platform: add @replace_peers argument to nm_platform_link_wireguard_change()

The caller may not wish to replace existing peers, but only update/add the peers explicitly passed to nm_platform_link_wireguard_change(). I think that is in particular interesting, because for the most part NetworkManager will configure the same set of peers over and over again (whenever we resolve the DNS name of an IP endpoint of the WireGuard peer). At that point, it seems disruptive to drop all peers and re-add them again. Setting @replace_peers to %FALSE allows to only update/add.
author: Thomas Haller <thaller@redhat.com> 2019-01-13 14:21:59 +0100
committer: Thomas Haller <thaller@redhat.com> 2019-01-22 16:30:23 +0100
commit: 6f8c7b580d9f3cb712cfdc0a274aa7633e949609 (patch)
tree: fd972edc8d4727bcaedb5b615ef9777e2fbda541
parent: 78ce4307c0087a8f86c78235300a503bc271930f (diff)
download: NetworkManager-6f8c7b580d9f3cb712cfdc0a274aa7633e949609.tar.gz
4 files changed, 20 insertions, 9 deletions
diff --git a/src/platform/nm-linux-platform.c b/src/platform/nm-linux-platform.c
index ce50d920c5..85214ec854 100644
--- a/src/platform/nm-linux-platform.c
+++ b/src/platform/nm-linux-platform.c
@@ -2374,6 +2374,7 @@ _wireguard_create_change_nlmsgs (NMPlatform *platform,
                                  const NMPlatformLnkWireGuard *lnk_wireguard,
                                  const NMPWireGuardPeer *peers,
                                  guint peers_len,
+                                 gboolean replace_peers,
                                  GPtrArray **out_msgs)
 {
 	gs_unref_ptrarray GPtrArray *msgs = NULL;
@@ -2422,7 +2423,9 @@ again:
 		NLA_PUT (msg, WGDEVICE_A_PRIVATE_KEY, sizeof (lnk_wireguard->private_key), lnk_wireguard->private_key);
 		NLA_PUT_U16 (msg, WGDEVICE_A_LISTEN_PORT, lnk_wireguard->listen_port);
 		NLA_PUT_U32 (msg, WGDEVICE_A_FWMARK, lnk_wireguard->fwmark);
-		NLA_PUT_U32 (msg, WGDEVICE_A_FLAGS, WGDEVICE_F_REPLACE_PEERS);
+
+		NLA_PUT_U32 (msg, WGDEVICE_A_FLAGS,
+		             replace_peers ? WGDEVICE_F_REPLACE_PEERS : ((guint32) 0u));
 	}
 
 	if (peers_len == 0)
@@ -2552,7 +2555,8 @@ link_wireguard_change (NMPlatform *platform,
                        int ifindex,
                        const NMPlatformLnkWireGuard *lnk_wireguard,
                        const NMPWireGuardPeer *peers,
-                       guint peers_len)
+                       guint peers_len,
+                       gboolean replace_peers)
 {
 	NMLinuxPlatformPrivate *priv = NM_LINUX_PLATFORM_GET_PRIVATE (platform);
 	gs_unref_ptrarray GPtrArray *msgs = NULL;
@@ -2570,6 +2574,7 @@ link_wireguard_change (NMPlatform *platform,
 	                                     lnk_wireguard,
 	                                     peers,
 	                                     peers_len,
+	                                     replace_peers,
 	                                     &msgs);
 	if (r < 0) {
 		_LOGW ("wireguard: set-device, cannot construct netlink message: %s", nm_strerror (r));
diff --git a/src/platform/nm-platform.c b/src/platform/nm-platform.c
index 73189f44c2..4bb31b1742 100644
--- a/src/platform/nm-platform.c
+++ b/src/platform/nm-platform.c
@@ -1998,7 +1998,8 @@ nm_platform_link_wireguard_change (NMPlatform *self,
                                    int ifindex,
                                    const NMPlatformLnkWireGuard *lnk_wireguard,
                                    const NMPWireGuardPeer *peers,
-                                   guint peers_len)
+                                   guint peers_len,
+                                   gboolean replace_peers)
 {
 	_CHECK_SELF (self, klass, -NME_BUG);
 
@@ -2024,18 +2025,20 @@ nm_platform_link_wireguard_change (NMPlatform *self,
 			nm_utils_strbuf_append_str (&b, &len, "}");
 		}
 
-		_LOG3D ("link: change wireguard ifindex %d, %s, %u peers%s",
+		_LOG3D ("link: change wireguard ifindex %d, %s, %u peers%s%s",
 		        ifindex,
 		        nm_platform_lnk_wireguard_to_string (lnk_wireguard, buf_lnk, sizeof (buf_lnk)),
 		        peers_len,
-		        buf_peers);
+		        buf_peers,
+		        replace_peers ? " (replace-peers)" : " (update-peers)");
 	}
 
 	return klass->link_wireguard_change (self,
 	                                     ifindex,
 	                                     lnk_wireguard,
 	                                     peers,
-	                                     peers_len);
+	                                     peers_len,
+	                                     replace_peers);
 }
 
 /*****************************************************************************/
diff --git a/src/platform/nm-platform.h b/src/platform/nm-platform.h
index 1f136da582..412ac597ab 100644
--- a/src/platform/nm-platform.h
+++ b/src/platform/nm-platform.h
@@ -831,7 +831,8 @@ typedef struct {
 	                              int ifindex,
 	                              const NMPlatformLnkWireGuard *lnk_wireguard,
 	                              const struct _NMPWireGuardPeer *peers,
-	                              guint peers_len);
+	                              guint peers_len,
+	                              gboolean replace_peers);
 
 	gboolean (*vlan_add) (NMPlatform *, const char *name, int parent, int vlanid, guint32 vlanflags, const NMPlatformLink **out_link);
 	gboolean (*link_vlan_change) (NMPlatform *self,
@@ -1393,7 +1394,8 @@ int nm_platform_link_wireguard_change (NMPlatform *self,
                                        int ifindex,
                                        const NMPlatformLnkWireGuard *lnk_wireguard,
                                        const struct _NMPWireGuardPeer *peers,
-                                       guint peers_len);
+                                       guint peers_len,
+                                       gboolean replace_peers);
 
 const NMPlatformIP6Address *nm_platform_ip6_address_get (NMPlatform *self, int ifindex, struct in6_addr address);
 
diff --git a/src/platform/tests/test-link.c b/src/platform/tests/test-link.c
index 031bb79a25..bfd330580a 100644
--- a/src/platform/tests/test-link.c
+++ b/src/platform/tests/test-link.c
@@ -912,7 +912,8 @@ _test_wireguard_change (NMPlatform *platform,
 	                                       ifindex,
 	                                       &lnk_wireguard,
 	                                       (const NMPWireGuardPeer *) peers->data,
-	                                       peers->len);
+	                                       peers->len,
+	                                       TRUE);
 	g_assert (NMTST_NM_ERR_SUCCESS (r));
 }
author	Thomas Haller <thaller@redhat.com>	2019-01-13 14:21:59 +0100
committer	Thomas Haller <thaller@redhat.com>	2019-01-22 16:30:23 +0100
commit	6f8c7b580d9f3cb712cfdc0a274aa7633e949609 (patch)
tree	fd972edc8d4727bcaedb5b615ef9777e2fbda541
parent	78ce4307c0087a8f86c78235300a503bc271930f (diff)
download	NetworkManager-6f8c7b580d9f3cb712cfdc0a274aa7633e949609.tar.gz