diff --git a/Cargo.lock b/Cargo.lock index d123780d7..7f3b20451 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -22,9 +22,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.68" +version = "1.0.69" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2cb2f989d18dd141ab8ae82f64d1a8cdd37e0840f73a406896cf5e99502fab61" +checksum = "224afbd727c3d6e4b90103ece64b8d1b67fbb1973b1046c2281eed3f3803f800" [[package]] name = "arrayvec" @@ -74,7 +74,7 @@ dependencies = [ "slab", "socket2", "waker-fn", - "windows-sys", + "windows-sys 0.42.0", ] [[package]] @@ -89,9 +89,9 @@ dependencies = [ [[package]] name = "async-recursion" -version = "1.0.0" +version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2cda8f4bcc10624c4e85bc66b3f452cca98cfa5ca002dc83a16aad2367641bea" +checksum = "3b015a331cc64ebd1774ba119538573603427eaace0a1950c423ab971f903796" dependencies = [ "proc-macro2", "quote", @@ -127,9 +127,9 @@ checksum = "7a40729d2133846d9ed0ea60a8b9541bccddab49cd30f0715a1da672fe9a2524" [[package]] name = "async-trait" -version = "0.1.59" +version = "0.1.64" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "31e6e93155431f3931513b243d371981bb2770112b370c82745a1d19d2f99364" +checksum = "1cd7fce9ba8c3c042128ce72d8b2ddbf3a05747efb67ea0313c635e10bda47a2" dependencies = [ "proc-macro2", "quote", @@ -155,9 +155,9 @@ checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" [[package]] name = "axum" -version = "0.6.1" +version = "0.6.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "08b108ad2665fa3f6e6a517c3d80ec3e77d224c47d605167aefaa5d7ef97fa48" +checksum = "4e246206a63c9830e118d12c894f56a82033da1a2361f5544deeee3df85c99d9" dependencies = [ "async-trait", "axum-core", @@ -184,9 +184,9 @@ dependencies = [ [[package]] name = "axum-core" -version = "0.3.0" +version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "79b8558f5a0581152dc94dcd289132a1d377494bdeafcd41869b3258e3e2ad92" +checksum = "1cae3e661676ffbacb30f1a824089a8c9150e71017f7e1e38f2aa32009188d34" dependencies = [ "async-trait", "bytes", @@ -222,9 +222,9 @@ dependencies = [ [[package]] name = "bumpalo" -version = "3.11.1" +version = "3.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "572f695136211188308f16ad2ca5c851a712c464060ae6974944458eb83880ba" +checksum = "0d261e256854913907f67ed06efbc3338dfe6179796deefc1ff763fc1aee5535" [[package]] name = "byteorder" @@ -234,15 +234,15 @@ checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" [[package]] name = "bytes" -version = "1.3.0" +version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dfb24e866b15a1af2a1b663f10c6b6b8f397a84aadb828f12e5b289ec23a3a3c" +checksum = "89b2fd2a0dcf38d7971e2194b6b6eebab45ae01067456a7fd93d5547a61b70be" [[package]] name = "cc" -version = "1.0.78" +version = "1.0.79" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a20104e2335ce8a659d6dd92a51a767a0c062599c73b343fd152cb401e828c3d" +checksum = "50d30906286121d95be3d479533b458f87493b30a4b5f79a607db8f5d11aa91f" [[package]] name = "cfg-if" @@ -314,9 +314,9 @@ dependencies = [ [[package]] name = "concurrent-queue" -version = "2.0.0" +version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bd7bef69dc86e3c610e4e7aed41035e2a7ed12e72dd7530f61327a6579a4390b" +checksum = "c278839b831783b70278b14df4d45e1beb1aad306c07bb796637de9a0e323e8e" dependencies = [ "crossbeam-utils", ] @@ -357,9 +357,9 @@ dependencies = [ [[package]] name = "cxx" -version = "1.0.83" +version = "1.0.91" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bdf07d07d6531bfcdbe9b8b739b104610c6508dcc4d63b410585faf338241daf" +checksum = "86d3488e7665a7a483b57e25bdd90d0aeb2bc7608c8d0346acf2ad3f1caf1d62" dependencies = [ "cc", "cxxbridge-flags", @@ -369,9 +369,9 @@ dependencies = [ [[package]] name = "cxx-build" -version = "1.0.83" +version = "1.0.91" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d2eb5b96ecdc99f72657332953d4d9c50135af1bac34277801cc3937906ebd39" +checksum = "48fcaf066a053a41a81dfb14d57d99738b767febb8b735c3016e469fac5da690" dependencies = [ "cc", "codespan-reporting", @@ -384,15 +384,15 @@ dependencies = [ [[package]] name = "cxxbridge-flags" -version = "1.0.83" +version = "1.0.91" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac040a39517fd1674e0f32177648334b0f4074625b5588a64519804ba0553b12" +checksum = "a2ef98b8b717a829ca5603af80e1f9e2e48013ab227b68ef37872ef84ee479bf" [[package]] name = "cxxbridge-macro" -version = "1.0.83" +version = "1.0.91" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1362b0ddcfc4eb0a1f57b68bd77dd99f0e826958a96abd0ae9bd092e114ffed6" +checksum = "086c685979a698443656e5cf7856c95c642295a38599f12fb1ff76fb28d19892" dependencies = [ "proc-macro2", "quote", @@ -461,9 +461,9 @@ dependencies = [ [[package]] name = "either" -version = "1.8.0" +version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90e5c1c8368803113bf0c9584fc495a58b86dc8a29edbf8fe877d21d9507e797" +checksum = "7fcaabb2fef8c910e7f4c7ce9f67a1283a1715879a7c230ca9d6d1ae31f16d91" [[package]] name = "enum-as-inner" @@ -568,16 +568,16 @@ dependencies = [ [[package]] name = "ethtool" -version = "0.2.3" +version = "0.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "192fe5cd4ae2002004d5c27ff14fadd7920541f3f14e816904c796bcd04c6564" +checksum = "a79614020ba4ef8fca44f4fe8f7aa61da29d9630531f87f91e13a91a50b9e61f" dependencies = [ "anyhow", "byteorder", "futures", "genetlink", "log", - "netlink-packet-core", + "netlink-packet-core 0.5.0", "netlink-packet-generic", "netlink-packet-utils", "netlink-proto", @@ -594,9 +594,9 @@ checksum = "0206175f82b8d6bf6652ff7d71a1e27fd2e4efde587fd368662814d6ec1d9ce0" [[package]] name = "fastrand" -version = "1.8.0" +version = "1.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a7a407cfaa3385c4ae6b23e84623d48c2798d06e3e6a1878f7f59f17b3f86499" +checksum = "e51093e27b0797c359783294ca4f0a911c270184cb10f85783b118614a1501be" dependencies = [ "instant", ] @@ -634,9 +634,9 @@ dependencies = [ [[package]] name = "futures" -version = "0.3.25" +version = "0.3.26" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "38390104763dc37a5145a53c29c63c1290b5d316d6086ec32c293f6736051bb0" +checksum = "13e2792b0ff0340399d58445b88fd9770e3489eff258a4cbc1523418f12abf84" dependencies = [ "futures-channel", "futures-core", @@ -649,9 +649,9 @@ dependencies = [ [[package]] name = "futures-channel" -version = "0.3.25" +version = "0.3.26" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "52ba265a92256105f45b719605a571ffe2d1f0fea3807304b522c1d778f79eed" +checksum = "2e5317663a9089767a1ec00a487df42e0ca174b61b4483213ac24448e4664df5" dependencies = [ "futures-core", "futures-sink", @@ -659,15 +659,15 @@ dependencies = [ [[package]] name = "futures-core" -version = "0.3.25" +version = "0.3.26" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "04909a7a7e4633ae6c4a9ab280aeb86da1236243a77b694a49eacd659a4bd3ac" +checksum = "ec90ff4d0fe1f57d600049061dc6bb68ed03c7d2fbd697274c41805dcb3f8608" [[package]] name = "futures-executor" -version = "0.3.25" +version = "0.3.26" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7acc85df6714c176ab5edf386123fafe217be88c0840ec11f199441134a074e2" +checksum = "e8de0a35a6ab97ec8869e32a2473f4b1324459e14c29275d14b10cb1fd19b50e" dependencies = [ "futures-core", "futures-task", @@ -676,9 +676,9 @@ dependencies = [ [[package]] name = "futures-io" -version = "0.3.25" +version = "0.3.26" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "00f5fb52a06bdcadeb54e8d3671f8888a39697dcb0b81b23b55174030427f4eb" +checksum = "bfb8371b6fb2aeb2d280374607aeabfc99d95c72edfe51692e42d3d7f0d08531" [[package]] name = "futures-lite" @@ -697,9 +697,9 @@ dependencies = [ [[package]] name = "futures-macro" -version = "0.3.25" +version = "0.3.26" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bdfb8ce053d86b91919aad980c220b1fb8401a9394410e1c289ed7e66b61835d" +checksum = "95a73af87da33b5acf53acfebdc339fe592ecf5357ac7c0a7734ab9d8c876a70" dependencies = [ "proc-macro2", "quote", @@ -708,21 +708,21 @@ dependencies = [ [[package]] name = "futures-sink" -version = "0.3.25" +version = "0.3.26" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "39c15cf1a4aa79df40f1bb462fb39676d0ad9e366c2a33b590d7c66f4f81fcf9" +checksum = "f310820bb3e8cfd46c80db4d7fb8353e15dfff853a127158425f31e0be6c8364" [[package]] name = "futures-task" -version = "0.3.25" +version = "0.3.26" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2ffb393ac5d9a6eaa9d3fdf37ae2776656b706e200c8e16b1bdb227f5198e6ea" +checksum = "dcf79a1bf610b10f42aea489289c5a2c478a786509693b80cd39c44ccd936366" [[package]] name = "futures-util" -version = "0.3.25" +version = "0.3.26" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "197676987abd2f9cadff84926f410af1c183608d36641465df73ae8211dc65d6" +checksum = "9c1d6de3acfef38d2be4b1f543f553131788603495be83da675e180c8d6b7bd1" dependencies = [ "futures-channel", "futures-core", @@ -748,12 +748,13 @@ dependencies = [ [[package]] name = "genetlink" -version = "0.2.3" +version = "0.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9431aa0084f7525d009197ec4ab32381ed3881a9c44f90d3ab8591a33fbdfa78" +checksum = "a1bc23d478336747f4317fb34e4f1a6c3d0030caf756e057708e2677afceafad" dependencies = [ "futures", - "netlink-packet-core", + "log", + "netlink-packet-core 0.5.0", "netlink-packet-generic", "netlink-packet-utils", "netlink-proto", @@ -798,9 +799,9 @@ checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" [[package]] name = "heck" -version = "0.4.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2540771e65fc8cb83cd6e8a237f70c319bd5c29f78ed1084ba5d50eeac86f7f9" +checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" [[package]] name = "hermit-abi" @@ -820,6 +821,12 @@ dependencies = [ "libc", ] +[[package]] +name = "hermit-abi" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fed44880c466736ef9a5c5b5facefb5ed0785676d0c02d612db14e54f0d84286" + [[package]] name = "hex" version = "0.4.3" @@ -874,9 +881,9 @@ checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" [[package]] name = "hyper" -version = "0.14.23" +version = "0.14.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "034711faac9d2166cb1baf1a2fb0b60b1f277f8492fd72176c17f3515e1abd3c" +checksum = "5e011372fa0b68db8350aa7a248930ecc7839bf46d8485577d69f117a75f164c" dependencies = [ "bytes", "futures-channel", @@ -974,12 +981,12 @@ dependencies = [ [[package]] name = "io-lifetimes" -version = "1.0.3" +version = "1.0.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "46112a93252b123d31a119a8d1a1ac19deac4fac6e0e8b0df58f0d4e5870e63c" +checksum = "1abeb7a0dd0f8181267ff8adc397075586500b81b28a73e8a0208b00fc170fb3" dependencies = [ "libc", - "windows-sys", + "windows-sys 0.45.0", ] [[package]] @@ -1004,14 +1011,14 @@ dependencies = [ [[package]] name = "is-terminal" -version = "0.4.1" +version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "927609f78c2913a6f6ac3c27a4fe87f43e2a35367c0c4b0f8265e8f49a104330" +checksum = "22e18b0a45d56fe973d6db23972bf5bc46f988a4a2385deac9cc29572f09daef" dependencies = [ - "hermit-abi 0.2.6", + "hermit-abi 0.3.1", "io-lifetimes", "rustix", - "windows-sys", + "windows-sys 0.45.0", ] [[package]] @@ -1025,15 +1032,15 @@ dependencies = [ [[package]] name = "itoa" -version = "1.0.4" +version = "1.0.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4217ad341ebadf8d8e724e264f13e593e0648f5b3e94b3896a5df283be015ecc" +checksum = "fad582f4b9e86b6caa621cabeb0963332d92eea04729ab12892c2533951e6440" [[package]] name = "js-sys" -version = "0.3.60" +version = "0.3.61" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49409df3e3bf0856b916e2ceaca09ee28e6871cf7d9ce97a692cacfdb2a25a47" +checksum = "445dde2150c55e483f3d8416706b97ec8e8237c307e5b7b4b8dd15e6af2a0730" dependencies = [ "wasm-bindgen", ] @@ -1052,9 +1059,9 @@ checksum = "201de327520df007757c1f0adce6e827fe8562fbc28bfd9c15571c66ca1f5f79" [[package]] name = "link-cplusplus" -version = "1.0.7" +version = "1.0.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9272ab7b96c9046fbc5bc56c06c117cb639fe2d509df0c421cad82d2915cf369" +checksum = "ecd207c9c713c34f95a097a5b029ac2ce6010530c7b49d7fea24d977dede04f5" dependencies = [ "cc", ] @@ -1092,9 +1099,9 @@ checksum = "baee0bbc17ce759db233beb01648088061bf678383130602a298e6998eedb2d8" [[package]] name = "matches" -version = "0.1.9" +version = "0.1.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a3e378b66a060d48947b590737b30a1be76706c8dd7b8ba0f2fe3989c68a853f" +checksum = "2532096657941c2fea9c289d370a250971c689d4f143798ff67113ec042024a5" [[package]] name = "matchit" @@ -1134,14 +1141,14 @@ checksum = "2a60c7ce501c71e03a9c9c0d35b861413ae925bd979cc7a4e30d060069aaac8d" [[package]] name = "mio" -version = "0.8.5" +version = "0.8.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e5d732bc30207a6423068df043e3d02e0735b155ad7ce1a6f76fe2baa5b158de" +checksum = "5b9d9a46eff5b4ff64b45a9e316a6d1e0bc719ef429cbec4dc630684212bfdf9" dependencies = [ "libc", "log", "wasi", - "windows-sys", + "windows-sys 0.45.0", ] [[package]] @@ -1164,16 +1171,16 @@ dependencies = [ [[package]] name = "mptcp-pm" -version = "0.1.1" +version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7005d3873497e6dd24a467b0aa6e2508079b2e84ad4d0531d5fb24e0487806b5" +checksum = "ca5a935696524dca48e6b3e4c5ca837440d75b0f00f1d48807841c9a30ac3e37" dependencies = [ "anyhow", "byteorder", "futures", "genetlink", "log", - "netlink-packet-core", + "netlink-packet-core 0.5.0", "netlink-packet-generic", "netlink-packet-utils", "netlink-proto", @@ -1203,8 +1210,8 @@ dependencies = [ "iptables", "libc", "log", - "netlink-packet-core", - "netlink-packet-route", + "netlink-packet-core 0.4.2", + "netlink-packet-route 0.13.0", "netlink-sys", "nix 0.26.2", "rand", @@ -1222,6 +1229,7 @@ name = "netavark" version = "1.6.0-dev" dependencies = [ "anyhow", + "base64", "chrono", "clap", "env_logger 0.10.0", @@ -1231,8 +1239,10 @@ dependencies = [ "libc", "log", "netavark_proxy", - "netlink-packet-core", - "netlink-packet-route", + "netlink-packet-core 0.5.0", + "netlink-packet-generic", + "netlink-packet-route 0.15.0", + "netlink-packet-wireguard", "netlink-sys", "nix 0.26.2", "rand", @@ -1249,7 +1259,7 @@ dependencies = [ [[package]] name = "netavark_proxy" version = "0.1.0" -source = "git+https://github.com/containers/netavark-dhcp-proxy#d628692795efa57a1ddc4d55c64399e7b1afae35" +source = "git+https://github.com/containers/netavark-dhcp-proxy#f46414d14910d3f2a5613706b8e6d8407b66d1d3" dependencies = [ "clap", "env_logger 0.10.0", @@ -1287,16 +1297,28 @@ dependencies = [ "netlink-packet-utils", ] +[[package]] +name = "netlink-packet-core" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7e5cf0b54effda4b91615c40ff0fd12d0d4c9a6e0f5116874f03941792ff535a" +dependencies = [ + "anyhow", + "byteorder", + "libc", + "netlink-packet-utils", +] + [[package]] name = "netlink-packet-generic" -version = "0.3.1" +version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94a5d5ed7a2e8303cde48c4c75b9cbe004d1df98bdd0183aea8f4db7f010cb00" +checksum = "6c2b2fb3594ee2c5f4076579104ee6f2a74cf138e608a5f07ca31ee929a9367f" dependencies = [ "anyhow", "byteorder", "libc", - "netlink-packet-core", + "netlink-packet-core 0.5.0", "netlink-packet-utils", ] @@ -1310,15 +1332,29 @@ dependencies = [ "bitflags", "byteorder", "libc", - "netlink-packet-core", + "netlink-packet-core 0.4.2", + "netlink-packet-utils", +] + +[[package]] +name = "netlink-packet-route" +version = "0.15.