10
11
12
13
14
15
16
17
18
19
20
21
22
23
...
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
...
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
|
#include <netinet/in.h>
#include <unistd.h>
#include <sys/socket.h>
#include <netdb.h>
/* libs */
#include <wireguard.h>
#include <libpq-fe.h>
size_t dumpEndpoint(char* d, const wg_endpoint* const e) {
const struct sockaddr* addr;
size_t len;
................................................................................
) free(allowedip);
/* end import */
free(peer);
}
/* linked list manipulation routines */
#define _ll_rec peer
#define _ll_box wg_device
#define _ll_obj wg_peer
#define _ll_iter wg_for_each_peer
#define _ll_ns wgd
#include "list.h"
#define _ll_rec allowedip
#define _ll_box wg_peer
#define _ll_obj wg_allowedip
#define _ll_iter wg_for_each_allowedip
#define _ll_ns wgd_peer
#include "list.h"
#if 0
void wgd_drop_peer(wg_device* dev, wg_peer* peer) {
if(dev -> first_peer == peer) {
if(dev -> last_peer == peer) {
dev -> first_peer = dev -> last_peer = null;
} else {
................................................................................
}
++l;}
if(!foundIP) {
/* this IP hasn't been loaded into the
* kernel yet; upload it now */
_infof("inserting IP PG%zu %s", j, inetstr);
dirty = true;
}
}
if(goodIPc < ips -> sz) {
size_t l = 0;
wg_allowedip* wgip;
wg_for_each_allowedip(found, wgip) {
char inetstr[256];
dumpAllowedIP(inetstr, wgip);
_dbgf("IP WG%zu :: %s", l, inetstr);
if(!goodIPs[l]) {
/* this IP is stale, delete it */
_infof("deleting IP WG%zu %s", l, inetstr);
dirty = true;
}
++l;}
}
} else {
_infof("inserting key %s", key_b64);
dirty = true;
/* install new peer */
for (size_t j = 0; j < ips -> sz; ++j) {
char inetstr[256];
wg_allowedip aip = inet_to_allowedip(ips -> elts[j].data);
dumpAllowedIP(inetstr, &aip);
_dbgf("new IP %zu :: %s", j, inetstr);
}
}
free(ips);
}
{ size_t i=0; wg_peer* p; wg_for_each_peer(wg, p) {
if(valid_peers[i] == false) {
char b64 [128];
wg_key_to_base64(b64, p->public_key);
_infof("dropping peer %s", b64);
wgd_drop_peer(wg, p);
dirty = true;
}
++i;}}
_dbg("final peer list:");
{ size_t j=0; wg_peer* p; wg_for_each_peer(wg, p) {
char b64 [128];
wg_key_to_base64(b64, p->public_key);
_dbgf("P%zu :: %s", j, b64);
++j;}}
if(dirty) wg_set_device(wg);
PQclear(rows);
}
int main(int argc, char** argv) {
setvbuf(stderr, null, _IONBF, 0);
if (argc < 3) {
|
>
>
>
>
<
<
<
<
<
<
<
<
<
<
<
<
<
>
>
>
>
|
>
>
>
>
>
>
>
>
|
|
>
|
>
>
>
>
|
>
>
>
|
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
...
129
130
131
132
133
134
135
136
137
138
139
140
141
142
...
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
|
#include <netinet/in.h>
#include <unistd.h>
#include <sys/socket.h>
#include <netdb.h>
/* libs */
#include <wireguard.h>
#include "wglist.h"
/* wireguard uses messy linked lists but doesn't
* provide any routines for manipulating them;
* wglist.h fills in the gap */
#include <libpq-fe.h>
size_t dumpEndpoint(char* d, const wg_endpoint* const e) {
const struct sockaddr* addr;
size_t len;
................................................................................
) free(allowedip);
/* end import */
free(peer);
}
/* linked list manipulation routines */
#if 0
void wgd_drop_peer(wg_device* dev, wg_peer* peer) {
if(dev -> first_peer == peer) {
if(dev -> last_peer == peer) {
dev -> first_peer = dev -> last_peer = null;
} else {
................................................................................
}
++l;}
if(!foundIP) {
/* this IP hasn't been loaded into the
* kernel yet; upload it now */
_infof("inserting IP PG%zu %s", j, inetstr);
// is this necessary? FIXME
/* found -> flags |= WGPEER_REPLACE_ALLOWEDIPS; */
wg_allowedip* nip = wgd_peer_new_allowedip(found);
memcpy(nip, &aip, sizeof aip);
dirty = true;
}
}
if(goodIPc < ips -> sz) {
size_t l = 0;
wg_allowedip* wgip;
wg_for_each_allowedip(found, wgip) {
char inetstr[256];
dumpAllowedIP(inetstr, wgip);
_dbgf("IP WG%zu :: %s", l, inetstr);
if(l<goodIPc && !goodIPs[l]) {
/* this IP is stale, delete it */
_infof("deleting IP WG%zu %s", l, inetstr);
wgd_peer_drop_allowedip(found, wgip);
found -> flags |= WGPEER_REPLACE_ALLOWEDIPS;
dirty = true;
}
++l;}
}
} else {
_infof("inserting key %s", key_b64);
dirty = true;
/* install new peer */
wg_peer* np = wgd_new_peer(wg);
np -> flags = WGPEER_HAS_PUBLIC_KEY;
memcpy(np -> public_key, key, sizeof key);
for (size_t j = 0; j < ips -> sz; ++j) {
char inetstr[256];
wg_allowedip aip = inet_to_allowedip(ips -> elts[j].data);
dumpAllowedIP(inetstr, &aip);
_dbgf("new IP %zu :: %s", j, inetstr);
wg_allowedip* nip = wgd_peer_new_allowedip(np);
memcpy(nip, &aip, sizeof aip);
}
}
free(ips);
}
{ size_t i=0; wg_peer* p; wg_for_each_peer(wg, p) {
if(i<peerc && valid_peers[i] == false) {
char b64 [128];
wg_key_to_base64(b64, p->public_key);
_infof("dropping peer %s", b64);
//wgd_drop_peer(wg, p);
p -> flags |= WGPEER_REMOVE_ME;
dirty = true;
}
++i;}}
_dbg("final peer list:");
{ size_t j=0; wg_peer* p; wg_for_each_peer(wg, p) {
char b64 [128];
wg_key_to_base64(b64, p->public_key);
_dbgf("P%zu :: %s%s", j, b64,
p->flags & WGPEER_REMOVE_ME ? " [DELETE]" :
p->flags & WGPEER_REPLACE_ALLOWEDIPS ? " [CHGIP]" : "");
++j;}}
dirty = true;
if(dirty) {
int e = wg_set_device(wg);
if(e != 0)
_fatalf("could not set wg device (error %i)", -e);
}
PQclear(rows);
}
int main(int argc, char** argv) {
setvbuf(stderr, null, _IONBF, 0);
if (argc < 3) {
|