* Reading configuration from stdin
@ 2017-12-10 12:43 Manuel Schölling
2017-12-11 4:12 ` Aaron Jones
2017-12-11 4:24 ` Jason A. Donenfeld
0 siblings, 2 replies; 5+ messages in thread
From: Manuel Schölling @ 2017-12-10 12:43 UTC (permalink / raw)
To: wireguard
Hi,
I am currently working on a NetworkManager plugin for WireGuard in Rust
[1/2].
The plugin has to pass the configuration to the wg tool and I am
wondering if this could be done using interprocess communication.
Would it make sense (aka be secure) if we make it possible to call 'wg
setconf wg0 -' so the wg tool does not read the configuration from a
file but from stdin? Same for 'wg set wg0 private-key -' and 'wg set
wg0 psk -'?
Btw, this NetworkManager plugin should not only work for the regular
WireGuard but also for my wireguard peer-to-peer tool [3] whose
development is currently stalled by a rust bug [4].
This wireguard peer-to-peer tool allows you to use wireguard in
situations where you do not have a static IP and/or you are behind a
NAT.
Anyway, what do you think about reading the configuration from stdin?
Bye,
Manuel
[1] https://github.com/manuels/wg-p2p-nm-plugin
[2] https://github.com/manuels/wg-p2p-nm-plugin/blob/master/Screenshot.
png
[3] https://github.com/manuels/wireguard-p2p
[4] https://github.com/rust-lang/rust/issues/45259
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Reading configuration from stdin
2017-12-10 12:43 Reading configuration from stdin Manuel Schölling
@ 2017-12-11 4:12 ` Aaron Jones
2017-12-11 20:31 ` Manuel Schölling
2017-12-11 4:24 ` Jason A. Donenfeld
1 sibling, 1 reply; 5+ messages in thread
From: Aaron Jones @ 2017-12-11 4:12 UTC (permalink / raw)
To: Manuel Schölling; +Cc: WireGuard mailing list
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 10/12/17 12:43, Manuel Schölling wrote:
> Hi,
>
> Would it make sense (aka be secure) if we make it possible to call
> 'wg setconf wg0 -' so the wg tool does not read the configuration
> from a file but from stdin? Same for 'wg set wg0 private-key -' and
> 'wg set wg0 psk -'?
This should already be possible via `wg setconf wg0 /dev/stdin', no?
Regards,
Aaron Jones
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJaLgWzAAoJEIrwc3SIqzASBtsQAK2rF9J9+Ex7/hu98bLXoeKG
fXR6sU0254Ddre51EA/71Z4QBEFjAROqJyZMnwZE/KkNIRdpX2Xp/lt7w4s/N2zI
btBRydqnsefQlVlbni6Q6Px5F6WjDFLXERXbwTonV0U1f1iel+i55nKs5Ups/WM5
nBlWNepYCO3qZ7ni87C0GO68Z29sEiIPlgS69B4sPeBFg+UW+91TeBh3Cb1Q+JYA
KJhKNrrjMyIpduSF7Rasuu0/LMCF3RwJe1JcO/m+8ftlmu+lzIPfB3z6NMyVBftU
RkcPIuFo09RTsfvBXZRQGJUBXSnNeKJgk0ji25xakwhkTw/LQb3y2uddKRHXIclr
27qnOd1lRPMOYs2co04RiOHMr7yA/+f7bkQfpKQJNyIHtMp2LKZpgDHDnEuOl16n
GrGlaFCiDDWPeO6suOsAmHJMOqLAVgj+L2bAWdO3o5kz6nSsF5Zn3NQLlqwjV+pV
NhvHJgPshGJKin0Styyi+M9Sn1KwXhgoWx9EMZY9mnP58QPl9HxswpBOlZ+Alv5n
aQJqLU/i7wAYotbPREr6EIu/RlaWDYJuTOuoRZU4Hb2TTPnVocjP2nvsH7Mz3AkO
fwe2TfyloUt+DhcIFarjneovqF/Bwasv9C0TAZIeB6nfTfuCrzdbi0cipK2m+y9Y
rC2vzKK0LsSjjpWCsEoF
=03ZW
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Reading configuration from stdin
2017-12-10 12:43 Reading configuration from stdin Manuel Schölling
2017-12-11 4:12 ` Aaron Jones
@ 2017-12-11 4:24 ` Jason A. Donenfeld
2017-12-11 20:36 ` Manuel Schölling
1 sibling, 1 reply; 5+ messages in thread
From: Jason A. Donenfeld @ 2017-12-11 4:24 UTC (permalink / raw)
To: Manuel Schölling; +Cc: WireGuard mailing list
Hi Manuel,
Thanks for the patch. A few comments on the general idea below:
On Sun, Dec 10, 2017 at 1:43 PM, Manuel Sch=C3=B6lling
<manuel.schoelling@gmx.de> wrote:
> I am currently working on a NetworkManager plugin for WireGuard in Rust
> [1/2].