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ea993e32c77d87f01236c38f572ecb6c311d592e56a06262a007fd2a6e31253c" +dependencies = [ + "anyhow", + "bitflags", + "byteorder", + "libc", + "netlink-packet-core 0.5.0", "netlink-packet-utils", ] [[package]] name = "netlink-packet-utils" -version = "0.5.1" +version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25af9cf0dc55498b7bd94a1508af7a78706aa0ab715a73c5169273e03c84845e" +checksum = "0ede8a08c71ad5a95cdd0e4e52facd37190977039a4704eb82a283f713747d34" dependencies = [ "anyhow", "byteorder", @@ -1326,16 +1362,29 @@ dependencies = [ "thiserror", ] +[[package]] +name = "netlink-packet-wireguard" +version = "0.2.2" +source = "git+https://github.com/rust-netlink/netlink-packet-wireguard#1fe04985c0148812e4e3f28e117db558e36baa84" +dependencies = [ + "anyhow", + "byteorder", + "libc", + "log", + "netlink-packet-generic", + "netlink-packet-utils", +] + [[package]] name = "netlink-proto" -version = "0.10.0" +version = "0.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "65b4b14489ab424703c092062176d52ba55485a89c076b4f9db05092b7223aa6" +checksum = "26305d12193227ef7b8227e7d61ae4eaf174607f79bd8eeceff07aacaefde497" dependencies = [ "bytes", "futures", "log", - "netlink-packet-core", + "netlink-packet-core 0.5.0", "netlink-sys", "thiserror", "tokio", @@ -1356,16 +1405,16 @@ dependencies = [ [[package]] name = "nispor" -version = "1.2.9" +version = "1.2.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "726e9a52eb0e495fd7e2e15549fc133a38683ca16b96e4181d183c7c8185ccdb" +checksum = "7c3d351f1231dbf101b2ed5c04ad54596d4a0ca3bc217863a5cd1c074b1bf206" dependencies = [ "ethtool", "futures", "libc", "log", "mptcp-pm", - "netlink-packet-route", + "netlink-packet-route 0.15.0", "netlink-packet-utils", "netlink-sys", "rtnetlink", @@ -1387,17 +1436,6 @@ dependencies = [ "memoffset 0.6.5", ] -[[package]] -name = "nix" -version = "0.24.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fa52e972a9a719cecb6864fb88568781eb706bac2cd1d4f04a648542dbf78069" -dependencies = [ - "bitflags", - "cfg-if", - "libc", -] - [[package]] name = "nix" version = "0.25.1" @@ -1426,6 +1464,15 @@ dependencies = [ "static_assertions", ] +[[package]] +name = "nom8" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ae01545c9c7fc4486ab7debaf2aad7003ac19431791868fb2e8066df97fad2f8" +dependencies = [ + "memchr", +] + [[package]] name = "num-integer" version = "0.1.45" @@ -1447,19 +1494,19 @@ dependencies = [ [[package]] name = "num_cpus" -version = "1.14.0" +version = "1.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f6058e64324c71e02bc2b150e4f3bc8286db6c83092132ffa3f6b1eab0f9def5" +checksum = "0fac9e2da13b5eb447a6ce3d392f23a29d8694bff781bf03a16cd9ac8697593b" dependencies = [ - "hermit-abi 0.1.19", + "hermit-abi 0.2.6", "libc", ] [[package]] name = "once_cell" -version = "1.16.0" +version = "1.17.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "86f0b0d4bf799edbc74508c1e8bf170ff5f41238e5f8225603ca7caaae2b7860" +checksum = "b7e5500299e16ebb147ae15a00a942af264cf3688f47923b8fc2cd5858f23ad3" [[package]] name = "ordered-float" @@ -1504,22 +1551,22 @@ dependencies = [ [[package]] name = "parking_lot_core" -version = "0.9.5" +version = "0.9.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ff9f3fef3968a3ec5945535ed654cb38ff72d7495a25619e2247fb15a2ed9ba" +checksum = "9069cbb9f99e3a5083476ccb29ceb1de18b9118cafa53e90c9551235de2b9521" dependencies = [ "cfg-if", "libc", "redox_syscall", "smallvec", - "windows-sys", + "windows-sys 0.45.0", ] [[package]] name = "paste" -version = "1.0.10" +version = "1.0.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cf1c2c742266c2f1041c914ba65355a83ae8747b05f208319784083583494b4b" +checksum = "d01a5bd0424d00070b0098dd17ebca6f961a959dead1dbcbbbc1d1cd8d3deeba" [[package]] name = "percent-encoding" @@ -1529,9 +1576,9 @@ checksum = "478c572c3d73181ff3c2539045f6eb99e5491218eae919370993b890cdbdd98e" [[package]] name = "petgraph" -version = "0.6.2" +version = "0.6.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e6d5014253a1331579ce62aa67443b4a658c5e7dd03d4bc6d302b94474888143" +checksum = "4dd7d28ee937e54fe3080c91faa1c3a46c06de6252988a7f4592ba2310ef22a4" dependencies = [ "fixedbitset", "indexmap", @@ -1580,7 +1627,7 @@ dependencies = [ "libc", "log", "wepoll-ffi", - "windows-sys", + "windows-sys 0.42.0", ] [[package]] @@ -1591,9 +1638,9 @@ checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" [[package]] name = "prettyplease" -version = "0.1.21" +version = "0.1.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c142c0e46b57171fe0c528bee8c5b7569e80f0c17e377cd0e30ea57dbc11bb51" +checksum = "e97e3215779627f01ee256d2fad52f3d95e8e1c11e9fc6fd08f7cd455d5d5c78" dependencies = [ "proc-macro2", "syn", @@ -1601,13 +1648,12 @@ dependencies = [ [[package]] name = "proc-macro-crate" -version = "1.2.1" +version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eda0fc3b0fb7c975631757e14d9049da17374063edb6ebbcbc54d880d4fe94e9" +checksum = "66618389e4ec1c7afe67d51a9bf34ff9236480f8d51e7489b7d5ab0303c13f34" dependencies = [ "once_cell", - "thiserror", - "toml", + "toml_edit", ] [[package]] @@ -1636,18 +1682,18 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.47" +version = "1.0.51" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ea3d908b0e36316caf9e9e2c4625cdde190a7e6f440d794667ed17a1855e725" +checksum = "5d727cae5b39d21da60fa540906919ad737832fe0b1c165da3a34d6548c849d6" dependencies = [ "unicode-ident", ] [[package]] name = "prost" -version = "0.11.3" +version = "0.11.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c0b18e655c21ff5ac2084a5ad0611e827b3f92badf79f4910b5a5c58f4d87ff0" +checksum = "21dc42e00223fc37204bd4aa177e69420c604ca4a183209a8f9de30c6d934698" dependencies = [ "bytes", "prost-derive", @@ -1655,9 +1701,9 @@ dependencies = [ [[package]] name = "prost-build" -version = "0.11.4" +version = "0.11.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "276470f7f281b0ed53d2ae42dd52b4a8d08853a3c70e7fe95882acbb98a6ae94" +checksum = "a3f8ad728fb08fe212df3c05169e940fbb6d9d16a877ddde14644a983ba2012e" dependencies = [ "bytes", "heck", @@ -1677,9 +1723,9 @@ dependencies = [ [[package]] name = "prost-derive" -version = "0.11.2" +version = "0.11.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "164ae68b6587001ca506d3bf7f1000bfa248d0e1217b618108fba4ec1d0cc306" +checksum = "8bda8c0881ea9f722eb9629376db3d0b903b462477c1aafcb0566610ac28ac5d" dependencies = [ "anyhow", "itertools", @@ -1690,9 +1736,9 @@ dependencies = [ [[package]] name = "prost-types" -version = "0.11.2" +version = "0.11.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "747761bc3dc48f9a34553bf65605cf6cb6288ba219f3450b4275dbd81539551a" +checksum = "a5e0526209433e96d83d750dd81a99118edbc55739e7e61a46764fd2ad537788" dependencies = [ "bytes", "prost", @@ -1700,9 +1746,9 @@ dependencies = [ [[package]] name = "quote" -version = "1.0.21" +version = "1.0.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbe448f377a7d6961e30f5955f9b8d106c3f5e449d493ee1b125c1d43c2b5179" +checksum = "8856d8364d252a14d474036ea1358d63c9e6965c8e5c1885c18f73d70bff9c7b" dependencies = [ "proc-macro2", ] @@ -1759,9 +1805,9 @@ dependencies = [ [[package]] name = "regex" -version = "1.7.0" +version = "1.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e076559ef8e241f2ae3479e36f97bd5741c0330689e217ad51ce2c76808b868a" +checksum = "48aaa5748ba571fb95cd2c85c09f629215d3a6ece942baa100950af03a34f733" dependencies = [ "aho-corasick", "memchr", @@ -1785,44 +1831,47 @@ dependencies = [ [[package]] name = "rtnetlink" -version = "0.11.0" +version = "0.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "46f1cfa18f8cebe685373a2697915d7e0db3b4554918bba118385e0f71f258a7" +checksum = "ed7d42da676fdf7e470e2502717587dd1089d8b48d9d1b846dcc3c01072858cb" dependencies = [ "futures", "log", - "netlink-packet-route", + "netlink-packet-core 0.5.0", + "netlink-packet-route 0.15.0", + "netlink-packet-utils", "netlink-proto", - "nix 0.24.3", + "netlink-sys", + "nix 0.26.2", "thiserror", "tokio", ] [[package]] name = "rustix" -version = "0.36.5" +version = "0.36.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a3807b5d10909833d3e9acd1eb5fb988f79376ff10fce42937de71a449c4c588" +checksum = "f43abb88211988493c1abb44a70efa56ff0ce98f233b7b276146f1f3f7ba9644" dependencies = [ "bitflags", "errno", "io-lifetimes", "libc", "linux-raw-sys", - "windows-sys", + "windows-sys 0.45.0", ] [[package]] name = "rustversion" -version = "1.0.9" +version = "1.0.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97477e48b4cf8603ad5f7aaf897467cf42ab4218a38ef76fb14c2d6773a6d6a8" +checksum = "5583e89e108996506031660fe09baa5011b9dd0341b89029313006d1fb508d70" [[package]] name = "ryu" -version = "1.0.11" +version = "1.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4501abdff3ae82a1c1b477a17252eb69cee9e66eb915c1abaa4f44d873df9f09" +checksum = "7b4b9743ed687d4b4bcedf9ff5eaa7398495ae14e61cba0a295704edbc7decde" [[package]] name = "same-file" @@ -1841,9 +1890,9 @@ checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd" [[package]] name = "scratch" -version = "1.0.2" +version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c8132065adcfd6e02db789d9285a0deb2f3fcb04002865ab67d5fb103533898" +checksum = "ddccb15bcce173023b3fedd9436f882a0739b8dfb45e4f6b6002bee5929f61b2" [[package]] name = "serde" @@ -1877,9 +1926,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.92" +version = "1.0.93" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7434af0dc1cbd59268aa98b4c22c131c0584d2232f6fb166efb993e2832e896a" +checksum = "cad406b69c91885b5107daf2c29572f6c8cdb3c66826821e286c533490c0bc76" dependencies = [ "itoa", "ryu", @@ -1888,9 +1937,9 @@ dependencies = [ [[package]] name = "serde_repr" -version = "0.1.9" +version = "0.1.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1fe39d9fbb0ebf5eb2c7cb7e2a47e4f462fad1379f1166b8ae49ad9eae89a7ca" +checksum = "9a5ec9fa74a20ebbe5d9ac23dac1fc96ba0ecfe9f50f2843b52e537b10fbcb4e" dependencies = [ "proc-macro2", "quote", @@ -1921,9 +1970,9 @@ dependencies = [ [[package]] name = "signal-hook-registry" -version = "1.4.0" +version = "1.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e51e73328dc4ac0c7ccbda3a494dfa03df1de2f46018127f60c693f2648455b0" +checksum = "d8229b473baa5980ac72ef434c4415e70c4b5e71b423043adb4ba059f89c99a1" dependencies = [ "libc", ] @@ -1967,9 +2016,9 @@ checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" [[package]] name = "syn" -version = "1.0.105" +version = "1.0.107" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "60b9b43d45702de4c839cb9b51d9f529c5dd26a4aff255b42b1ebc03e88ee908" +checksum = "1f4064b5b16e03ae50984a5a8ed5d4f8803e6bc1fd170a3cda91a1be4b18e3f5" dependencies = [ "proc-macro2", "quote", @@ -1978,9 +2027,9 @@ dependencies = [ [[package]] name = "sync_wrapper" -version = "0.1.1" +version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "20518fe4a4c9acf048008599e464deb21beeae3d3578418951a189c235a7a9a8" +checksum = "2047c6ded9c721764247e62cd3b03c09ffc529b2ba5b10ec482ae507a4a70160" [[package]] name = "sysctl" @@ -2012,9 +2061,9 @@ dependencies = [ [[package]] name = "termcolor" -version = "1.1.3" +version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bab24d30b911b2376f3a13cc2cd443142f0c81dda04c118693e35b3835757755" +checksum = "be55cf8942feac5c765c2c993422806843c9a9a45d4d5c407ad6dd2ea95eb9b6" dependencies = [ "winapi-util", ] @@ -2027,18 +2076,18 @@ checksum = "222a222a5bfe1bba4a77b45ec488a741b3cb8872e5e499451fd7d0129c9c7c3d" [[package]] name = "thiserror" -version = "1.0.37" +version = "1.0.38" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "10deb33631e3c9018b9baf9dcbbc4f737320d2b576bac10f6aefa048fa407e3e" +checksum = "6a9cd18aa97d5c45c6603caea1da6628790b37f7a34b6ca89522331c5180fed0" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.37" +version = "1.0.38" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "982d17546b47146b28f7c22e3d08465f6b8903d0ea13c1660d9d84a6e7adcdbb" +checksum = "1fb327af4685e4d03fa8cbcf1716380da910eeb2bb8be417e7f9fd3fb164f36f" dependencies = [ "proc-macro2", "quote", @@ -2056,9 +2105,9 @@ dependencies = [ [[package]] name = "tinyvec_macros" -version = "0.1.0" +version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cda74da7e1a664f795bb1f8a87ec406fb89a02522cf6e50620d016add6dbbf5c" +checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" @@ -2076,7 +2125,7 @@ dependencies = [ "signal-hook-registry", "socket2", "tokio-macros", - "windows-sys", + "windows-sys 0.42.0", ] [[package]] @@ -2113,9 +2162,9 @@ dependencies = [ [[package]] name = "tokio-util" -version = "0.7.4" +version = "0.7.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0bb2e075f03b3d66d8d8785356224ba688d2906a371015e225beeb65ca92c740" +checksum = "5427d89453009325de0d8f342c9490009f76e999cb7672d77e46267448f7e6b2" dependencies = [ "bytes", "futures-core", @@ -2126,12 +2175,20 @@ dependencies = [ ] [[package]] -name = "toml" -version = "0.5.10" +name = "toml_datetime" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1333c76748e868a4d9d1017b5ab53171dfd095f70c712fdb4653a406547f598f" +checksum = "4553f467ac8e3d374bc9a177a26801e5d0f9b211aa1673fb137a403afd1c9cf5" + +[[package]] +name = "toml_edit" +version = "0.18.