platform: add @replace_peers argument to nm_platform_link_wireguard_change()

The caller may not wish to replace existing peers, but only update/add the peers explicitly passed to nm_platform_link_wireguard_change(). I think that is in particular interesting, because for the most part NetworkManager will configure the same set of peers over and over again (whenever we resolve the DNS name of an IP endpoint of the WireGuard peer). At that point, it seems disruptive to drop all peers and re-add them again. Setting @replace_peers to %FALSE allows to only update/add.
2026-02-10 09:00:31 +01:00 · 2019-01-13 14:21:59 +01:00 · 2019-01-13 14:21:59 +01:00 · 6f8c7b580d
commit 6f8c7b580d
parent 78ce4307c0
4 changed files with 20 additions and 9 deletions
--- a/src/platform/nm-linux-platform.c
+++ b/src/platform/nm-linux-platform.c
@ -2374,6 +2374,7 @@ _wireguard_create_change_nlmsgs (NMPlatform *platform,
                                 const NMPlatformLnkWireGuard *lnk_wireguard,
                                 const NMPWireGuardPeer *peers,
                                 guint peers_len,
+                                 gboolean replace_peers,
                                 GPtrArray **out_msgs)
 {
 	gs_unref_ptrarray GPtrArray *msgs = NULL;
@ -2422,7 +2423,9 @@ again:
 		NLA_PUT (msg, WGDEVICE_A_PRIVATE_KEY, sizeof (lnk_wireguard->private_key), lnk_wireguard->private_key);
 		NLA_PUT_U16 (msg, WGDEVICE_A_LISTEN_PORT, lnk_wireguard->listen_port);
 		NLA_PUT_U32 (msg, WGDEVICE_A_FWMARK, lnk_wireguard->fwmark);
-		NLA_PUT_U32 (msg, WGDEVICE_A_FLAGS, WGDEVICE_F_REPLACE_PEERS);
+
+		NLA_PUT_U32 (msg, WGDEVICE_A_FLAGS,
+		             replace_peers ? WGDEVICE_F_REPLACE_PEERS : ((guint32) 0u));
 	}

 	if (peers_len == 0)
@ -2552,7 +2555,8 @@ link_wireguard_change (NMPlatform *platform,
                       int ifindex,
                       const NMPlatformLnkWireGuard *lnk_wireguard,
                       const NMPWireGuardPeer *peers,
-                       guint peers_len)
+                       guint peers_len,
+                       gboolean replace_peers)
 {
 	NMLinuxPlatformPrivate *priv = NM_LINUX_PLATFORM_GET_PRIVATE (platform);
 	gs_unref_ptrarray GPtrArray *msgs = NULL;
@ -2570,6 +2574,7 @@ link_wireguard_change (NMPlatform *platform,
 	                                     lnk_wireguard,
 	                                     peers,
 	                                     peers_len,
+	                                     replace_peers,
 	                                     &msgs);
 	if (r < 0) {
 		_LOGW ("wireguard: set-device, cannot construct netlink message: %s", nm_strerror (r));
--- a/src/platform/nm-platform.c
+++ b/src/platform/nm-platform.c
@ -1998,7 +1998,8 @@ nm_platform_link_wireguard_change (NMPlatform *self,
                                   int ifindex,
                                   const NMPlatformLnkWireGuard *lnk_wireguard,
                                   const NMPWireGuardPeer *peers,
-                                   guint peers_len)
+                                   guint peers_len,
+                                   gboolean replace_peers)
 {
 	_CHECK_SELF (self, klass, -NME_BUG);

@ -2024,18 +2025,20 @@ nm_platform_link_wireguard_change (NMPlatform *self,
 			nm_utils_strbuf_append_str (&b, &len, "}");
 		}

-		_LOG3D ("link: change wireguard ifindex %d, %s, %u peers%s",
+		_LOG3D ("link: change wireguard ifindex %d, %s, %u peers%s%s",
 		        ifindex,
 		        nm_platform_lnk_wireguard_to_string (lnk_wireguard, buf_lnk, sizeof (buf_lnk)),
 		        peers_len,
-		        buf_peers);
+		        buf_peers,
+		        replace_peers ? " (replace-peers)" : " (update-peers)");
 	}

 	return klass->link_wireguard_change (self,
 	                                     ifindex,
 	                                     lnk_wireguard,
 	                                     peers,
-	                                     peers_len);
+	                                     peers_len,
+	                                     replace_peers);
 }

 /*****************************************************************************/
--- a/src/platform/nm-platform.h
+++ b/src/platform/nm-platform.h
@ -831,7 +831,8 @@ typedef struct {
 	                              int ifindex,
 	                              const NMPlatformLnkWireGuard *lnk_wireguard,
 	                              const struct _NMPWireGuardPeer *peers,
-	                              guint peers_len);
+	                              guint peers_len,
+	                              gboolean replace_peers);

 	gboolean (*vlan_add) (NMPlatform *, const char *name, int parent, int vlanid, guint32 vlanflags, const NMPlatformLink **out_link);
 	gboolean (*link_vlan_change) (NMPlatform *self,
@ -1393,7 +1394,8 @@ int nm_platform_link_wireguard_change (NMPlatform *self,
                                       int ifindex,
                                       const NMPlatformLnkWireGuard *lnk_wireguard,
                                       const struct _NMPWireGuardPeer *peers,
-                                       guint peers_len);
+                                       guint peers_len,
+                                       gboolean replace_peers);

 const NMPlatformIP6Address *nm_platform_ip6_address_get (NMPlatform *self, int ifindex, struct in6_addr address);

--- a/src/platform/tests/test-link.c
+++ b/src/platform/tests/test-link.c
@ -912,7 +912,8 @@ _test_wireguard_change (NMPlatform *platform,
 	                                       ifindex,
 	                                       &lnk_wireguard,
 	                                       (const NMPWireGuardPeer *) peers->data,
-	                                       peers->len);
+	                                       peers->len,
+	                                       TRUE);
 	g_assert (NMTST_NM_ERR_SUCCESS (r));
 }