WireGuard Archive on lore.kernel.org
 help / color / Atom feed
* Bug in helper contrib/examples/reresolve-dns/reresolve-dns.sh
@ 2019-11-26 22:40 Conrad Meyer
  2019-11-27 12:31 ` Jason A. Donenfeld
  0 siblings, 1 reply; 3+ messages in thread
From: Conrad Meyer @ 2019-11-26 22:40 UTC (permalink / raw)
  To: wireguard

Hi,

reresolve-dns.sh seems to have a bug where interfaces with more than a
single peer configured do not match the output of "latest-handshakes"
correctly.  Chiefly, the ^ and $ regex anchors in the script match on
the full, multiline output of 'wg foo latest-handshakes' in bash,
rather than matching on individual lines (which is clearly the
intent).

This is observed on both bash 4.4.23 and 5.0.11.

The easiest fix to this problem is simply to remove the anchors.
There should be no issue with false positive matching, nor correctly
parsing the last handshake time.  With this minor change,
reresolve-dns.sh actually functions on my host with two peers
configured.

I did not spot any obvious way to change bash's regex line-matching
behavior.  If that exists, it may be preferable.

Thank you,
Conrad
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Bug in helper contrib/examples/reresolve-dns/reresolve-dns.sh
  2019-11-26 22:40 Bug in helper contrib/examples/reresolve-dns/reresolve-dns.sh Conrad Meyer
@ 2019-11-27 12:31 ` Jason A. Donenfeld
  2019-11-27 18:23   ` Conrad Meyer
  0 siblings, 1 reply; 3+ messages in thread
From: Jason A. Donenfeld @ 2019-11-27 12:31 UTC (permalink / raw)
  To: cem; +Cc: WireGuard mailing list

Thanks for the suggestion!

https://git.zx2c4.com/WireGuard/commit/?id=d05b6606886018853da20ca3ee8bda16524b53b9
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Bug in helper contrib/examples/reresolve-dns/reresolve-dns.sh
  2019-11-27 12:31 ` Jason A. Donenfeld
@ 2019-11-27 18:23   ` Conrad Meyer
  0 siblings, 0 replies; 3+ messages in thread
From: Conrad Meyer @ 2019-11-27 18:23 UTC (permalink / raw)
  To: Jason A. Donenfeld; +Cc: WireGuard mailing list

[-- Attachment #1.1: Type: text/plain, Size: 1914 bytes --]

Thanks for fixing it so quickly!

Would it be possible to use env as the interpreter for systems which don't
place bash directly in /bin?  I think that's my only other significant
local modification to the script on my BSD systems.  I.e.,

-#!/bin/bash
+#!/usr/bin/env bash

Best regards,
Conrad

P.S., If it is helpful, I also have some example SystemD unit files for
connecting this script up in that universe, which I'm pretty sure I stole
from ArchWiki (https://wiki.archlinux.org/index.php/WireGuard) but I don't
remember at this point.  It might be nice to other users to shove some
version of them in the examples/reresolve-dns directory as an example for
folks on systemd.

$ cat wg-reresolve-dns.timer
[Unit]
Description=Periodically reresolve DNS of Wireguard endpoints that have
stopped responding

[Timer]
OnCalendar=*:*:0/30

[Install]
WantedBy=timers.target

# The hardcoded wgnet0 below could probably be transformed into
an @.service, like wg-quick@.service.  Also, dnsmasq.service is just a
quirk of my personal DNS configuration; others might depend on different or
non-local resolvers.

