From ae80fdac76f2cb411cfd1f246e8aff3dbb37e528 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Wed, 8 Apr 2020 21:17:31 +0200 Subject: wireguard: T2247: add VRF support --- interface-definitions/interfaces-wireguard.xml.in | 1 + src/conf_mode/interfaces-wireguard.py | 14 +++++++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/interface-definitions/interfaces-wireguard.xml.in b/interface-definitions/interfaces-wireguard.xml.in index bd56d4d50..519aeb57a 100644 --- a/interface-definitions/interfaces-wireguard.xml.in +++ b/interface-definitions/interfaces-wireguard.xml.in @@ -19,6 +19,7 @@ #include #include #include + #include Local port to listen for incoming connections diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py index 2f609d602..585045863 100755 --- a/src/conf_mode/interfaces-wireguard.py +++ b/src/conf_mode/interfaces-wireguard.py @@ -41,7 +41,8 @@ default_config_data = { 'mtu': 1420, 'peer': [], 'peer_remove': [], # stores public keys of peers to remove - 'pk': f'{kdir}/default/private.key' + 'pk': f'{kdir}/default/private.key', + 'vrf': '' } def _check_kmod(): @@ -111,6 +112,10 @@ def get_config(): if conf.exists('mtu'): wg['mtu'] = int(conf.return_value(['mtu'])) + # retrieve VRF instance + if conf.exists('vrf'): + wg['vrf'] = conf.return_value('vrf') + # private key if conf.exists(['private-key']): wg['pk'] = "{0}/{1}/private.key".format( @@ -191,6 +196,10 @@ def verify(wg): 'is a member of bridge "{1}"!'.format(interface, bridge)) return None + vrf_name = wg['vrf'] + if vrf_name and vrf_name not in interfaces(): + raise ConfigError(f'VRF "{vrf_name}" does not exist') + if not os.path.exists(wg['pk']): raise ConfigError('No keys found, generate them by executing:\n' \ '"run generate wireguard [keypair|named-keypairs]"') @@ -248,6 +257,9 @@ def apply(wg): # update interface description used e.g. within SNMP w.set_alias(wg['description']) + # assign/remove VRF + w.set_vrf(wg['vrf']) + # remove peers for pub_key in wg['peer_remove']: w.remove_peer(pub_key) -- cgit v1.2.3