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "56c59d8dd7d0dcbc6428bf7aa2f0e823e26e43b3c9aca15bbc9475d23e5fa12b" dependencies = [ - "serde", + "indexmap", + "nom8", + "toml_datetime", ] [[package]] @@ -2299,9 +2356,9 @@ dependencies = [ [[package]] name = "try-lock" -version = "0.2.3" +version = "0.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "59547bce71d9c38b83d9c0e92b6066c4253371f15005def0c30d9657f50c7642" +checksum = "3528ecfd12c466c6f163363caf2d02a71161dd5e1cc6ae7b34207ea2d42d81ed" [[package]] name = "typenum" @@ -2321,15 +2378,15 @@ dependencies = [ [[package]] name = "unicode-bidi" -version = "0.3.8" +version = "0.3.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "099b7128301d285f79ddd55b9a83d5e6b9e97c92e0ea0daebee7263e932de992" +checksum = "d54675592c1dbefd78cbd98db9bacd89886e1ca50692a0692baefffdeb92dd58" [[package]] name = "unicode-ident" -version = "1.0.5" +version = "1.0.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6ceab39d59e4c9499d4e5a8ee0e2735b891bb7308ac83dfb4e80cad195c9f6f3" +checksum = "84a22b9f218b40614adcb3f4ff08b703773ad44fa9423e4e0d346d5db86e4ebc" [[package]] name = "unicode-normalization" @@ -2399,9 +2456,9 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "wasm-bindgen" -version = "0.2.83" +version = "0.2.84" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eaf9f5aceeec8be17c128b2e93e031fb8a4d469bb9c4ae2d7dc1888b26887268" +checksum = "31f8dcbc21f30d9b8f2ea926ecb58f6b91192c17e9d33594b3df58b2007ca53b" dependencies = [ "cfg-if", "wasm-bindgen-macro", @@ -2409,9 +2466,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-backend" -version = "0.2.83" +version = "0.2.84" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c8ffb332579b0557b52d268b91feab8df3615f265d5270fec2a8c95b17c1142" +checksum = "95ce90fd5bcc06af55a641a86428ee4229e44e07033963a2290a8e241607ccb9" dependencies = [ "bumpalo", "log", @@ -2424,9 +2481,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.83" +version = "0.2.84" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "052be0f94026e6cbc75cdefc9bae13fd6052cdcaf532fa6c45e7ae33a1e6c810" +checksum = "4c21f77c0bedc37fd5dc21f897894a5ca01e7bb159884559461862ae90c0b4c5" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -2434,9 +2491,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.83" +version = "0.2.84" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "07bc0c051dc5f23e307b13285f9d75df86bfdf816c5721e573dec1f9b8aa193c" +checksum = "2aff81306fcac3c7515ad4e177f521b5c9a15f2b08f4e32d823066102f35a5f6" dependencies = [ "proc-macro2", "quote", @@ -2447,9 +2504,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.83" +version = "0.2.84" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1c38c045535d93ec4f0b4defec448e4291638ee608530863b1e2ba115d4fff7f" +checksum = "0046fef7e28c3804e5e38bfa31ea2a0f73905319b677e57ebe37e49358989b5d" [[package]] name = "wepoll-ffi" @@ -2462,9 +2519,9 @@ dependencies = [ [[package]] name = "which" -version = "4.3.0" +version = "4.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1c831fbbee9e129a8cf93e7747a82da9d95ba8e16621cae60ec2cdc849bacb7b" +checksum = "2441c784c52b289a054b7201fc93253e288f094e2f4be9058343127c4226a269" dependencies = [ "either", "libc", @@ -2517,47 +2574,71 @@ dependencies = [ "windows_x86_64_msvc", ] +[[package]] +name = "windows-sys" +version = "0.45.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "75283be5efb2831d37ea142365f009c02ec203cd29a3ebecbc093d52315b66d0" +dependencies = [ + "windows-targets", +] + +[[package]] +name = "windows-targets" +version = "0.42.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e2522491fbfcd58cc84d47aeb2958948c4b8982e9a2d8a2a35bbaed431390e7" +dependencies = [ + "windows_aarch64_gnullvm", + "windows_aarch64_msvc", + "windows_i686_gnu", + "windows_i686_msvc", + "windows_x86_64_gnu", + "windows_x86_64_gnullvm", + "windows_x86_64_msvc", +] + [[package]] name = "windows_aarch64_gnullvm" -version = "0.42.0" +version = "0.42.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "41d2aa71f6f0cbe00ae5167d90ef3cfe66527d6f613ca78ac8024c3ccab9a19e" +checksum = "8c9864e83243fdec7fc9c5444389dcbbfd258f745e7853198f365e3c4968a608" [[package]] name = "windows_aarch64_msvc" -version = "0.42.0" +version = "0.42.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd0f252f5a35cac83d6311b2e795981f5ee6e67eb1f9a7f64eb4500fbc4dcdb4" +checksum = "4c8b1b673ffc16c47a9ff48570a9d85e25d265735c503681332589af6253c6c7" [[package]] name = "windows_i686_gnu" -version = "0.42.0" +version = "0.42.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fbeae19f6716841636c28d695375df17562ca208b2b7d0dc47635a50ae6c5de7" +checksum = "de3887528ad530ba7bdbb1faa8275ec7a1155a45ffa57c37993960277145d640" [[package]] name = "windows_i686_msvc" -version = "0.42.0" +version = "0.42.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "84c12f65daa39dd2babe6e442988fc329d6243fdce47d7d2d155b8d874862246" +checksum = "bf4d1122317eddd6ff351aa852118a2418ad4214e6613a50e0191f7004372605" [[package]] name = "windows_x86_64_gnu" -version = "0.42.0" +version = "0.42.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bf7b1b21b5362cbc318f686150e5bcea75ecedc74dd157d874d754a2ca44b0ed" +checksum = "c1040f221285e17ebccbc2591ffdc2d44ee1f9186324dd3e84e99ac68d699c45" [[package]] name = "windows_x86_64_gnullvm" -version = "0.42.0" +version = "0.42.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "09d525d2ba30eeb3297665bd434a54297e4170c7f1a44cad4ef58095b4cd2028" +checksum = "628bfdf232daa22b0d64fdb62b09fcc36bb01f05a3939e20ab73aaf9470d0463" [[package]] name = "windows_x86_64_msvc" -version = "0.42.0" +version = "0.42.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f40009d85759725a34da6d89a94e63d7bdc50a862acf0dbc7c8e488f1edcb6f5" +checksum = "447660ad36a13288b1db4d4248e857b510e8c3a225c822ba4fb748c0aafecffd" [[package]] name = "zbus" @@ -2623,9 +2704,9 @@ dependencies = [ [[package]] name = "zvariant" -version = "3.10.0" +version = "3.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "576cc41e65c7f283e5460f5818073e68fb1f1631502b969ef228c2e03c862efb" +checksum = "903169c05b9ab948ee93fefc9127d08930df4ce031d46c980784274439803e51" dependencies = [ "byteorder", "enumflags2", @@ -2637,9 +2718,9 @@ dependencies = [ [[package]] name = "zvariant_derive" -version = "3.10.0" +version = "3.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fd4aafc0dee96ae7242a24249ce9babf21e1562822f03df650d4e68c20e41ed" +checksum = "cce76636e8fab7911be67211cf378c252b115ee7f2bae14b18b84821b39260b5" dependencies = [ "proc-macro-crate", "proc-macro2", diff --git a/Cargo.toml b/Cargo.toml index de0b46500..dec4d5dbe 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -14,10 +14,15 @@ build = "build.rs" [package.metadata.vendor-filter] # This list is not exhaustive. -platforms = ["x86_64-unknown-linux-gnu", "aarch64-unknown-linux-gnu", "powerpc64le-unknown-linux-gnu", - "s390x-unknown-linux-gnu", "riscv64gc-unknown-linux-gnu", - "x86_64-unknown-linux-musl", "aarch64-unknown-linux-musl", - ] +platforms = [ + "x86_64-unknown-linux-gnu", + "aarch64-unknown-linux-gnu", + "powerpc64le-unknown-linux-gnu", + "s390x-unknown-linux-gnu", + "riscv64gc-unknown-linux-gnu", + "x86_64-unknown-linux-musl", + "aarch64-unknown-linux-musl", +] # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [features] @@ -41,12 +46,15 @@ zbus = { version = "3.10.0" } nix = "0.26.2" rand = "0.8.5" sha2 = "0.10.6" -netlink-packet-route = "0.13" -netlink-packet-core = "0.4.2" +netlink-packet-route = "0.15" +netlink-packet-core = "0.5.0" +netlink-packet-wireguard = { git = "https://github.com/rust-netlink/netlink-packet-wireguard", version = "0.2.2" } +netlink-packet-generic = "0.3.2" fs2 = "0.4.3" netlink-sys = "0.8.4" -netavark_proxy = { git = "https://github.com/containers/netavark-dhcp-proxy"} +netavark_proxy = { git = "https://github.com/containers/netavark-dhcp-proxy" } tokio = { version = "1.25", features = ["rt"] } +base64 = "0.13.1" [build-dependencies] chrono = { version = "0.4.22", default-features = false, features = ["clock"] } diff --git a/src/network/bridge.rs b/src/network/bridge.rs index 55cbf8d20..ef8ec580e 100644 --- a/src/network/bridge.rs +++ b/src/network/bridge.rs @@ -92,7 +92,7 @@ impl driver::NetworkDriver for Bridge<'_> { fn setup( &self, - netlink_sockets: (&mut netlink::Socket, &mut netlink::Socket), + netlink_sockets: (&mut netlink::LinkSocket, &mut netlink::LinkSocket), ) -> NetavarkResult<(StatusBlock, Option)> { let data = match &self.data { Some(d) => d, @@ -228,7 +228,7 @@ impl driver::NetworkDriver for Bridge<'_> { fn teardown( &self, - netlink_sockets: (&mut netlink::Socket, &mut netlink::Socket), + netlink_sockets: (&mut netlink::LinkSocket, &mut netlink::LinkSocket), ) -> NetavarkResult<()> { let (host_sock, netns_sock) = netlink_sockets; @@ -458,8 +458,8 @@ fn setup_ipv6_fw_sysctl() -> NetavarkResult<()> { /// returns the container veth mac address fn create_interfaces( - host: &mut netlink::Socket, - netns: &mut netlink::Socket, + host: &mut netlink::LinkSocket, + netns: &mut netlink::LinkSocket, data: &InternalData, internal: bool, hostns_fd: RawFd, @@ -528,8 +528,8 @@ fn create_interfaces( /// return the container veth mac address fn create_veth_pair( - host: &mut netlink::Socket, - netns: &mut netlink::Socket, + host: &mut netlink::LinkSocket, + netns: &mut netlink::LinkSocket, data: &InternalData, primary_index: u32, internal: bool, @@ -658,8 +658,8 @@ fn check_link_is_bridge(msg: LinkMessage, br_name: &str) -> NetavarkResult NetavarkResult { diff --git a/src/network/constants.rs b/src/network/constants.rs index e59442709..7117565ec 100644 --- a/src/network/constants.rs +++ b/src/network/constants.rs @@ -11,6 +11,7 @@ pub const IPAM_NONE: &str = "none"; pub const DRIVER_BRIDGE: &str = "bridge"; pub const DRIVER_IPVLAN: &str = "ipvlan"; pub const DRIVER_MACVLAN: &str = "macvlan"; +pub const DRIVER_WIREGUARD: &str = "wireguard"; pub const OPTION_ISOLATE: &str = "isolate"; pub const OPTION_MTU: &str = "mtu"; diff --git a/src/network/core_utils.rs b/src/network/core_utils.rs index 5748c5e5f..1cbdc5c6d 100644 --- a/src/network/core_utils.rs +++ b/src/network/core_utils.rs @@ -308,7 +308,7 @@ pub struct NamespaceOptions { /// as long as the File object is valid pub file: File, pub fd: RawFd, - pub netlink: netlink::Socket, + pub netlink: netlink::LinkSocket, } pub fn open_netlink_sockets( @@ -317,13 +317,13 @@ pub fn open_netlink_sockets( let netns = open_netlink_socket(netns_path).wrap("open container netns")?; let hostns = open_netlink_socket("/proc/self/ns/net").wrap("open host netns")?; - let host_socket = netlink::Socket::new().wrap("host netlink socket")?; + let host_socket = netlink::LinkSocket::new().wrap("host netlink socket")?; exec_netns!( hostns.1, netns.1, res, - netlink::Socket::new().wrap("netns netlink socket") + netlink::LinkSocket::new().wrap("netns netlink socket") ); let netns_sock = res?; @@ -341,6 +341,23 @@ pub fn open_netlink_sockets( )) } +pub fn open_generic_netlink_sockets_from_fd( + host_fd: i32, + netns_fd: i32, +) -> NetavarkResult<(netlink::GenericSocket, netlink::GenericSocket)> { + let host_socket = netlink::GenericSocket::new().wrap("host netlink socket")?; + + exec_netns!( + host_fd, + netns_fd, + res, + netlink::GenericSocket::new().wrap("netns netlink socket") + ); + + let netns_sock = res?; + Ok((host_socket, netns_sock)) +} + fn open_netlink_socket(netns_path: &str) -> NetavarkResult<(File, RawFd)> { let ns = wrap!(File::open(netns_path), format!("open {}", netns_path))?; let ns_fd = ns.as_raw_fd(); @@ -348,7 +365,7 @@ fn open_netlink_socket(netns_path: &str) -> NetavarkResult<(File, RawFd)> { } pub fn add_default_routes( - sock: &mut netlink::Socket, + sock: &mut netlink::LinkSocket, gws: &[ipnet::IpNet], metric: Option, ) -> NetavarkResult<()> { diff --git a/src/network/driver.rs b/src/network/driver.rs index 74e123c01..937e05616 100644 --- a/src/network/driver.rs +++ b/src/network/driver.rs @@ -11,6 +11,7 @@ use super::{ constants, netlink, types::{Network, PerNetworkOptions, PortMapping, StatusBlock}, vlan::Vlan, + wireguard::WireGuard, }; use std::os::unix::io::RawFd; @@ -34,12 +35,12 @@ pub trait NetworkDriver { /// setup the network interfaces/firewall rules for this driver fn setup( &self, - netlink_sockets: (&mut netlink::Socket, &mut netlink::Socket), + netlink_sockets: (&mut netlink::LinkSocket, &mut netlink::LinkSocket), ) -> NetavarkResult<(StatusBlock, Option)>; /// teardown the network interfaces/firewall rules for this driver fn teardown( &self, - netlink_sockets: (&mut netlink::Socket, &mut netlink::Socket), + netlink_sockets: (&mut netlink::LinkSocket, &mut netlink::LinkSocket), ) -> NetavarkResult<()>; /// return the network name @@ -50,6 +51,7 @@ pub fn get_network_driver(info: DriverInfo) -> NetavarkResult Ok(Box::new(Bridge::new(info))), constants::DRIVER_IPVLAN | constants::DRIVER_MACVLAN => Ok(Box::new(Vlan::new(info))), + constants::DRIVER_WIREGUARD => Ok(Box::new(WireGuard::new(info))), _ => Err(NetavarkError::Message(format!