$ cat wg-reresolve-dns.service
[Unit]
Description=Reresolve DNS of all WireGuard endpoints that have missed a
handshake
Wants=network-online.target dnsmasq.service wg-quick@wgnet0.service
After=network-online.target dnsmasq.service wg-quick@wgnet0.service

[Service]
Type=oneshot
ExecStart=/bin/sh -c 'for i in /etc/wireguard/*.conf; do
/usr/share/doc/wireguard/examples/reresolve-dns/reresolve-dns.sh "$i"; done'

# Finally, here's an example of systemd units that use the more general
@.timer and @.service (but lack the unit dependencies):
https://gist.github.com/ephemient/45ffc8c143d3c4f3d1a940f4293e4b84


On Wed, Nov 27, 2019 at 04:31 Jason A. Donenfeld <Jason@zx2c4.com> wrote:

> Thanks for the suggestion!
>
>
> https://git.zx2c4.com/WireGuard/commit/?id=d05b6606886018853da20ca3ee8bda16524b53b9
>

[-- Attachment #1.2: Type: text/html, Size: 2883 bytes --]

<div dir="ltr"><div dir="ltr"><div><div dir="auto">Thanks for fixing it so quickly!</div></div><div dir="auto"><br></div><div>Would it be possible to use env as the interpreter for systems which don&#39;t place bash directly in /bin?  I think that&#39;s my only other significant local modification to the script on my BSD systems.  I.e.,</div><div><br></div><div>-#!/bin/bash<br>+#!/usr/bin/env bash<br></div><div><br></div><div>Best regards,</div><div>Conrad</div><div><br></div><div>P.S., If it is helpful, I also have some example SystemD unit files for connecting this script up in that universe, which I&#39;m pretty sure I stole from ArchWiki (<a href="https://wiki.archlinux.org/index.php/WireGuard">https://wiki.archlinux.org/index.php/WireGuard</a>) but I don&#39;t remember at this point.  It might be nice to other users to shove some version of them in the examples/reresolve-dns directory as an example for folks on systemd.</div><div><br></div><div>$ cat wg-reresolve-dns.timer<br>[Unit]<br>Description=Periodically reresolve DNS of Wireguard endpoints that have stopped responding<br><br>[Timer]<br>OnCalendar=*:*:0/30<br><br>[Install]<br>WantedBy=timers.target<br></div><div><br></div><div># The hardcoded wgnet0 below could probably be transformed into an @.service, like wg-quick@.service.  Also, dnsmasq.service is just a quirk of my personal DNS configuration; others might depend on different or non-local resolvers.</div><div><br></div><div>$ cat wg-reresolve-dns.service</div>[Unit]<br>Description=Reresolve DNS of all WireGuard endpoints that have missed a handshake<br>Wants=network-online.target dnsmasq.service wg-quick@wgnet0.service<br>After=network-online.target dnsmasq.service wg-quick@wgnet0.service<br><br>[Service]<br>Type=oneshot<br>ExecStart=/bin/sh -c &#39;for i in /etc/wireguard/*.conf; do /usr/share/doc/wireguard/examples/reresolve-dns/reresolve-dns.sh &quot;$i&quot;; done&#39;<br><div><br></div><div># Finally, here&#39;s an example of systemd units that use the more general @.timer and @.service (but lack the unit dependencies): <a href="https://gist.github.com/ephemient/45ffc8c143d3c4f3d1a940f4293e4b84">https://gist.github.com/ephemient/45ffc8c143d3c4f3d1a940f4293e4b84</a></div><div><br></div></div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Nov 27, 2019 at 04:31 Jason A. Donenfeld &lt;<a href="mailto:Jason@zx2c4.com" target="_blank">Jason@zx2c4.com</a>&gt; wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Thanks for the suggestion!<br>
<br>
<a href="https://git.zx2c4.com/WireGuard/commit/?id=d05b6606886018853da20ca3ee8bda16524b53b9" rel="noreferrer" target="_blank">https://git.zx2c4.com/WireGuard/commit/?id=d05b6606886018853da20ca3ee8bda16524b53b9</a><br>
</blockquote></div></div>
</div>

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-26 22:40 Bug in helper contrib/examples/reresolve-dns/reresolve-dns.sh Conrad Meyer
2019-11-27 12:31 ` Jason A. Donenfeld
2019-11-27 18:23   ` Conrad Meyer

WireGuard Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/wireguard/0 wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ https://lore.kernel.org/wireguard \
		wireguard@lists.zx2c4.com
	public-inbox-index wireguard

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.zx2c4.lists.wireguard


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git