diff options
| author | rtk0c <[email protected]> | 2025-11-08 16:47:16 -0800 |
|---|---|---|
| committer | rtk0c <[email protected]> | 2025-11-08 16:47:16 -0800 |
| commit | a22ec1bb09c76233a0b6edce9bfcb7b36ba191df (patch) | |
| tree | 10fdaa18a835a5e6d51afb8408e263aae0fb946e | |
| parent | d2597b3d5aa9e07ff92a09eb73d580b2d325f073 (diff) | |
Attempt to fix commands not run in netns, but I think it's moot
| -rwxr-xr-x | wg-quick | 78 |
1 files changed, 37 insertions, 41 deletions
@@ -28,21 +28,25 @@ PROGRAM="${0##*/}" ARGS=( "$@" ) NETNS="" -cmd() { +cmd_raw() { echo "[#] $*" >&2 "$@" } +cmd() { + cmd_raw $IP_EXEC_NETNS "$@" +} + ensure_netns() { [[ -z $NETNS ]] && return 0 if [[ ! -e /run/netns/$NETNS ]]; then - cmd ip netns add "$NETNS" + cmd_raw ip netns add "$NETNS" fi } move_to_netns() { [[ -z $NETNS ]] && return 0 - cmd ip link set "$INTERFACE" netns "$NETNS" + cmd_raw ip link set "$INTERFACE" netns "$NETNS" } @@ -101,7 +105,7 @@ auto_su() { add_if() { local ret - if ! cmd ip link add dev "$INTERFACE" type wireguard; then + if ! cmd_raw ip link add dev "$INTERFACE" type wireguard; then ret=$? [[ -e /sys/module/wireguard ]] || ! command -v "${WG_QUICK_USERSPACE_IMPLEMENTATION:-wireguard-go}" >/dev/null && exit $ret echo "[!] Missing WireGuard kernel module. Falling back to slow userspace implementation." >&2 @@ -172,13 +176,13 @@ set_dns() { cmd mkdir -p "$netns_resolv_dir" # TODO make this not jank { printf 'nameserver %s\n' "${DNS[@]}" - [[ ${#DNS_SEARCH[@]} -eq 0 ]] || printf 'search %s\n' "${DNS_SEARCH[*]}" - } | cmd tee "$netns_resolv_dir/resolv.conf" > /dev/null + [[ ${#DNS_SEARCH[@]} -eq 0 ]] || printf 'search %s\n' "${DNS_SEARCH[*]}" + } | cmd_raw tee "$netns_resolv_dir/resolv.conf" > /dev/null HAVE_SET_DNS=1 return 0 fi { printf 'nameserver %s\n' "${DNS[@]}" - [[ ${#DNS_SEARCH[@]} -eq 0 ]] || printf 'search %s\n' "${DNS_SEARCH[*]}" + [[ ${#DNS_SEARCH[@]} -eq 0 ]] || printf 'search %s\n' "${DNS_SEARCH[*]}" } | cmd resolvconf -a "$(resolvconf_iface_prefix)$INTERFACE" -m 0 -x HAVE_SET_DNS=1 } @@ -199,19 +203,11 @@ add_route() { [[ $TABLE != off ]] || return 0 if [[ -n $TABLE && $TABLE != auto ]]; then - if [[ -n $NETNS ]]; then - cmd ip -n "$NETNS" $proto route add "$1" dev "$INTERFACE" table "$TABLE" - else - cmd ip $proto route add "$1" dev "$INTERFACE" table "$TABLE" - fi + cmd_raw ip $NETNS_ARG $proto route add "$1" dev "$INTERFACE" table "$TABLE" elif [[ $1 == */0 ]]; then add_default "$1" else - if [[ -n $NETNS ]]; then - [[ -n $(ip -n "$NETNS" $proto route show dev "$INTERFACE" match "$1" 2>/dev/null) ]] || cmd ip -n "$NETNS" $proto route add "$1" dev "$INTERFACE" - else - [[ -n $(ip $proto route show dev "$INTERFACE" match "$1" 2>/dev/null) ]] || cmd ip $proto route add "$1" dev "$INTERFACE" - fi + [[ -n $(ip $NETNS_ARG $proto route show dev "$INTERFACE" match "$1" 2>/dev/null) ]] || cmd_raw ip $NETNS_ARG $proto route add "$1" dev "$INTERFACE" fi } @@ -261,7 +257,7 @@ add_default() { cmd ip $proto rule add table main suppress_prefixlength 0 cmd ip $proto route add "$1" dev "$INTERFACE" table $table - local marker="-m comment --comment \"wg-quick(8) rule for $INTERFACE\"" restore=$'*raw\n' nftable="wg-quick-$INTERFACE" nftcmd + local marker="-m comment --comment \"wg-quick(8) rule for $INTERFACE\"" restore=$'*raw\n' nftable="wg-quick-$INTERFACE" nftcmd