wireguard.lists.zx2c4.com archive mirror
 help / color / mirror / Atom feed
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: Tore Anderson <tore@fud.no>
Cc: "Tomcsanyi, Domonkos" <domi@tomcsanyi.net>,
	WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: [PATCH] Adding support for reloading configuration via systemd
Date: Tue, 28 Jul 2020 11:03:39 +0200	[thread overview]
Message-ID: <CAHmME9qGX58JXCiw=Mr9=4qw=+-91etz8not91oJek-8qGrQPw@mail.gmail.com> (raw)
In-Reply-To: <27652e0971672a8fab30f59ff053cf65feaa711f.camel@fud.no>

On Mon, Jul 27, 2020 at 10:04 PM Tore Anderson <tore@fud.no> wrote:
> Absolutely, a 'wg syncconf' wrapper is unable to fully implement every
> conceivable change to the wg-quick config file. That said, 99.9% of my
> configuration changes are additions/removal of [Peer] sections that 'wg
> syncconf' do handle perfectly. Being able to add and remove individual
> VPN users without disrupting the traffic of other unrelated users is a
> really big win for me. I would imagine this to ability be highly
> desirable for most other VPN server operators as well – even for those
> that do not use systemd.

But for people shell scripting, can't they just use `wg syncconf
wgnet0 <(wg-quick strip wgnet0)`, so that it's explicit what's
happening?

> I do use systemd, so I am personally fine with what just got merged. I
> do have to wonder, though, if I committed some sort of faux pas and/or
> violated some contribution guideline in posting my initial submission,
> considering that it was consistently ignored for months even though it
> implemented essentially the same thing as what ended up being merged
> just now.

No faux pas, just a bit backlogged in reviews. Then Domonkos' patch
came through, which seemed more straightforwardly mergable.

> Anyway. I would, if you are interested in that, be happy update my
> patch to rename the new wg-quick action «syncconf» instead of «reload»,
> in order to more clearly indicate that this action will only change the
> parameters that 'wg syncconf' can change.

I'm still pretty hesitant for the reasons I outlined in the previous
email. If anything, it'd probably have to be "syncpeers", but even
then, it wouldn't update the routing information that wg-quick(8)
sometimes does. The right thing to do for a `wg-quick reload` command
would be to take into account all of the various other changes, and
mutate them the minimal distance to reflect the updated config file.
But this sounds pretty hard to do in bash. And that makes me worry
about overall mission creep in wg-quick(8). syncconf in wg(8) is
fairly simple, though still a bit verbose, but that's in C:
https://git.zx2c4.com/wireguard-tools/tree/src/setconf.c#n30 . And
there's a very clear way of doing this, whereas there are lots of
weird edge cases when handling routing.

Plus, how hard is it to add `wg syncconf wgnet0 <(wg-quick strip
wgnet0)` to scripts?

Jason

  reply	other threads:[~2020-07-28  9:03 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <VI1PR02MB52169D6F055314DCD03746EDE6760@VI1PR02MB5216.eurprd02.prod.outlook.com>
2020-07-23 14:10 ` [PATCH] Adding support for reloading configuration via systemd Tomcsanyi, Domonkos
2020-07-24  9:14   ` Jason A. Donenfeld
2020-07-24  9:25     ` Garrit Franke
2020-07-24  9:27       ` Garrit Franke
2020-07-24  9:29       ` Jason A. Donenfeld
2020-07-24 13:09         ` Tomcsányi, Domonkos
2020-07-24 14:26           ` Jason A. Donenfeld
2020-07-24 14:46             ` Dominique Martinet
2020-07-24 14:49               ` Jason A. Donenfeld
2020-07-24  9:54       ` Matthias Urlichs
2020-07-24 10:52         ` Stefan Tatschner
2020-07-24 11:00           ` Matthias Urlichs
2020-07-25 12:16     ` Tore Anderson
2020-07-27 15:51       ` Jason A. Donenfeld
2020-07-27 20:04         ` Tore Anderson
2020-07-28  9:03           ` Jason A. Donenfeld [this message]
2020-07-28  9:54             ` Tore Anderson
2020-07-28 11:55               ` Jason A. Donenfeld
2020-07-28 12:17                 ` Tore Anderson
2020-07-28 12:17                   ` Jason A. Donenfeld

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAHmME9qGX58JXCiw=Mr9=4qw=+-91etz8not91oJek-8qGrQPw@mail.gmail.com' \
    --to=jason@zx2c4.com \
    --cc=domi@tomcsanyi.net \
    --cc=tore@fud.no \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).