( "unknown network driver {}", diff --git a/src/network/mod.rs b/src/network/mod.rs index 45d04ce80..3f47de9d1 100644 --- a/src/network/mod.rs +++ b/src/network/mod.rs @@ -17,6 +17,7 @@ pub mod internal_types; mod macvlan_dhcp; pub mod netlink; pub mod vlan; +pub mod wireguard; impl types::NetworkOptions { pub fn load(path: Option) -> NetavarkResult { diff --git a/src/network/netlink.rs b/src/network/netlink.rs index 4b11a2894..18589e153 100644 --- a/src/network/netlink.rs +++ b/src/network/netlink.rs @@ -9,21 +9,167 @@ use crate::{ wrap, }; use log::{info, trace}; +use netlink_packet_core::{ + NetlinkDeserializable, NetlinkMessage, NetlinkPayload, NetlinkSerializable, NLM_F_ACK, + NLM_F_CREATE, NLM_F_DUMP, NLM_F_EXCL, NLM_F_REQUEST, +}; +use netlink_packet_generic::{ + ctrl::{nlas::GenlCtrlAttrs, GenlCtrl, GenlCtrlCmd}, + GenlMessage, +}; use netlink_packet_route::{ nlas::link::{Info, InfoData, InfoKind, Nla}, - AddressMessage, LinkMessage, NetlinkHeader, NetlinkMessage, NetlinkPayload, RouteMessage, - RtnlMessage, AF_INET, AF_INET6, IFF_UP, NLM_F_ACK, NLM_F_CREATE, NLM_F_DUMP, NLM_F_EXCL, - NLM_F_REQUEST, RTN_UNICAST, RTPROT_STATIC, RTPROT_UNSPEC, RT_SCOPE_UNIVERSE, RT_TABLE_MAIN, + AddressMessage, LinkMessage, RouteMessage, RtnlMessage, AF_INET, AF_INET6, IFF_UP, RTN_UNICAST, + RTPROT_STATIC, RTPROT_UNSPEC, RT_SCOPE_UNIVERSE, RT_TABLE_MAIN, +}; +use netlink_packet_wireguard::{nlas::WgDeviceAttrs, Wireguard, WireguardCmd}; +use netlink_sys::{ + protocols::{NETLINK_GENERIC, NETLINK_ROUTE}, + SocketAddr, }; -use netlink_sys::{protocols::NETLINK_ROUTE, SocketAddr}; -pub struct Socket { - socket: netlink_sys::Socket, - sequence_number: u32, - /// buffer size for reading netlink messages, see NLMSG_GOODSIZE in the kernel - buffer: [u8; 8192], +// helper macros +macro_rules! expect_netlink_result { + ($result:expr, $count:expr) => { + if $result.len() != $count { + return Err(NetavarkError::msg(format!( + "{}: unexpected netlink result (got {} result(s), want {})", + function!(), + $result.len(), + $count + ))); + } + }; +} + +/// get the function name of the currently executed function +/// taken from https://stackoverflow.com/a/63904992 +macro_rules! function { + () => {{ + fn f() {} + fn type_name_of(_: T) -> &'static str { + std::any::type_name::() + } + let name = type_name_of(f); + + // Find and cut the rest of the path + match &name[..name.len() - 3].rfind(':') { + Some(pos) => &name[pos + 1..name.len() - 3], + None => &name[..name.len() - 3], + } + }}; +} + +// Generic Trait over all sockets +pub enum NetlinkType { + NetlinkRoute = NETLINK_ROUTE, + NetlinkGeneric = NETLINK_GENERIC, +} + +pub trait NetlinkSocket { + fn send(&mut self, msg: T, flags: u16, family: Option) -> NetavarkResult<()> + where + T: NetlinkSerializable + std::fmt::Debug + Into>, + { + let mut nlmsg = NetlinkMessage::from(msg); + nlmsg.header.flags = NLM_F_REQUEST | flags; + nlmsg.header.sequence_number = self.increase_sequence_number(); + nlmsg.finalize(); + + if let Some(family) = family { + nlmsg.header.message_type = family; + } + + // buffer size for netlink messages, see NLMSG_GOODSIZE in the kernel + let mut buffer = [0; 8192]; + let socket = self.get_socket(); + + nlmsg.serialize(&mut buffer[..]); + + trace!("sending GenlCtrl netlink msg: {:?}", nlmsg); + socket.send(&buffer[..nlmsg.buffer_len()], 0)?; + Ok(()) + } + + fn get_socket(&self) -> &netlink_sys::Socket; + fn get_sequence_number(&self) -> u32; + fn increase_sequence_number(&mut self) -> u32; + + fn recv(&mut self, multi: bool) -> NetavarkResult> + where + T: std::fmt::Debug + NetlinkDeserializable, + { + let mut offset = 0; + let mut result = Vec::new(); + + // if multi is set we expect a multi part message + let socket = self.get_socket(); + let sequence_number = self.get_sequence_number(); + // buffer size for netlink messages, see NLMSG_GOODSIZE in the kernel + let mut buffer = [0; 8192]; + loop { + let size = wrap!(socket.recv(&mut &mut buffer[..], 0), "recv from netlink")?; + + loop { + let bytes = &buffer[offset..]; + let rx_packet: NetlinkMessage = + NetlinkMessage::deserialize(bytes).map_err(|e| { + NetavarkError::Message(format!( + "failed to deserialize netlink message: {}", + e, + )) + })?; + trace!("read netlink packet: {:?}", rx_packet); + + if rx_packet.header.sequence_number != sequence_number { + return Err(NetavarkError::msg(format!( + "netlink: sequence_number out of sync (got {}, want {})", + rx_packet.header.sequence_number, sequence_number, + ))); + } + + match rx_packet.payload { + NetlinkPayload::Done => return Ok(result), + NetlinkPayload::Error(e) | NetlinkPayload::Ack(e) => { + if e.code != 0 { + return Err(e.into()); + } + return Ok(result); + } + NetlinkPayload::Noop => { + return Err(NetavarkError::msg( + "unimplemented netlink message type NOOP", + )) + } + NetlinkPayload::Overrun(_) => { + return Err(NetavarkError::msg( + "unimplemented netlink message type OVERRUN", + )) + } + NetlinkPayload::InnerMessage(msg) => { + result.push(msg); + if !multi { + return Ok(result); + } + } + _ => { + // The NetlinkPayload could have new members that are not yet covered by + // netavark. This is because of https://github.com/rust-netlink/netlink-packet-core/commit/53a4c4ecfec60e1f26ad8b6aaa62abc7b112df50 + return Err(NetavarkError::msg("unimplemented netlink message type")); + } + }; + + offset += rx_packet.header.length as usize; + if offset == size || rx_packet.header.length == 0 { + offset = 0; + break; + } + } + } + } } +// Netlink API for Links #[derive(Clone)] pub struct CreateLinkOptions { pub name: String, @@ -72,48 +218,36 @@ impl std::fmt::Display for Route { } } -macro_rules! expect_netlink_result { - ($result:expr, $count:expr) => { - if $result.len() != $count { - return Err(NetavarkError::msg(format!( - "{}: unexpected netlink result (got {} result(s), want {})", - function!(), - $result.len(), - $count - ))); - } - }; +pub struct LinkSocket { + socket: netlink_sys::Socket, + sequence_number: u32, } -/// get the function name of the currently executed function -/// taken from https://stackoverflow.com/a/63904992 -macro_rules! function { - () => {{ - fn f() {} - fn type_name_of(_: T) -> &'static str { - std::any::type_name::() - } - let name = type_name_of(f); +impl NetlinkSocket for LinkSocket { + fn get_socket(&self) -> &netlink_sys::Socket { + &self.socket + } - // Find and cut the rest of the path - match &name[..name.len() - 3].rfind(':') { - Some(pos) => &name[pos + 1..name.len() - 3], - None => &name[..name.len() - 3], - } - }}; + fn get_sequence_number(&self) -> u32 { + self.sequence_number + } + + fn increase_sequence_number(&mut self) -> u32 { + self.sequence_number += 1; + self.sequence_number + } } -impl Socket { - pub fn new() -> NetavarkResult { +impl LinkSocket { + pub fn new() -> NetavarkResult { let mut socket = wrap!(netlink_sys::Socket::new(NETLINK_ROUTE), "open")?; let addr = &SocketAddr::new(0, 0); wrap!(socket.bind(addr), "bind")?; wrap!(socket.connect(addr), "connect")?; - Ok(Socket { + Ok(LinkSocket { socket, sequence_number: 0, - buffer: [0; 8192], }) } @@ -171,6 +305,16 @@ impl Socket { Ok(()) } + pub fn set_link_ns(&mut self, link_id: u32, netns_fd: i32) -> NetavarkResult<()> { + let mut msg = LinkMessage::default(); + msg.header.index = link_id; + msg.nlas.push(Nla::NetNsFd(netns_fd)); + + let result = self.make_netlink_request(RtnlMessage::SetLink(msg), NLM_F_ACK)?; + expect_netlink_result!(result, 0); + Ok(()) + } + fn create_addr_msg(link_id: u32, addr: &ipnet::IpNet) -> AddressMessage { let mut msg = AddressMessage::default(); msg.header.index = link_id; @@ -364,92 +508,9 @@ impl Socket { msg: RtnlMessage, flags: u16, ) -> NetavarkResult> { - self.send(msg, flags).wrap("send to netlink")?; + self.send(msg, flags, None).wrap("send to netlink")?; self.recv(flags & NLM_F_DUMP == NLM_F_DUMP) } - - fn send(&mut self, msg: RtnlMessage, flags: u16) -> NetavarkResult<()> { - let mut packet = NetlinkMessage { - header: NetlinkHeader::default(), - payload: NetlinkPayload::from(msg), - }; - packet.header.flags = NLM_F_REQUEST | flags; - packet.header.sequence_number = { - self.sequence_number += 1; - self.sequence_number - }; - packet.finalize(); - - packet.serialize(&mut self.buffer[..]); - trace!("send netlink packet: {:?}", packet); - - self.socket.send(&self.buffer[..packet.buffer_len()], 0)?; - Ok(()) - } - - fn recv(&mut self, multi: bool) -> NetavarkResult> { - let mut offset = 0; - let mut result = Vec::new(); - - // if multi is set we expect a multi part message - loop { - let size = wrap!( - self.socket.recv(&mut &mut self.buffer[..], 0), - "recv from netlink" - )?; - - loop { - let bytes = &self.buffer[offset..]; - let rx_packet: NetlinkMessage = NetlinkMessage::deserialize(bytes) - .map_err(|e| { - NetavarkError::Message(format!( - "failed to deserialize netlink message: {}", - e, - )) - })?; - trace!("read netlink packet: {:?}", rx_packet); - - if rx_packet.header.sequence_number != self.sequence_number { - return Err(NetavarkError::msg(format!( - "netlink: sequence_number out of sync (got {}, want {})", - rx_packet.header.sequence_number, self.sequence_number, - ))); - } - - match rx_packet.payload { - NetlinkPayload::Done => return Ok(result), - NetlinkPayload::Error(e) | NetlinkPayload::Ack(e) => { - if e.code != 0 { - return Err(e.into()); - } - return Ok(result); - } - NetlinkPayload::Noop => { - return Err(NetavarkError::msg( - "unimplemented netlink message type NOOP", - )) - } - NetlinkPayload::Overrun(_) => { - return Err(NetavarkError::msg( - "unimplemented netlink message type OVERRUN", - )) - } - NetlinkPayload::InnerMessage(msg) => { - result.push(msg); - if !multi { - return Ok(result); - } - } - }; - - offset += rx_packet.header.length as usize; - if offset == size || rx_packet.header.length == 0 { - offset = 0; - break; - } - } - } - } } impl CreateLinkOptions { @@ -506,3 +567,100 @@ pub fn parse_create_link_options(msg: &mut LinkMessage, options: CreateLinkOptio msg.nlas.push(Nla::NetNsFd(options.netns)); } } + +// Netlink API for Generic Sockets + +pub struct GenericSocket { + socket: netlink_sys::Socket, + sequence_number: u32, + wireguard_family: Option, +} + +impl NetlinkSocket for GenericSocket { + fn get_socket(&self) -> &netlink_sys::Socket { + &self.socket + } + + fn get_sequence_number(&self) -> u32 { + self.sequence_number + } + + fn increase_sequence_number(&mut self) -> u32 { + self.sequence_number += 1; + self.sequence_number + } +} + +impl GenericSocket { + pub fn new() -> NetavarkResult { + let mut socket = wrap!(netlink_sys::Socket::new(NETLINK_GENERIC), "open")?; + let kernel_addr = &SocketAddr::new(0, 0); + wrap!(socket.bind_auto(), "bind")?; + wrap!(socket.connect(kernel_addr), "connect")?; + + Ok(GenericSocket { + socket, + sequence_number: 0, + wireguard_family: None, + }) + } + + pub fn set_wireguard_device(&mut self, nlas: Vec) -> NetavarkResult<()> { + let msg: GenlMessage = GenlMessage::from_payload(Wireguard { + cmd: WireguardCmd::SetDevice, + nlas, + }); + let result = self.make_wireguard_request(msg, NLM_F_ACK)?; + expect_netlink_result!(result, 0); + Ok(()) + } + + fn query_family_id(&mut self, family_name: &'static str) -> NetavarkResult { + let genlmsg: GenlMessage = GenlMessage::from_payload(GenlCtrl { + cmd: GenlCtrlCmd::GetFamily, + nlas: vec![GenlCtrlAttrs::FamilyName(family_name.to_owned())], + }); + let mut result = self.make_ctrl_request(genlmsg, true, NLM_F_ACK)?; + expect_netlink_result!(result, 1); + let result: GenlMessage = result.remove(0); + let mut family: Option = None; + for nla in result.payload.nlas { + if let GenlCtrlAttrs::FamilyId(m) = nla { + family = Some(m) + } + } + match family { + Some(fam) => Ok(fam), + None => Err(NetavarkError::msg( + "Unable to resolve netlink family id for WireGuard API packets", + )), + } + } + + fn make_ctrl_request( + &mut self, + msg: GenlMessage, + multi: bool, + flags: u16, + ) -> NetavarkResult>> { + self.send(msg, flags, None).wrap("send to netlink")?; + self.recv(multi) + } + + fn make_wireguard_request( + &mut self, + msg: GenlMessage, + flags: u16, + ) -> NetavarkResult>> { + if self.wireguard_family.is_none() { + let family = self + .query_family_id("wireguard") + .expect("Could not resolve family_id for WireGuard netlink API"); + trace!("WireGuard family ID is: {:?}", family); + self.wireguard_family = Some(family); + } + self.send(msg, flags, self.wireguard_family) + .wrap("send to netlink")?; + self.recv(flags & NLM_F_DUMP == NLM_F_DUMP) + } +} diff --git a/src/network/netlink_link.rs b/src/network/netlink_link.rs new file mode 100644 index 000000000..e69de29bb diff --git a/src/network/types.rs b/src/network/types.rs index 317f39e7c..a0ca0369c 100644 --- a/src/network/types.rs +++ b/src/network/types.rs @@ -108,6 +108,10 @@ pub struct PerNetworkOptions { /// MAC address for the container interface. #[serde(rename = "static_mac")] pub static_mac: Option, + + /// Additional options for a network + #[serde(rename = "options")] + pub options: Option>, } /// PortMapping is one or more ports that will be mapped into the container. diff --git a/src/network/vlan.rs b/src/network/vlan.rs index 8015f22e9..daa79914f 100644 --- a/src/network/vlan.rs +++ b/src/network/vlan.rs @@ -130,7 +130,7 @@ impl driver::NetworkDriver for Vlan<'_> { fn setup( &self, - netlink_sockets: (&mut netlink::Socket, &mut netlink::Socket), + netlink_sockets: (&mut netlink::LinkSocket, &mut netlink::LinkSocket), ) -> Result<(StatusBlock, Option), NetavarkError> { let data = match &self.data { Some(d) => d, @@ -193,7 +193,7 @@ impl driver::NetworkDriver for Vlan<'_> { fn teardown( &self, - netlink_sockets: (&mut netlink::Socket, &mut netlink::Socket), + netlink_sockets: (&mut netlink::LinkSocket, &mut netlink::LinkSocket), ) -> NetavarkResult<()> { let ipam = get_ipam_addresses(self.info.per_network_opts, self.info.network)?; let if_name = self.info.per_network_opts.interface_name.clone(); @@ -231,8 +231,8 @@ impl driver::NetworkDriver for Vlan<'_> { } fn setup( - host: &mut netlink::Socket, - netns: &mut netlink::Socket, + host: &mut netlink::LinkSocket, + netns: &mut netlink::LinkSocket, if_name: &str, data: &InternalData, hostns_fd: RawFd, @@ -354,7 +354,7 @@ fn get_mac_address(v: Vec) -> NetavarkResult { )) } -fn get_default_route_interface(host: &mut netlink::Socket) -> NetavarkResult { +fn get_default_route_interface(host: &mut netlink::LinkSocket) -> NetavarkResult { let routes = host.dump_routes().wrap("dump routes")?; for route in routes { diff --git a/src/network/wireguard.rs b/src/network/wireguard.rs new file mode 100644 index 000000000..fd15ffde0 --- /dev/null +++ b/src/network/wireguard.rs @@ -0,0 +1,681 @@ +use std::net::ToSocketAddrs; +use std::{collections::HashMap, convert::TryInto, net::IpAddr, os::unix::prelude::RawFd}; +use std::{net, vec}; + +use base64::decode; +use ipnet::IpNet; +use log::debug; +use netlink_packet_route::nlas::link::InfoKind; +use netlink_packet_wireguard::constants::{AF_INET, AF_INET6}; +use netlink_packet_wireguard::nlas::{ + WgAllowedIp, WgAllowedIpAttrs, WgDeviceAttrs, WgPeer, WgPeerAttrs, +}; + +use crate::network::netlink::Route; +use crate::network::types::NetInterface; +use crate::{ + dns::aardvark::AardvarkEntry, + error::{ErrorWrap, NetavarkError, NetavarkResult}, +}; + +use super::{ + constants::NO_CONTAINER_INTERFACE_ERROR, + core_utils, + driver::{self, DriverInfo}, + netlink::{self, CreateLinkOptions}, + types::StatusBlock, +}; + +// TODO_WG: Document the option +const CONFIG_OPTION: &str = "config"; + +#[derive(Debug)] +struct Peer { + /// IPs that will be forwarded to the Peer + /// and from which traffic is accepted + allowed_ips: Vec, + /// Seconds between Handshakes sent to peer + /// in order to keep the connection alive + /// Optional + persistent_keepalive: Option, + /// Peers public key to verify traffic during crypto routing + public_key: [u8; 32], + preshared_key: Option<[u8; 32]>, + endpoint: Option, +} + +#[derive(Debug)] +struct InternalData { + /// WireGuard interface name + interface_name: String, + /// addresses of the WireGuard interface + addresses: Vec, + /// + private_key: [u8; 32], + /// mtu for the network interface (0 if default) + mtu: u16, + /// WireGuard peers + peers: Vec, + /// Listening Port + /// Optional + port: Option, +} + +pub struct WireGuard<'a> { + info: DriverInfo<'a>, + data: Option, +} + +impl<'a> WireGuard<'a> { + pub fn new(info: DriverInfo<'a>) -> Self { + WireGuard { info, data: None } + } +} + +impl driver::NetworkDriver for WireGuard<'_> { + fn network_name(&self) -> String { + self.info.network.name.clone() + } + + fn validate(&mut self) -> NetavarkResult<()> { + if self.info.per_network_opts.interface_name.is_empty() { + return Err(NetavarkError::msg(NO_CONTAINER_INTERFACE_ERROR)); + } + + let options = match &self.info.per_network_opts.options { + Some(options) => options, + None => { + return Err(NetavarkError::msg( + "no options specified for WireGuard driver", + )) + } + }; + + let config_path = match options.get(CONFIG_OPTION) { + Some(path) => path, + None => { + return Err(NetavarkError::msg( + "no path to WireGuard config file specified", + )) + } + }; + + let data = match parse_config( + config_path, + self.info.per_network_opts.interface_name.clone(), + ) { + Ok(data) => data, + Err(e) => { + return Err(NetavarkError::msg(format!( + "when parsing WireGuard config: {:?}", + e + ))) + } + }; + + // Peer Validation + for (index, peer) in data.peers.iter().enumerate() { + if peer.public_key == [0; 32] { + return Err(NetavarkError::msg(format!( + "invalid WireGuard configuration: Peer #{:?} is missing a PublicKey", + index + ))); + } + if peer.allowed_ips.is_empty() { + return Err(NetavarkError::msg(format!( + "invalid WireGuard configuration: Peer #{:?} is missing AllowedIPs", + index + ))); + } + } + + // Interface Validation + // will succeed if the interface has an Address and a PrivateKey + if data.private_key == [0; 32] { + return Err(NetavarkError::msg( + "invalid WireGuard configuration: Interface is missing a PrivateKey".to_string(), + )); + } + if data.addresses.is_empty() { + return Err(NetavarkError::msg( + "invalid WireGuard configuration: Interface is missing an Address".to_string(), + )); + } + self.data = Some(data); + + Ok(()) + } + + fn setup( + &self, + netlink_sockets: (&mut netlink::LinkSocket, &mut netlink::LinkSocket), + ) -> Result<(StatusBlock, Option), NetavarkError> { + let (mut generic_host_sock, mut generic_netns_sock) = + match core_utils::open_generic_netlink_sockets_from_fd( + self.info.netns_host, + self.info.netns_container, + ) { + Ok(tuple) => tuple, + Err(e) => return Err(e), + }; + + let data = match &self.data { + Some(d) => d, + None => return Err(NetavarkError::msg("must call validate() before setup()")), + }; + + debug!("Setup network {}", self.info.network.name); + debug!( + "Container interface name: {} with IP addresses {:?}", + self.info.per_network_opts.interface_name, data.addresses + ); + + let (host_sock, netns_sock) = netlink_sockets; + + let interface = create_wireguard_interface( + (host_sock, &mut generic_host_sock), + (netns_sock, &mut generic_netns_sock), + data, + self.info.netns_host, + self.info.netns_container, + )?; + let mut interfaces: HashMap = HashMap::new(); + interfaces.insert( + interface, + NetInterface { + mac_address: "".to_string(), + subnets: None, + }, + ); + + let response = StatusBlock { + dns_server_ips: None, + dns_search_domains: None, + interfaces: Some(interfaces), + }; + Ok((response, None)) + } + + fn teardown( + &self, + netlink_sockets: (&mut netlink::LinkSocket, &mut netlink::LinkSocket), + ) -> NetavarkResult<()> { + netlink_sockets.1.del_link(netlink::LinkID::Name( + self.info.per_network_opts.interface_name.to_string(), + ))?; + Ok(()) + } +} + +fn create_wireguard_interface( + host: (&mut netlink::LinkSocket, &mut netlink::GenericSocket), + netns: (&mut netlink::LinkSocket, &mut netlink::GenericSocket), + data: &InternalData, + hostns_fd: RawFd, + netns_fd: RawFd, +) -> NetavarkResult { + let (host_link_socket, _host_generic_socket) = host; + let (netns_link_socket, netns_generic_socket) = netns; + + let mut create_link_opts = + CreateLinkOptions::new(data.interface_name.to_string(), InfoKind::Wireguard); + create_link_opts.mtu = data.mtu as u32; + + debug!( + "Creating WireGuard interface {}", + data.interface_name.to_string() + ); + + host_link_socket + .create_link(create_link_opts) + .wrap("create WireGuard interface: {}")?; + + let link = host_link_socket + .get_link(netlink::LinkID::Name(data.interface_name.to_string())) + .wrap("get WireGuard interface")?; + + debug!( + "Moving WireGuard interface {} from namespace {} to container namespace {}", + data.interface_name.to_string(), + hostns_fd, + netns_fd + ); + host_link_socket + .set_link_ns(link.header.index, netns_fd) + .wrap("moving WireGuard interface to container network namespace")?; + + debug!( + "Adding Addresses to WireGuard interface {}", + data.interface_name.to_string() + ); + + for addr in &data.addresses { + netns_link_socket + .add_addr(link.header.index, addr) + .wrap("add ip addr to WireGuard interface")?; + } + + let nlas = generate_wireguard_device_nlas(data); + + debug!( + "Setting up WireGuard interface {}", + data.interface_name.to_string() + ); + netns_generic_socket + .set_wireguard_device(nlas) + .wrap("add WireGuard interface settings")?; + + if !data.peers.is_empty() { + debug!( + "Adding Peers to WireGuard interface {}", + data.interface_name.to_string() + ); + + for peer in data.peers[..].iter() { + let nlas = generate_peer_nlas_for_wireguard_device(peer, data.interface_name.clone()); + netns_generic_socket + .set_wireguard_device(nlas) + .wrap("add Peer {:?} to WireGuard interface")?; + } + } + + debug!( + "Activating WireGuard interface {}", + data.interface_name.to_string(), + ); + + netns_link_socket + .set_up(netlink::LinkID::Name(data.interface_name.to_string())) + .wrap("set WireGuard interface up")?; + + for peer in data.peers[..].iter() { + let routes = generate_routes_for_peer(&data.addresses, &peer.allowed_ips); + for route in routes { + netns_link_socket.add_route(&route)?; + } + } + + Ok(data.interface_name.clone()) +} + +fn parse_config(path: &String, interface_name: String) -> Result { + // Get configuration data from file + let config_data = match std::fs::read_to_string(path) { + Ok(data) => data, + Err(e) => return Err(format!("problem reading WireGuard config: {:?}", e)), + }; + + // Setup line based parsing + // with empty data structures to store into + // + // Only Peer and Interface sections exists + // [Interface] can only be specified once and subsequent definitions + // will overwrite previously stored data + // + // If a [Peer] section is encountered a new Peer is added + let lines = config_data.lines(); + let mut peers: Vec = vec![]; + let mut interface = InternalData { + interface_name: "".to_string(), + addresses: vec![], + private_key: [0x00; 32], + mtu: 1420, + peers: vec![], + port: None, + }; + let mut interface_section = false; + let mut peer_section = false; + + for (index, line) in lines.into_iter().enumerate() { + if line.trim_start() == "" || line.trim_start().chars().next().unwrap().to_string() == "#" { + continue; + } + if line == "[Interface]" { + interface_section = true; + peer_section = false; + continue; + } + if line == "[Peer]" { + interface_section = false; + peer_section = true; + // Add a new peer to the peers array + // which will be used to store information + // from lines that will be parsed next + peers.push(Peer { + allowed_ips: vec![], + persistent_keepalive: None, + public_key: [0; 32], + preshared_key: None, + endpoint: None, + }); + continue; + } + // splitting once gives key and value. + // Using any other split can conflict with the base64 encoded keys + let (key, value) = match line.split_once('=') { + Some(tuple) => { + let key: String = tuple.0.split_whitespace().collect(); + let value: String = tuple.1.split_whitespace().collect(); + (key, value) + } + None => { + return Err(format!( + "when parsing WireGuard configuration {} on line: {}.", + line, index + )) + } + }; + if !key.is_empty() && value.is_empty() && value.is_empty() { + return Err(format!( + "when parsing WireGuard configuration {} on line {}. No value provided.", + key, index + )); + } + if interface_section { + match key.as_str() { + "Address" => { + let ip_with_cidr = add_cidr_to_ip_addr_if_missing(value.clone()); + let ip: IpNet = match ip_with_cidr.parse() { + Ok(ip) => ip, + Err(e) => { + return Err(format!( + "{:?} when parsing WireGuard interface address: {:?}", + e, value + )) + } + }; + interface.addresses.push(ip) + } + "ListenPort" => { + let port = match value.parse::() { + Ok(port) => port, + Err(e) => { + return Err(format!( + "{:?} when parsing WireGuard interface port: {:?}", + e, value + )); + } + }; + interface.port = Some(port); + } + "PrivateKey" => { + interface.private_key = match decode(value.clone()) { + Ok(key) => match key.try_into() { + Ok(key) => key, + Err(e) => { + return Err(format!( + "{:?} when decoding base64 PrivateKey: {:?}. Is it 32 bytes?", + e, value + )) + } + }, + Err(e) => { + return Err(format!( + "{:?} when decoding base64 PrivateKey: {:?}", + e, value + )) + } + } + } + _ => { + debug!( + "Ignoring key `{}` in WireGuard interface configuration", + key + ); + } + } + } + if peer_section { + let current_peer_index = peers.len() - 1; + let current_peer = &mut peers[current_peer_index]; + match key.as_str() { + "AllowedIPs" => { + let ips = value.split(','); + for ip in ips { + let ip_with_cidr = add_cidr_to_ip_addr_if_missing(ip.to_string()); + let ip: IpNet = match ip_with_cidr.parse() { + Ok(ip) => ip, + Err(e) => { + return Err(format!( + "{:?} when parsing WireGuard peers AllowedIPs: {:?}. Occurs in {:?}", + e, value, ip + )) + } + }; + current_peer.allowed_ips.push(ip); + } + } + "Endpoint" => { + current_peer.endpoint = match parse_endpoint(value.clone()) { + Ok(endpoint) => endpoint, + Err(e) => { + return Err(format!( + "when trying to parse Endpoint {} for peer {}: {:?}", + value, current_peer_index, e + )) + } + } + } + "PublicKey" => { + current_peer.public_key = match decode(value.clone()) { + Ok(key) => match key.try_into() { + Ok(key) => key, + Err(e) => { + return Err(format!( + "{:?} when decoding base64 PublicKey: {:?} for peer {:?}. Is it 32 bytes?", + e, value, current_peer_index + )) + } + }, + Err(e) => { + return Err(format!( + "{:?} when decoding base64 PublicKey: {:?} for peer {:?}", + e, value, current_peer_index + )) + } + } + } + "PresharedKey" => { + current_peer.preshared_key = match decode(value.clone()) { + Ok(key) => match key.try_into() { + Ok(key) => Some(key), + Err(e) => { + return Err(format!( + "{:?} when decoding base64 PresharedKey: {:?} for peer {:?}. Is it 32 bytes?", + e, value, current_peer_index + )) + } + }, + Err(e) => { + return Err(format!( + "{:?} when decoding base64 PresharedKey: {:?} for peer {:?}", + e, value, current_peer_index + )) + } + } + } + "PersistentKeepalive" => { + let keepalive = match value.parse::() { + Ok(keepalive) => keepalive, + Err(e) => { + return Err(format!( + "{:?} when parsing WireGuard peers PersistentKeepalive value: {:?}", + e, value + )); + } + }; + current_peer.persistent_keepalive = Some(keepalive); + } + _ => { + debug!("Ignoring key `{}` in WireGuard peer configuration", key); + } + } + } + } + + interface.interface_name = interface_name; + interface.peers = peers; + + Ok(interface) +} + +fn add_cidr_to_ip_addr_if_missing(addr: String) -> String { + let mut ip4_cidr = "/32".to_string(); + let mut ip6_cidr = "/128".to_string(); + match addr.split_once('/') { + Some(_) => addr, // CIDR was defined, nothing to do + None => { + // default to a host CIDR + if addr.contains(':') { + ip6_cidr.insert_str(0, &addr); + + ip6_cidr + } else { + ip4_cidr.insert_str(0, &addr); + + ip4_cidr + } + } + } +} + +fn parse_endpoint(addr: String) -> Result, String> { + let (endpoint_addr, endpoint_port) = match addr.split_once(':') { + Some(tuple) => tuple, + None => return Err("incomplete Endpoint address".to_string()), + }; + let port: u16 = match endpoint_port.parse() { + Ok(ip) => ip, + Err(e) => return Err(format!("incorrect port: {}", e)), + }; + + let ip: IpAddr = match endpoint_addr.parse() { + Ok(ip) => ip, + Err(_) => { + // we might have gotten a hostname in the config + // try this next + match addr.to_socket_addrs() { + Ok(mut addr) => match addr.next() { + Some(addr) => addr.ip(), + None => { + return Err(format!("could not parse {:?}", addr)); + } + }, + Err(_) => { + return Err(format!("could not parse {:?