-1x-a29898b2ea15b7d9cea7fade1b27d38967c52d52.zip
Fixes: T1061: Wireguard: Missing option to administrativly shutdown interface
-rw-r--r--debian/changelog6
-rw-r--r--interface-definitions/wireguard.xml6
-rwxr-xr-xsrc/conf_mode/wireguard.py15
3 files changed, 26 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog
index 8157d97f8..7666cfd68 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+vyos-1x (1.2.0-7) unstable; urgency=low
+
+ * T1061: Wireguard: Missing option to administrativly shutdown interface
+
+ -- hagbard <vyosdev@derith.de> Fri, 30 Nov 2018 10:22:41 -0800
+
vyos-1x (1.2.0-6) unstable; urgency=medium
* adding vyos-accel-ppp-ipoe-kmod for T989
diff --git a/interface-definitions/wireguard.xml b/interface-definitions/wireguard.xml
index b0923bbe0..8bfffac9d 100644
--- a/interface-definitions/wireguard.xml
+++ b/interface-definitions/wireguard.xml
@@ -39,6 +39,12 @@
<constraintErrorMessage>interface description is too long (limit 100 characters)</constraintErrorMessage>
</properties>
</leafNode>
+ <leafNode name="disable">
+ <properties>
+ <help>disables the wireguard interface</help>
+ <valueless />
+ </properties>
+ </leafNode>
<leafNode name="port">
<properties>
<help>Local port number to accept connections</help>
diff --git a/src/conf_mode/wireguard.py b/src/conf_mode/wireguard.py
index 353528aba..f5452579e 100755
--- a/src/conf_mode/wireguard.py
+++ b/src/conf_mode/wireguard.py
@@ -89,6 +89,9 @@ def get_config():
### addresses
if c.exists(cnf + ' address'):
config_data['interfaces'][intfc]['addr'] = c.return_values(cnf + ' address')
+ ### interface up/down
+ if c.exists(cnf + ' disable'):
+ config_data['interfaces'][intfc]['state'] = 'disable'
### listen port
if c.exists(cnf + ' port'):
config_data['interfaces'][intfc]['lport'] = c.return_value(cnf + ' port')
@@ -121,6 +124,7 @@ def get_config():
if c.exists(cnf + ' peer ' + p + ' preshared-key'):
config_data['interfaces'][intfc]['peer'][p]['psk'] = c.return_value(cnf + ' peer ' + p + ' preshared-key')
+
return config_data
def verify(c):
@@ -159,12 +163,21 @@ def apply(c):
c_eff = Config()
c_eff.set_level('interfaces wireguard')
+ ### link status up/down aka interface disable
+
+ for intf in c['interfaces']:
+ if c['interfaces'][intf]['state'] == 'disable':
+ sl.syslog(sl.LOG_NOTICE, "disable interface " + intf)
+ subprocess.call(['ip l s dev ' + intf + ' down ' + ' &>/dev/null'], shell=True)
+ else:
+ sl.syslog(sl.LOG_NOTICE, "enable interface " + intf)
+ subprocess.call(['ip l s dev ' + intf + ' up ' + ' &>/dev/null'], shell=True)
+
### deletion of a specific interface
for intf in c['interfaces']:
if c['interfaces'][intf]['status'] == 'delete':
sl.syslog(sl.LOG_NOTICE, "removing interface " + intf)
subprocess.call(['ip l d dev ' + intf + ' &>/dev/null'], shell=True)
-
### peer deletion
peer_eff = c_eff.list_effective_nodes( intf + ' peer')