> The plugin has to pass the configuration to the wg tool and I am
> wondering if this could be done using interprocess communication.
> Btw, this NetworkManager plugin should not only work for the regular
> WireGuard but also for my wireguard peer-to-peer tool [3] whose
> development is currently stalled by a rust bug [4].
I'd suggest the following for a WireGuard NetworkManager plugin:
1. If you want to do stuff for wireguard-p2p, can you make it a
separate "extra" plugin, so that the generic WireGuard one is globally
useful? And then people who use the p2p stuff can use a separate
plugin that piggybacks upon the first?
2. Write it in a language that will be accepted by upstream. I have no
clue their thoughts on Rust.
3. Rather than calling wg(8), maybe it's best to speak the Netlink API
directly? I can give you a hand with this, if you want. The API is
documented in this header:
https://git.zx2c4.com/WireGuard/tree/src/uapi/wireguard.h
> Would it make sense (aka be secure) if we make it possible to call 'wg
> setconf wg0 -' so the wg tool does not read the configuration from a
> file but from stdin? Same for 'wg set wg0 private-key -' and 'wg set
> wg0 psk -'?
wg-quick(8) does this precise thing, and generally this is a fine way
of passing config information. However, usually you can get away with
using the more explicit /dev/stdin or /proc/self/fd/0, as Aaron
suggested. Are there reasons to prefer - over /dev/stdin?
Jason
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Reading configuration from stdin
2017-12-11 4:12 ` Aaron Jones
@ 2017-12-11 20:31 ` Manuel Schölling
0 siblings, 0 replies; 5+ messages in thread
From: Manuel Schölling @ 2017-12-11 20:31 UTC (permalink / raw)
To: Aaron Jones; +Cc: WireGuard mailing list
On Mon, 2017-12-11 at 04:12 +0000, Aaron Jones wrote:
> On 10/12/17 12:43, Manuel Sch=C3=B6lling wrote:
> > Hi,
> >=20
> > Would it make sense (aka be secure) if we make it possible to call
> > 'wg setconf wg0 -' so the wg tool does not read the configuration
> > from a file but from stdin? Same for 'wg set wg0 private-key -' and
> > 'wg set wg0 psk -'?
>=20
> This should already be possible via `wg setconf wg0 /dev/stdin', no?
Duh, you're right. I totally forgot about /dev/stdin 'cause tools like
cat use '-'!
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Reading configuration from stdin
2017-12-11 4:24 ` Jason A. Donenfeld
@ 2017-12-11 20:36 ` Manuel Schölling
0 siblings, 0 replies; 5+ messages in thread
From: Manuel Schölling @ 2017-12-11 20:36 UTC (permalink / raw)
To: Jason A. Donenfeld; +Cc: WireGuard mailing list
On Mon, 2017-12-11 at 05:24 +0100, Jason A. Donenfeld wrote:
> I'd suggest the following for a WireGuard NetworkManager plugin:
>
> 1. If you want to do stuff for wireguard-p2p, can you make it a
> separate "extra" plugin, so that the generic WireGuard one is
> globally
> useful? And then people who use the p2p stuff can use a separate
> plugin that piggybacks upon the first?
I can try. Should be easy to rip out the p2p stuff once it's done.
> 2. Write it in a language that will be accepted by upstream. I have
> no
> clue their thoughts on Rust.
No idea, either. However, I am not really a fan of writing GTK in C
(with all the manual reference counting and stuff). Let me first write
it in Rust and make it work. Then I can still port it back to C.
> 3. Rather than calling wg(8), maybe it's best to speak the Netlink
> API
> directly? I can give you a hand with this, if you want. The API is
> documented in this header:
> https://git.zx2c4.com/WireGuard/tree/src/uapi/wireguard.h
Not a bad idea, I think in the mid/long term I should do that!
> > Would it make sense (aka be secure) if we make it possible to call
> > 'wg
> > setconf wg0 -' so the wg tool does not read the configuration from
> > a
> > file but from stdin? Same for 'wg set wg0 private-key -' and 'wg
> > set
> > wg0 psk -'?
>
> wg-quick(8) does this precise thing, and generally this is a fine way
> of passing config information. However, usually you can get away with
> using the more explicit /dev/stdin or /proc/self/fd/0, as Aaron
> suggested. Are there reasons to prefer - over /dev/stdin?
>
> Jason
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-12-11 20:28 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-12-10 12:43 Reading configuration from stdin Manuel Schölling
2017-12-11 4:12 ` Aaron Jones
2017-12-11 20:31 ` Manuel Schölling
2017-12-11 4:24 ` Jason A. Donenfeld
2017-12-11 20:36 ` Manuel Schölling
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.