}", addr)); + } + } + } + }; + + Ok(Some(net::SocketAddr::new(ip, port))) +} + +fn generate_wireguard_device_nlas(data: &InternalData) -> Vec { + let mut nlas = vec![ + WgDeviceAttrs::IfName(data.interface_name.to_string()), + WgDeviceAttrs::PrivateKey(data.private_key), + ]; + + if let Some(port) = data.port { + nlas.push(WgDeviceAttrs::ListenPort(port)) + } + nlas +} + +// This has to be allowed since Clippy's suggestion seems +// off +// 609 ~ let mut wg_peer = WgPeer(<[_]>::into_vec( +// 610 + #[rustc_box] +// 611 + $crate::boxed::Box::new([$($x),+]) +// 612 ~ )); + +#[allow(clippy::init_numbered_fields)] +fn generate_peer_nlas_for_wireguard_device( + peer: &Peer, + interface_name: String, +) -> Vec { + let mut allowed_ip_nla = vec![]; + for ip in peer.allowed_ips[..].iter() { + let mut family: u16 = AF_INET; + + match ip { + IpNet::V4(_) => (), + IpNet::V6(_) => family = AF_INET6, + } + allowed_ip_nla.push(WgAllowedIp { + 0: vec![ + WgAllowedIpAttrs::IpAddr(ip.network()), + WgAllowedIpAttrs::Cidr(ip.prefix_len()), + WgAllowedIpAttrs::Family(family), + ], + }); + } + let mut wg_peer = WgPeer { + 0: vec![ + WgPeerAttrs::PublicKey(peer.public_key), + WgPeerAttrs::AllowedIps(allowed_ip_nla), + ], + }; + if let Some(key) = peer.preshared_key { + wg_peer.0.push(WgPeerAttrs::PresharedKey(key)) + } + if let Some(keepalive) = peer.persistent_keepalive { + wg_peer.0.push(WgPeerAttrs::PersistentKeepalive(keepalive)) + } + if let Some(endpoint) = peer.endpoint { + wg_peer.0.push(WgPeerAttrs::Endpoint(endpoint)) + } + let nlas = vec![ + WgDeviceAttrs::IfName(interface_name), + WgDeviceAttrs::Peers(vec![wg_peer]), + ]; + nlas +} + +fn generate_routes_for_peer(interface_addresses: &[IpNet], allowed_ips: &[IpNet]) -> Vec { + let mut routes = vec![]; + for gateway in interface_addresses { + match gateway { + IpNet::V4(gateway) => { + for dest in allowed_ips { + match dest { + IpNet::V4(dest) => { + if dest.contains(gateway) || gateway.supernet() == dest.supernet() { + let route: Route = Route::Ipv4 { + dest: *dest, + gw: gateway.addr(), + metric: None, + }; + routes.push(route); + } + } + IpNet::V6(_) => { + continue; + } + } + } + } + IpNet::V6(gateway) => { + for dest in allowed_ips { + match dest { + IpNet::V4(_) => { + continue; + } + IpNet::V6(dest) => { + if dest.contains(gateway) || gateway.supernet() == dest.supernet() { + let route: Route = Route::Ipv6 { + dest: *dest, + gw: gateway.addr(), + metric: None, + }; + routes.push(route); + } + } + } + } + } + } + } + routes +} diff --git a/src/test/netlink.rs b/src/test/netlink.rs index 033d23039..de092c083 100644 --- a/src/test/netlink.rs +++ b/src/test/netlink.rs @@ -26,13 +26,16 @@ mod tests { #[test] fn test_socket_new() { test_setup!(); - assert!(Socket::new().is_ok(), "Netlink Socket::new() should work"); + assert!( + LinkSocket::new().is_ok(), + "Netlink Socket::new() should work" + ); } #[test] fn test_add_link() { test_setup!(); - let mut sock = Socket::new().expect("Socket::new()"); + let mut sock = LinkSocket::new().expect("Socket::new()"); let name = String::from("test1"); sock.create_link(CreateLinkOptions::new(name.clone(), InfoKind::Dummy)) @@ -47,7 +50,7 @@ mod tests { #[test] fn test_add_addr() { test_setup!(); - let mut sock = Socket::new().expect("Socket::new()"); + let mut sock = LinkSocket::new().expect("Socket::new()"); let out = run_command!("ip", "link", "add", "test1", "type", "dummy"); eprintln!("{}", String::from_utf8(out.stderr).unwrap()); @@ -70,7 +73,7 @@ mod tests { #[test] fn test_del_addr() { test_setup!(); - let mut sock = Socket::new().expect("Socket::new()"); + let mut sock = LinkSocket::new().expect("Socket::new()"); let out = run_command!("ip", "link", "add", "test1", "type", "dummy"); eprintln!("{}", String::from_utf8(out.stderr).unwrap()); @@ -108,7 +111,7 @@ mod tests { #[ignore] fn test_del_route() { test_setup!(); - let mut sock = Socket::new().expect("Socket::new()"); + let mut sock = LinkSocket::new().expect("Socket::new()"); let out = run_command!("ip", "link", "add", "test1", "type", "dummy"); eprintln!("{}", String::from_utf8(out.stderr).unwrap()); diff --git a/test/400-wireguard.bats b/test/400-wireguard.bats new file mode 100644 index 000000000..60a61eadf --- /dev/null +++ b/test/400-wireguard.bats @@ -0,0 +1,206 @@ +#!/usr/bin/env bats -*- bats -*- +# +# wireguard driver test +# + +load helpers + +function setup() { + basic_setup +} + +@test "simple WireGuard setup" { + run_netavark --file ${TESTSDIR}/testfiles/wireguard/wireguard.json setup $(get_container_netns_path) + result="$output" + + # check that interface exists + run_in_container_netns ip -j --details link show wg-test + link_info="$output" + assert_json "$link_info" '.[].flags[] | select(.=="UP")' "==" "UP" "Container interface is up" + assert_json "$link_info" ".[].linkinfo.info_kind" "==" "wireguard" "Container interface is a macvlan device" + + # check ip addresses + ipaddr="10.10.0.1/16" + ipaddr2="2001::1/64" + ipaddr3="10.11.1.1/32" + ipaddr4="dd01:129d:3:a992:11da:aa22:93df:1/128" + run_in_container_netns ip addr show wg-test + assert "$output" "=~" "$ipaddr" "WireGuard IPv4 address matches container address" + assert "$output" "=~" "$ipaddr2" "WireGuard IPv6 address matches container address" + assert "$output" "=~" "$ipaddr3" "IPv4 without CIDR was added to container WireGuard interface" + assert "$output" "=~" "$ipaddr4" "IPv6 without CIDR was added to container WireGuard interface" + + # check gateway assignment + run_in_container_netns ip r + assert "$output" "=~" "10.10.0.0/16 dev wg-test proto kernel scope link src 10.10.0.1" "wireguard ipv4 gateways are correctly set up" + assert "$output" "=~" "10.11.1.0/24 via 10.11.1.1 dev wg-test proto static metric 100" "wireguard ipv4 gateways are correctly set up" + run_in_container_netns ip -6 r + assert "$output" "=~" "2001::/64 dev wg-test proto kernel metric 256 pref medium" "wireguard ipv6 gateways are correctly set up" + assert "$output" "=~" "dd01:129d:3:a992:11da:aa22:93df:1 dev wg-test proto kernel metric 256 pref medium" "wireguard ipv6 gateways are correctly set up" + + # check Interface key + # To get the key that is compared here run echo $PRIVATE_KEY | wg pubkey on the PrivateKey from testfiles/wireguard.conf + run_in_container_netns wg + assert "$output" "=~" "private key: \(hidden\)" "WireGuard interface key was correctly set" + assert "$output" "=~" "public key: HIgo9xNzJMWLKASShiTqIybxZ0U3wGLiUeJ1PKf8ykw=" "WireGuard interface key was correctly set" + + # check WireGuard Port + assert "$output" "=~" "listening port: 51820" "WireGuard port was correctly set" + + # check IPv4 peer + assert "$output" "=~" "peer: xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=" "WireGuard peer was added" + assert "$output" "=~" "preshared key: \(hidden\)" "WireGuard peer preshared key was correctly set" + assert "$output" "=~" "allowed ips: 10.10.0.2/32, 10.11.1.0/24" "WireGuard peer allowed IPs were correctly set" + assert "$output" "=~" "endpoint: 123.45.67.89:12345" "WireGuard peer endpoint was correctly set" + + # check IPv6 peer + assert "$output" "=~" "peer: gN65BkIKy1eCE9pP1wdc8ROUtkHLF2PfAqYdyYBz6EA=" "WireGuard peer was added" + assert "$output" "=~" "allowed ips: ffff:ffff::/32" "WireGuard peer allowed IPs were correctly set" + + # check mixed IPv6, IPv4 peer + assert "$output" "=~" "peer: fMyt1P5L9yGCY41Zk8NviMqqj0S8NS5Ta9GtqwHa1Sw=" "WireGuard peer was added" + assert "$output" "=~" "allowed ips: ffff::abcd/128, 192.168.0.0/16" "WireGuard peer allowed IPs were correctly set" + + run_netavark --file ${TESTSDIR}/testfiles/wireguard/wireguard.json teardown $(get_container_netns_path) +} +@test "WireGuard Address parsing fail" { + expected_rc=1 + run_netavark --file ${TESTSDIR}/testfiles/wireguard/wireguard-fail-address-empty.json setup $(get_container_netns_path) + result="$output" + + assert "$output" "=" '{"error":"when parsing WireGuard config: \"when parsing WireGuard configuration Address on line 1. No value provided.\""}' "Correct error on empty address" + + expected_rc=1 + run_netavark --file ${TESTSDIR}/testfiles/wireguard/wireguard-fail-address-missing.json setup $(get_container_netns_path) + result="$output" + + assert "$output" "=" '{"error":"invalid WireGuard configuration: Interface is missing an Address"}' "Correct error on missing address" +} + +@test "WireGuard AllowedIPs parsing fail" { + expected_rc=1 + run_netavark --file ${TESTSDIR}/testfiles/wireguard/wireguard-fail-ipv6.json setup $(get_container_netns_path) + result="$output" + + assert "$output" "=" '{"error":"when parsing WireGuard config: \"AddrParseError(()) when parsing WireGuard peers AllowedIPs: \\\"ffff::agcd/128,192.168.0.0/16\\\". Occurs in \\\"ffff::agcd/128\\\"\""}' "Correct error on wrong IPv6" + + expected_rc=1 + run_netavark --file ${TESTSDIR}/testfiles/wireguard/wireguard-fail-ipv4.json setup $(get_container_netns_path) + result="$output" + + assert "$output" "=" '{"error":"when parsing WireGuard config: \"AddrParseError(()) when parsing WireGuard peers AllowedIPs: \\\"10.292.122.3/32,10.192.124.0/24\\\". Occurs in \\\"10.292.122.3/32\\\"\""}' "Correct error on wrong IPv4" + + expected_rc=1 + run_netavark --file ${TESTSDIR}/testfiles/wireguard/wireguard-fail-allowedips-empty.json setup $(get_container_netns_path) + result="$output" + + assert "$output" "=" '{"error":"when parsing WireGuard config: \"when parsing WireGuard configuration AllowedIPs on line 8. No value provided.\""}' "Correct error on empty AllowedIPs" + + expected_rc=1 + run_netavark --file ${TESTSDIR}/testfiles/wireguard/wireguard-fail-allowedips-missing.json setup $(get_container_netns_path) + result="$output" + + assert "$output" "=" '{"error":"invalid WireGuard configuration: Peer #0 is missing AllowedIPs"}' "Correct error on missing AllowedIPs" +} + +@test "WireGuard endpoint parsing fail" { + expected_rc=1 + run_netavark --file ${TESTSDIR}/testfiles/wireguard/wireguard-fail-endpoint-empty.json setup $(get_container_netns_path) + result="$output" + + assert "$output" "=" '{"error":"when parsing WireGuard config: \"when parsing WireGuard configuration Endpoint on line 9. No value provided.\""}' "Correct error on empty endpoint" + + expected_rc=1 + run_netavark --file ${TESTSDIR}/testfiles/wireguard/wireguard-fail-endpoint-ip.json setup $(get_container_netns_path) + result="$output" + + assert "$output" "=" '{"error":"when parsing WireGuard config: \"when trying to parse Endpoint 123.45.67.389:12345 for peer 0: \\\"could not parse \\\\\\\"123.45.67.389:12345\\\\\\\"\\\"\""}' "Correct error on wrong Endpoint IP" + + expected_rc=1 + run_netavark --file ${TESTSDIR}/testfiles/wireguard/wireguard-fail-endpoint-port.json setup $(get_container_netns_path) + result="$output" + + assert "$output" "=" '{"error":"when parsing WireGuard config: \"when trying to parse Endpoint 123.45.67.89:123456 for peer 0: \\\"incorrect port: number too large to fit in target type\\\"\""}' "Correct error on wrong Endpoint Port" + + expected_rc=1 + run_netavark --file ${TESTSDIR}/testfiles/wireguard/wireguard-fail-endpoint-hostname.json setup $(get_container_netns_path) + result="$output" + + assert "$output" "=" '{"error":"when parsing WireGuard config: \"when trying to parse Endpoint test.thisdomainshouldnotexist:12345 for peer 0: \\\"could not parse \\\\\\\"test.thisdomainshouldnotexist:12345\\\\\\\"\\\"\""}' "Correct error on wrong Endpoint hostname" +} + +@test "WireGuard port parsing fail" { + expected_rc=1 + run_netavark --file ${TESTSDIR}/testfiles/wireguard/wireguard-fail-port-empty.json setup $(get_container_netns_path) + result="$output" + + assert "$output" "=" '{"error":"when parsing WireGuard config: \"when parsing WireGuard configuration ListenPort on line 3. No value provided.\""}' "Correct error on empty port" + + expected_rc=1 + run_netavark --file ${TESTSDIR}/testfiles/wireguard/wireguard-fail-port.json setup $(get_container_netns_path) + result="$output" + + assert "$output" "=" '{"error":"when parsing WireGuard config: \"ParseIntError { kind: PosOverflow } when parsing WireGuard interface port: \\\"222222\\\"\""}' "Correct error on incorrect port" +} + +@test "WireGuard private key parsing fail" { + expected_rc=1 + run_netavark --file ${TESTSDIR}/testfiles/wireguard/wireguard-fail-privatekey-empty.json setup $(get_container_netns_path) + result="$output" + + assert "$output" "=" '{"error":"when parsing WireGuard config: \"when parsing WireGuard configuration PrivateKey on line 4. No value provided.\""}' "Correct error on empty privatekey" + + expected_rc=1 + run_netavark --file ${TESTSDIR}/testfiles/wireguard/wireguard-fail-privatekey-missing.json setup $(get_container_netns_path) + result="$output" + + assert "$output" "=" '{"error":"invalid WireGuard configuration: Interface is missing a PrivateKey"}' "Correct error on missing privatekey" + + expected_rc=1 + run_netavark --file ${TESTSDIR}/testfiles/wireguard/wireguard-fail-privatekey.json setup $(get_container_netns_path) + result="$output" + + assert "$output" "=" '{"error":"when parsing WireGuard config: \"[200, 9, 243, 229, 49, 73, 181, 237, 120, 182, 56, 183, 206, 83, 13, 171, 232, 93, 218, 182, 20, 34, 2, 65, 128, 29, 223, 6, 105] when decoding base64 PrivateKey: \\\"yAnz5TFJte14tji3zlMNq+hd2rYUIgJBgB3fBmk=\\\". Is it 32 bytes?\""}' "Correct error on incorrect privatekey" +} + +@test "WireGuard public key parsing fail" { + expected_rc=1 + run_netavark --file ${TESTSDIR}/testfiles/wireguard/wireguard-fail-publickey-empty.json setup $(get_container_netns_path) + result="$output" + + assert "$output" "=" '{"error":"when parsing WireGuard config: \"when parsing WireGuard configuration PublicKey on line 7. No value provided.\""}' "Correct error on empty publickey" + + expected_rc=1 + run_netavark --file ${TESTSDIR}/testfiles/wireguard/wireguard-fail-publickey-missing.json setup $(get_container_netns_path) + result="$output" + + assert "$output" "=" '{"error":"invalid WireGuard configuration: Peer #0 is missing a PublicKey"}' "Correct error on missing publickey" + + expected_rc=1 + run_netavark --file ${TESTSDIR}/testfiles/wireguard/wireguard-fail-publickey.json setup $(get_container_netns_path) + result="$output" + + assert "$output" "=" '{"error":"when parsing WireGuard config: \"[197, 50, 1, 2, 27, 104, 118, 54, 250, 123, 175, 123, 66, 50, 196, 70, 221, 77, 0, 30, 38, 102, 170, 124, 14] when decoding base64 PublicKey: \\\"xTIBAhtodjb6e697QjLERt1NAB4mZqp8Dg=\\\" for peer 0. Is it 32 bytes?