printf -v nftcmd '%sadd table %s %s\n' "$nftcmd" "$pf" "$nftable" printf -v nftcmd '%sadd chain %s %s preraw { type filter hook prerouting priority -300; }\n' "$nftcmd" "$pf" "$nftable" printf -v nftcmd '%sadd chain %s %s premangle { type filter hook prerouting priority -150; }\n' "$nftcmd" "$pf" "$nftable" @@ -337,24 +333,24 @@ cmd_usage() { cat >&2 <<-_EOF Usage: $PROGRAM [ up | down | save | strip ] [ CONFIG_FILE | INTERFACE ] [ NETNS ] - CONFIG_FILE is a configuration file, whose filename is the interface name - followed by \`.conf'. Otherwise, INTERFACE is an interface name, with - configuration found at /etc/wireguard/INTERFACE.conf. It is to be readable - by wg(8)'s \`setconf' sub-command, with the exception of the following additions - to the [Interface] section, which are handled by $PROGRAM: + CONFIG_FILE is a configuration file, whose filename is the interface name + followed by \`.conf'. Otherwise, INTERFACE is an interface name, with + configuration found at /etc/wireguard/INTERFACE.conf. It is to be readable + by wg(8)'s \`setconf' sub-command, with the exception of the following additions + to the [Interface] section, which are handled by $PROGRAM: - - Address: may be specified one or more times and contains one or more - IP addresses (with an optional CIDR mask) to be set for the interface. - - DNS: an optional DNS server to use while the device is up. - - MTU: an optional MTU for the interface; if unspecified, auto-calculated. - - Table: an optional routing table to which routes will be added; if - unspecified or \`auto', the default table is used. If \`off', no routes - are added. - - PreUp, PostUp, PreDown, PostDown: script snippets which will be executed - by bash(1) at the corresponding phases of the link, most commonly used - to configure DNS. The string \`%i' is expanded to INTERFACE. - - SaveConfig: if set to \`true', the configuration is saved from the current - state of the interface upon shutdown. + - Address: may be specified one or more times and contains one or more + IP addresses (with an optional CIDR mask) to be set for the interface. + - DNS: an optional DNS server to use while the device is up. + - MTU: an optional MTU for the interface; if unspecified, auto-calculated. + - Table: an optional routing table to which routes will be added; if + unspecified or \`auto', the default table is used. If \`off', no routes + are added. + - PreUp, PostUp, PreDown, PostDown: script snippets which will be executed + by bash(1) at the corresponding phases of the link, most commonly used + to configure DNS. The string \`%i' is expanded to INTERFACE. + - SaveConfig: if set to \`true', the configuration is saved from the current + state of the interface upon shutdown. See wg-quick(8) for more info and examples. _EOF @@ -402,21 +398,21 @@ cmd_strip() { # ~~ function override insertion point ~~ +if [[ $# -eq 3 ]]; then + NETNS="$3" + NETNS_ARG="-n '$NETNS'" + IP_EXEC_NETNS="ip netns exec $NETNS" +fi + if [[ $# -eq 1 && ( $1 == --help || $1 == -h || $1 == help ) ]]; then cmd_usage elif [[ $# -ge 2 && $1 == up ]]; then auto_su parse_options "$2" - if [[ $# -eq 3 ]]; then - NETNS="$3" - fi cmd_up elif [[ $# -ge 2 && $1 == down ]]; then auto_su parse_options "$2" - if [[ $# -eq 3 ]]; then - NETNS="$3" - fi cmd_down elif [[ $# -eq 2 && $1 == save ]]; then auto_su |