\""}' "Correct error on incorrect publickey" +} + +@test "WireGuard preshared key parsing fail" { + expected_rc=1 + run_netavark --file ${TESTSDIR}/testfiles/wireguard/wireguard-fail-presharedkey-empty.json setup $(get_container_netns_path) + result="$output" + + assert "$output" "=" '{"error":"when parsing WireGuard config: \"when parsing WireGuard configuration PresharedKey on line 8. No value provided.\""}' "Correct error on empty presharedkey" + + expected_rc=1 + run_netavark --file ${TESTSDIR}/testfiles/wireguard/wireguard-fail-presharedkey.json setup $(get_container_netns_path) + result="$output" + + assert "$output" "=" '{"error":"when parsing WireGuard config: \"[210, 68, 125, 27, 3, 40, 183, 170, 86, 71, 208, 240, 79, 188, 143, 200, 65, 149, 13, 160, 181, 11, 108, 119, 205, 121, 92, 129, 207] when decoding base64 PresharedKey: \\\"0kR9GwMot6pWR9DwT7yPyEGVDaC1C2x3zXlcgc8=\\\" for peer 0. Is it 32 bytes?\""}' "Correct error on incorrect presharedkey" +} + +@test "WireGuard incorrect line parsing fail" { + expected_rc=1 + run_netavark --file ${TESTSDIR}/testfiles/wireguard/wireguard-fail-broken-line.json setup $(get_container_netns_path) + result="$output" + + assert "$output" "=" '{"error":"when parsing WireGuard config: \"when parsing WireGuard configuration Address on line: 1.\""}' "Errors on malformed line" +} diff --git a/test/testfiles/wireguard/wireguard-fail-address-empty.conf b/test/testfiles/wireguard/wireguard-fail-address-empty.conf new file mode 100644 index 000000000..08bc4e102 --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-address-empty.conf @@ -0,0 +1,4 @@ +[Interface] +Address = +ListenPort = 51820 +PrivateKey = yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk= diff --git a/test/testfiles/wireguard/wireguard-fail-address-empty.json b/test/testfiles/wireguard/wireguard-fail-address-empty.json new file mode 100644 index 000000000..d692a52a4 --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-address-empty.json @@ -0,0 +1,22 @@ +{ + "container_id": "someID", + "container_name": "wireguard_test_container", + "networks": { + "wg": { + "options": { + "config": "test/testfiles/wireguard/wireguard-fail-address-empty.conf" + }, + "interface_name": "wg-test" + } + }, + "network_info": { + "wg": { + "dns_enabled": false, + "driver": "wireguard", + "id": "53ce4390f2adb1681eb1a90ec8b48c49c015e0a8d336c197637e7f65e365fa9e", + "internal": false, + "ipv6_enabled": false, + "name": "wg" + } + } +} diff --git a/test/testfiles/wireguard/wireguard-fail-address-missing.conf b/test/testfiles/wireguard/wireguard-fail-address-missing.conf new file mode 100644 index 000000000..a2ba71512 --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-address-missing.conf @@ -0,0 +1,3 @@ +[Interface] +ListenPort = 51820 +PrivateKey = yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk= diff --git a/test/testfiles/wireguard/wireguard-fail-address-missing.json b/test/testfiles/wireguard/wireguard-fail-address-missing.json new file mode 100644 index 000000000..cd9ee9635 --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-address-missing.json @@ -0,0 +1,22 @@ +{ + "container_id": "someID", + "container_name": "wireguard_test_container", + "networks": { + "wg": { + "options": { + "config": "test/testfiles/wireguard/wireguard-fail-address-missing.conf" + }, + "interface_name": "wg-test" + } + }, + "network_info": { + "wg": { + "dns_enabled": false, + "driver": "wireguard", + "id": "53ce4390f2adb1681eb1a90ec8b48c49c015e0a8d336c197637e7f65e365fa9e", + "internal": false, + "ipv6_enabled": false, + "name": "wg" + } + } +} diff --git a/test/testfiles/wireguard/wireguard-fail-allowedips-empty.conf b/test/testfiles/wireguard/wireguard-fail-allowedips-empty.conf new file mode 100644 index 000000000..fcfef6678 --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-allowedips-empty.conf @@ -0,0 +1,9 @@ +[Interface] +Address = 2001::1/64 +Address = 10.10.0.1/16 +ListenPort = 51820 +PrivateKey = yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk= + +[Peer] +PublicKey = xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg= +AllowedIPs = diff --git a/test/testfiles/wireguard/wireguard-fail-allowedips-empty.json b/test/testfiles/wireguard/wireguard-fail-allowedips-empty.json new file mode 100644 index 000000000..4e0bdb9af --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-allowedips-empty.json @@ -0,0 +1,22 @@ +{ + "container_id": "someID", + "container_name": "wireguard_test_container", + "networks": { + "wg": { + "options": { + "config": "test/testfiles/wireguard/wireguard-fail-allowedips-empty.conf" + }, + "interface_name": "wg-test" + } + }, + "network_info": { + "wg": { + "dns_enabled": false, + "driver": "wireguard", + "id": "53ce4390f2adb1681eb1a90ec8b48c49c015e0a8d336c197637e7f65e365fa9e", + "internal": false, + "ipv6_enabled": false, + "name": "wg" + } + } +} diff --git a/test/testfiles/wireguard/wireguard-fail-allowedips-missing.conf b/test/testfiles/wireguard/wireguard-fail-allowedips-missing.conf new file mode 100644 index 000000000..a149e9257 --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-allowedips-missing.conf @@ -0,0 +1,8 @@ +[Interface] +Address = 2001::1/64 +Address = 10.10.0.1/16 +ListenPort = 51820 +PrivateKey = yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk= + +[Peer] +PublicKey = xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg= diff --git a/test/testfiles/wireguard/wireguard-fail-allowedips-missing.json b/test/testfiles/wireguard/wireguard-fail-allowedips-missing.json new file mode 100644 index 000000000..ca5906601 --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-allowedips-missing.json @@ -0,0 +1,22 @@ +{ + "container_id": "someID", + "container_name": "wireguard_test_container", + "networks": { + "wg": { + "options": { + "config": "test/testfiles/wireguard/wireguard-fail-allowedips-missing.conf" + }, + "interface_name": "wg-test" + } + }, + "network_info": { + "wg": { + "dns_enabled": false, + "driver": "wireguard", + "id": "53ce4390f2adb1681eb1a90ec8b48c49c015e0a8d336c197637e7f65e365fa9e", + "internal": false, + "ipv6_enabled": false, + "name": "wg" + } + } +} diff --git a/test/testfiles/wireguard/wireguard-fail-broken-line.conf b/test/testfiles/wireguard/wireguard-fail-broken-line.conf new file mode 100644 index 000000000..6630744e9 --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-broken-line.conf @@ -0,0 +1,2 @@ +[Interface] +Address diff --git a/test/testfiles/wireguard/wireguard-fail-broken-line.json b/test/testfiles/wireguard/wireguard-fail-broken-line.json new file mode 100644 index 000000000..2b41fe0d9 --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-broken-line.json @@ -0,0 +1,22 @@ +{ + "container_id": "someID", + "container_name": "wireguard_test_container", + "networks": { + "wg": { + "options": { + "config": "test/testfiles/wireguard/wireguard-fail-broken-line.conf" + }, + "interface_name": "wg-test" + } + }, + "network_info": { + "wg": { + "dns_enabled": false, + "driver": "wireguard", + "id": "53ce4390f2adb1681eb1a90ec8b48c49c015e0a8d336c197637e7f65e365fa9e", + "internal": false, + "ipv6_enabled": false, + "name": "wg" + } + } +} diff --git a/test/testfiles/wireguard/wireguard-fail-endpoint-empty.conf b/test/testfiles/wireguard/wireguard-fail-endpoint-empty.conf new file mode 100644 index 000000000..45dc4cf45 --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-endpoint-empty.conf @@ -0,0 +1,10 @@ +[Interface] +Address = 2001::1/64 +Address = 10.10.0.1/16 +ListenPort = 51820 +PrivateKey = yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk= + +[Peer] +PublicKey = xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg= +AllowedIPs = 10.192.122.3/32, 10.192.124.0/24 +Endpoint = diff --git a/test/testfiles/wireguard/wireguard-fail-endpoint-empty.json b/test/testfiles/wireguard/wireguard-fail-endpoint-empty.json new file mode 100644 index 000000000..e7ed5ffec --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-endpoint-empty.json @@ -0,0 +1,22 @@ +{ + "container_id": "someID", + "container_name": "wireguard_test_container", + "networks": { + "wg": { + "options": { + "config": "test/testfiles/wireguard/wireguard-fail-endpoint-empty.conf" + }, + "interface_name": "wg-test" + } + }, + "network_info": { + "wg": { + "dns_enabled": false, + "driver": "wireguard", + "id": "53ce4390f2adb1681eb1a90ec8b48c49c015e0a8d336c197637e7f65e365fa9e", + "internal": false, + "ipv6_enabled": false, + "name": "wg" + } + } +} diff --git a/test/testfiles/wireguard/wireguard-fail-endpoint-hostname.conf b/test/testfiles/wireguard/wireguard-fail-endpoint-hostname.conf new file mode 100644 index 000000000..27bbf9f81 --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-endpoint-hostname.conf @@ -0,0 +1,10 @@ +[Interface] +Address = 2001::1/64 +Address = 10.10.0.1/16 +ListenPort = 51820 +PrivateKey = yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk= + +[Peer] +PublicKey = xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg= +AllowedIPs = 10.192.122.3/32, 10.192.124.0/24 +Endpoint = test.thisdomainshouldnotexist:12345 diff --git a/test/testfiles/wireguard/wireguard-fail-endpoint-hostname.json b/test/testfiles/wireguard/wireguard-fail-endpoint-hostname.json new file mode 100644 index 000000000..90d806429 --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-endpoint-hostname.json @@ -0,0 +1,22 @@ +{ + "container_id": "someID", + "container_name": "wireguard_test_container", + "networks": { + "wg": { + "options": { + "config": "test/testfiles/wireguard/wireguard-fail-endpoint-hostname.conf" + }, + "interface_name": "wg-test" + } + }, + "network_info": { + "wg": { + "dns_enabled": false, + "driver": "wireguard", + "id": "53ce4390f2adb1681eb1a90ec8b48c49c015e0a8d336c197637e7f65e365fa9e", + "internal": false, + "ipv6_enabled": false, + "name": "wg" + } + } +} diff --git a/test/testfiles/wireguard/wireguard-fail-endpoint-ip.conf b/test/testfiles/wireguard/wireguard-fail-endpoint-ip.conf new file mode 100644 index 000000000..dd3347ffc --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-endpoint-ip.conf @@ -0,0 +1,10 @@ +[Interface] +Address = 2001::1/64 +Address = 10.10.0.1/16 +ListenPort = 51820 +PrivateKey = yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk= + +[Peer] +PublicKey = xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg= +AllowedIPs = 10.192.122.3/32, 10.192.124.0/24 +Endpoint = 123.45.67.389:12345 diff --git a/test/testfiles/wireguard/wireguard-fail-endpoint-ip.json b/test/testfiles/wireguard/wireguard-fail-endpoint-ip.json new file mode 100644 index 000000000..f44b467b4 --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-endpoint-ip.json @@ -0,0 +1,22 @@ +{ + "container_id": "someID", + "container_name": "wireguard_test_container", + "networks": { + "wg": { + "options": { + "config": "test/testfiles/wireguard/wireguard-fail-endpoint-ip.conf" + }, + "interface_name": "wg-test" + } + }, + "network_info": { + "wg": { + "dns_enabled": false, + "driver": "wireguard", + "id": "53ce4390f2adb1681eb1a90ec8b48c49c015e0a8d336c197637e7f65e365fa9e", + "internal": false, + "ipv6_enabled": false, + "name": "wg" + } + } +} diff --git a/test/testfiles/wireguard/wireguard-fail-endpoint-port.conf b/test/testfiles/wireguard/wireguard-fail-endpoint-port.conf new file mode 100644 index 000000000..eadd7b3dc --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-endpoint-port.conf @@ -0,0 +1,10 @@ +[Interface] +Address = 2001::1/64 +Address = 10.10.0.1/16 +ListenPort = 51820 +PrivateKey = yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk= + +[Peer] +PublicKey = xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg= +AllowedIPs = 10.192.122.3/32, 10.192.124.0/24 +Endpoint = 123.45.67.89:123456 diff --git a/test/testfiles/wireguard/wireguard-fail-endpoint-port.json b/test/testfiles/wireguard/wireguard-fail-endpoint-port.json new file mode 100644 index 000000000..e5cf26997 --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-endpoint-port.json @@ -0,0 +1,22 @@ +{ + "container_id": "someID", + "container_name": "wireguard_test_container", + "networks": { + "wg": { + "options": { + "config": "test/testfiles/wireguard/wireguard-fail-endpoint-port.conf" + }, + "interface_name": "wg-test" + } + }, + "network_info": { + "wg": { + "dns_enabled": false, + "driver": "wireguard", + "id": "53ce4390f2adb1681eb1a90ec8b48c49c015e0a8d336c197637e7f65e365fa9e", + "internal": false, + "ipv6_enabled": false, + "name": "wg" + } + } +} diff --git a/test/testfiles/wireguard/wireguard-fail-ipv4.conf b/test/testfiles/wireguard/wireguard-fail-ipv4.conf new file mode 100644 index 000000000..8572f8651 --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-ipv4.conf @@ -0,0 +1,9 @@ +[Interface] +Address = 2001::1/64 +Address = 10.10.0.1/16 +ListenPort = 51820 +PrivateKey = yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk= + +[Peer] +PublicKey = xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg= +AllowedIPs = 10.292.122.3/32, 10.192.124.0/24 diff --git a/test/testfiles/wireguard/wireguard-fail-ipv4.json b/test/testfiles/wireguard/wireguard-fail-ipv4.json new file mode 100644 index 000000000..aa107e1f2 --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-ipv4.json @@ -0,0 +1,22 @@ +{ + "container_id": "someID", + "container_name": "wireguard_test_container", + "networks": { + "wg": { + "options": { + "config": "test/testfiles/wireguard/wireguard-fail-ipv4.conf" + }, + "interface_name": "wg-test" + } + }, + "network_info": { + "wg": { + "dns_enabled": false, + "driver": "wireguard", + "id": "53ce4390f2adb1681eb1a90ec8b48c49c015e0a8d336c197637e7f65e365fa9e", + "internal": false, + "ipv6_enabled": false, + "name": "wg" + } + } +} diff --git a/test/testfiles/wireguard/wireguard-fail-ipv6.conf b/test/testfiles/wireguard/wireguard-fail-ipv6.conf new file mode 100644 index 000000000..c1a03d185 --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-ipv6.conf @@ -0,0 +1,9 @@ +[Interface] +Address = 2001::1/64 +Address = 10.10.0.1/16 +ListenPort = 51820 +PrivateKey = yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk= + +[Peer] +PublicKey = fMyt1P5L9yGCY41Zk8NviMqqj0S8NS5Ta9GtqwHa1Sw= +AllowedIPs = ffff::agcd/128, 192.168.0.0/16 diff --git a/test/testfiles/wireguard/wireguard-fail-ipv6.json b/test/testfiles/wireguard/wireguard-fail-ipv6.json new file mode 100644 index 000000000..ac0403b82 --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-ipv6.json @@ -0,0 +1,22 @@ +{ + "container_id": "someID", + "container_name": "wireguard_test_container", + "networks": { + "wg": { + "options": { + "config": "test/testfiles/wireguard/wireguard-fail-ipv6.conf" + }, + "interface_name": "wg-test" + } + }, + "network_info": { + "wg": { + "dns_enabled": false, + "driver": "wireguard", + "id": "53ce4390f2adb1681eb1a90ec8b48c49c015e0a8d336c197637e7f65e365fa9e", + "internal": false, + "ipv6_enabled": false, + "name": "wg" + } + } +} diff --git a/test/testfiles/wireguard/wireguard-fail-port-empty.conf b/test/testfiles/wireguard/wireguard-fail-port-empty.conf new file mode 100644 index 000000000..fb4dcf0a1 --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-port-empty.conf @@ -0,0 +1,5 @@ +[Interface] +Address = 2001::1/64 +Address = 10.10.0.1/16 +ListenPort = +PrivateKey = yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk= diff --git a/test/testfiles/wireguard/wireguard-fail-port-empty.json b/test/testfiles/wireguard/wireguard-fail-port-empty.json new file mode 100644 index 000000000..a855d68c1 --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-port-empty.json @@ -0,0 +1,22 @@ +{ + "container_id": "someID", + "container_name": "wireguard_test_container", + "networks": { + "wg": { + "options": { + "config": "test/testfiles/wireguard/wireguard-fail-port-empty.conf" + }, + "interface_name": "wg-test" + } + }, + "network_info": { + "wg": { + "dns_enabled": false, + "driver": "wireguard", + "id": "53ce4390f2adb1681eb1a90ec8b48c49c015e0a8d336c197637e7f65e365fa9e", + "internal": false, + "ipv6_enabled": false, + "name": "wg" + } + } +} diff --git a/test/testfiles/wireguard/wireguard-fail-port.conf b/test/testfiles/wireguard/wireguard-fail-port.conf new file mode 100644 index 000000000..11fdf7d85 --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-port.conf @@ -0,0 +1,5 @@ +[Interface] +Address = 2001::1/64 +Address = 10.10.0.1/16 +ListenPort = 222222 +PrivateKey = yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk= diff --git a/test/testfiles/wireguard/wireguard-fail-port.json b/test/testfiles/wireguard/wireguard-fail-port.json new file mode 100644 index 000000000..58d59a9be --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-port.json @@ -0,0 +1,22 @@ +{ + "container_id": "someID", + "container_name": "wireguard_test_container", + "networks": { + "wg": { + "options": { + "config": "test/testfiles/wireguard/wireguard-fail-port.conf" + }, + "interface_name": "wg-test" + } + }, + "network_info": { + "wg": { + "dns_enabled": false, + "driver": "wireguard", + "id": "53ce4390f2adb1681eb1a90ec8b48c49c015e0a8d336c197637e7f65e365fa9e", + "internal": false, + "ipv6_enabled": false, + "name": "wg" + } + } +} diff --git a/test/testfiles/wireguard/wireguard-fail-presharedkey-empty.conf b/test/testfiles/wireguard/wireguard-fail-presharedkey-empty.conf new file mode 100644 index 000000000..e2e4f449d --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-presharedkey-empty.conf @@ -0,0 +1,10 @@ +[Interface] +Address = 2001::1/64 +Address = 10.10.0.1/16 +ListenPort = 51820 +PrivateKey = yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk= + +[Peer] +PublicKey = xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg= +PresharedKey = +AllowedIPs = 10.192.122.3/32, 10.192.124.0/24 diff --git a/test/testfiles/wireguard/wireguard-fail-presharedkey-empty.json b/test/testfiles/wireguard/wireguard-fail-presharedkey-empty.json new file mode 100644 index 000000000..61bc7b588 --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-presharedkey-empty.json @@ -0,0 +1,22 @@ +{ + "container_id": "someID", + "container_name": "wireguard_test_container", + "networks": { + "wg": { + "options": { + "config": "test/testfiles/wireguard/wireguard-fail-presharedkey-empty.conf" + }, + "interface_name": "wg-test" + } + }, + "network_info": { + "wg": { + "dns_enabled": false, + "driver": "wireguard", + "id": "53ce4390f2adb1681eb1a90ec8b48c49c015e0a8d336c197637e7f65e365fa9e", + "internal": false, + "ipv6_enabled": false, + "name": "wg" + } + } +} diff --git a/test/testfiles/wireguard/wireguard-fail-presharedkey.conf b/test/testfiles/wireguard/wireguard-fail-presharedkey.conf new file mode 100644 index 000000000..b28bd6ad0 --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-presharedkey.conf @@ -0,0 +1,10 @@ +[Interface] +Address = 2001::1/64 +Address = 10.10.0.1/16 +ListenPort = 51820 +PrivateKey = yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk= + +[Peer] +PublicKey = xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg= +PresharedKey = 0kR9GwMot6pWR9DwT7yPyEGVDaC1C2x3zXlcgc8= +AllowedIPs = 10.192.122.3/32, 10.192.124.0/24 diff --git a/test/testfiles/wireguard/wireguard-fail-presharedkey.json b/test/testfiles/wireguard/wireguard-fail-presharedkey.json new file mode 100644 index 000000000..04c460c49 --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-presharedkey.json @@ -0,0 +1,22 @@ +{ + "container_id": "someID", + "container_name": "wireguard_test_container", + "networks": { + "wg": { + "options": { + "config": "test/testfiles/wireguard/wireguard-fail-presharedkey.conf" + }, + "interface_name": "wg-test" + } + }, + "network_info": { + "wg": { + "dns_enabled": false, + "driver": "wireguard", + "id": "53ce4390f2adb1681eb1a90ec8b48c49c015e0a8d336c197637e7f65e365fa9e", + "internal": false, + "ipv6_enabled": false, + "name": "wg" + } + } +} diff --git a/test/testfiles/wireguard/wireguard-fail-privatekey-empty.conf b/test/testfiles/wireguard/wireguard-fail-privatekey-empty.conf new file mode 100644 index 000000000..d890dde31 --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-privatekey-empty.conf @@ -0,0 +1,5 @@ +[Interface] +Address = 2001::1/64 +Address = 10.10.0.1/16 +ListenPort = 51820 +PrivateKey = diff --git a/test/testfiles/wireguard/wireguard-fail-privatekey-empty.json b/test/testfiles/wireguard/wireguard-fail-privatekey-empty.json new file mode 100644 index 000000000..5eb1aab77 --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-privatekey-empty.json @@ -0,0 +1,22 @@ +{ + "container_id": "someID", + "container_name": "wireguard_test_container", + "networks": { + "wg": { + "options": { + "config": "test/testfiles/wireguard/wireguard-fail-privatekey-empty.conf" + }, + "interface_name": "wg-test" + } + }, + "network_info": { + "wg": { + "dns_enabled": false, + "driver": "wireguard", + "id": "53ce4390f2adb1681eb1a90ec8b48c49c015e0a8d336c197637e7f65e365fa9e", + "internal": false, + "ipv6_enabled": false, + "name": "wg" + } + } +} diff --git a/test/testfiles/wireguard/wireguard-fail-privatekey-missing.conf b/test/testfiles/wireguard/wireguard-fail-privatekey-missing.conf new file mode 100644 index 000000000..6a9c7b885 --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-privatekey-missing.conf @@ -0,0 +1,4 @@ +[Interface] +Address = 2001::1/64 +Address = 10.10.0.1/16 +ListenPort = 51820 diff --git a/test/testfiles/wireguard/wireguard-fail-privatekey-missing.json b/test/testfiles/wireguard/wireguard-fail-privatekey-missing.json new file mode 100644 index 000000000..1500ec75f --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-privatekey-missing.json @@ -0,0 +1,22 @@ +{ + "container_id": "someID", + "container_name": "wireguard_test_container", + "networks": { + "wg": { + "options": { + "config": "test/testfiles/wireguard/wireguard-fail-privatekey-missing.conf" + }, + "interface_name": "wg-test" + } + }, + "network_info": { + "wg": { + "dns_enabled": false, + "driver": "wireguard", + "id": "53ce4390f2adb1681eb1a90ec8b48c49c015e0a8d336c197637e7f65e365fa9e", + "internal": false, + "ipv6_enabled": false, + "name": "wg" + } + } +} diff --git a/test/testfiles/wireguard/wireguard-fail-privatekey.conf b/test/testfiles/wireguard/wireguard-fail-privatekey.conf new file mode 100644 index 000000000..ac0f2e97e --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-privatekey.conf @@ -0,0 +1,5 @@ +[Interface] +Address = 2001::1/64 +Address = 10.10.0.1/16 +ListenPort = 51820 +PrivateKey = yAnz5TFJte14tji3zlMNq+hd2rYUIgJBgB3fBmk= diff --git a/test/testfiles/wireguard/wireguard-fail-privatekey.json b/test/testfiles/wireguard/wireguard-fail-privatekey.json new file mode 100644 index 000000000..81aa7fdf3 --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-privatekey.json @@ -0,0 +1,22 @@ +{ + "container_id": "someID", + "container_name": "wireguard_test_container", + "networks": { + "wg": { + "options": { + "config": "test/testfiles/wireguard/wireguard-fail-privatekey.conf" + }, + "interface_name": "wg-test" + } + }, + "network_info": { + "wg": { + "dns_enabled": false, + "driver": "wireguard", + "id": "53ce4390f2adb1681eb1a90ec8b48c49c015e0a8d336c197637e7f65e365fa9e", + "internal": false, + "ipv6_enabled": false, + "name": "wg" + } + } +} diff --git a/test/testfiles/wireguard/wireguard-fail-publickey-empty.conf b/test/testfiles/wireguard/wireguard-fail-publickey-empty.conf new file mode 100644 index 000000000..9710d3e1f --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-publickey-empty.conf @@ -0,0 +1,9 @@ +[Interface] +Address = 2001::1/64 +Address = 10.10.0.1/16 +ListenPort = 51820 +PrivateKey = yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk= + +[Peer] +PublicKey = +AllowedIPs = 10.192.122.3/32, 10.192.124.0/24 diff --git a/test/testfiles/wireguard/wireguard-fail-publickey-empty.json b/test/testfiles/wireguard/wireguard-fail-publickey-empty.json new file mode 100644 index 000000000..b3c6e0149 --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-publickey-empty.json @@ -0,0 +1,22 @@ +{ + "container_id": "someID", + "container_name": "wireguard_test_container", + "networks": { + "wg": { + "options": { + "config": "test/testfiles/wireguard/wireguard-fail-publickey-empty.conf" + }, + "interface_name": "wg-test" + } + }, + "network_info": { + "wg": { + "dns_enabled": false, + "driver": "wireguard", + "id": "53ce4390f2adb1681eb1a90ec8b48c49c015e0a8d336c197637e7f65e365fa9e", + "internal": false, + "ipv6_enabled": false, + "name": "wg" + } + } +} diff --git a/test/testfiles/wireguard/wireguard-fail-publickey-missing.conf b/test/testfiles/wireguard/wireguard-fail-publickey-missing.conf new file mode 100644 index 000000000..1aa5d2054 --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-publickey-missing.conf @@ -0,0 +1,8 @@ +[Interface] +Address = 2001::1/64 +Address = 10.10.0.1/16 +ListenPort = 51820 +PrivateKey = yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk= + +[Peer] +AllowedIPs = 10.192.122.3/32, 10.192.124.0/24 diff --git a/test/testfiles/wireguard/wireguard-fail-publickey-missing.json b/test/testfiles/wireguard/wireguard-fail-publickey-missing.json new file mode 100644 index 000000000..afbe4d196 --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-publickey-missing.json @@ -0,0 +1,22 @@ +{ + "container_id": "someID", + "container_name": "wireguard_test_container", + "networks": { + "wg": { + "options": { + "config": "test/testfiles/wireguard/wireguard-fail-publickey-missing.conf" + }, + "interface_name": "wg-test" + } + }, + "network_info": { + "wg": { + "dns_enabled": false, + "driver": "wireguard", + "id": "53ce4390f2adb1681eb1a90ec8b48c49c015e0a8d336c197637e7f65e365fa9e", + "internal": false, + "ipv6_enabled": false, + "name": "wg" + } + } +} diff --git a/test/testfiles/wireguard/wireguard-fail-publickey.conf b/test/testfiles/wireguard/wireguard-fail-publickey.conf new file mode 100644 index 000000000..22e9b22ed --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-publickey.conf @@ -0,0 +1,9 @@ +[Interface] +Address = 2001::1/64 +Address = 10.10.0.1/16 +ListenPort = 51820 +PrivateKey = yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk= + +[Peer] +PublicKey = xTIBAhtodjb6e697QjLERt1NAB4mZqp8Dg= +AllowedIPs = 10.192.122.3/32, 10.192.124.0/24 diff --git a/test/testfiles/wireguard/wireguard-fail-publickey.json b/test/testfiles/wireguard/wireguard-fail-publickey.json new file mode 100644 index 000000000..ce0ebad66 --- /dev/null +++ b/test/testfiles/wireguard/wireguard-fail-publickey.json @@ -0,0 +1,22 @@ +{ + "container_id": "someID", + "container_name": "wireguard_test_container", + "networks": { + "wg": { + "options": { + "config": "test/testfiles/wireguard/wireguard-fail-publickey.conf" + }, + "interface_name": "wg-test" + } + }, + "network_info": { + "wg": { + "dns_enabled": false, + "driver": "wireguard", + "id": "53ce4390f2adb1681eb1a90ec8b48c49c015e0a8d336c197637e7f65e365fa9e", + "internal": false, + "ipv6_enabled": false, + "name": "wg" + } + } +} diff --git a/test/testfiles/wireguard/wireguard.conf b/test/testfiles/wireguard/wireguard.conf new file mode 100644 index 000000000..5ae9152ba --- /dev/null +++ b/test/testfiles/wireguard/wireguard.conf @@ -0,0 +1,21 @@ +[Interface] +Address = 2001::1/64 +Address = 10.10.0.1/16 +Address = 10.11.1.1 +Address = dd01:129d:3:a992:11da:aa22:93df:1 +ListenPort = 51820 +PrivateKey = yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk= + +[Peer] +PublicKey = xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg= +PresharedKey = 0kR9GwMot6pWR9DwT7yPyEGVDaC1C2x3zXlcgXuVEc8= +AllowedIPs = 10.10.0.2, 10.11.1.0/24 +Endpoint = 123.45.67.89:12345 + +[Peer] +PublicKey = gN65BkIKy1eCE9pP1wdc8ROUtkHLF2PfAqYdyYBz6EA= +AllowedIPs = ffff:ffff::/32 + +[Peer] +PublicKey = fMyt1P5L9yGCY41Zk8NviMqqj0S8NS5Ta9GtqwHa1Sw= +AllowedIPs = ffff::abcd, 192.168.0.0/16 diff --git a/test/testfiles/wireguard/wireguard.json b/test/testfiles/wireguard/wireguard.json new file mode 100644 index 000000000..c62cd23a6 --- /dev/null +++ b/test/testfiles/wireguard/wireguard.json @@ -0,0 +1,22 @@ +{ + "container_id": "someID", + "container_name": "wireguard_test_container", + "networks": { + "wg": { + "options": { + "config": "test/testfiles/wireguard/wireguard.conf" + }, + "interface_name": "wg-test" + } + }, + "network_info": { + "wg": { + "dns_enabled": false, + "driver": "wireguard", + "id": "53ce4390f2adb1681eb1a90ec8b48c49c015e0a8d336c197637e7f65e365fa9e", + "internal": false, + "ipv6_enabled": false, + "name": "wg" + } + } +}