[OpenWrt-Devel] [PATCH v2] wireguard: fix interface remove for lonely peers

[Florian Eckert]

When we delete a Wireguard interface, the associated peer sections are
not deleted. They remain in the network configuration.

This commit adds an init script, that triggers when the network
configuration file is changed.

For each change event, each Wireguard peer section is checked to see if
the corresponding wireguard interface section still exists. If this is not
the case, all wireguard peer sections for that interface are deleted.

Signed-off-by: Florian Eckert <f...@dev.tdt.de>
---
v2:
* update commit description

 package/network/services/wireguard/Makefile   |  2 ++
 .../services/wireguard/files/wireguard.init   | 31 +++++++++++++++++++
 2 files changed, 33 insertions(+)
 create mode 100644 package/network/services/wireguard/files/wireguard.init

diff --git a/package/network/services/wireguard/Makefile 
b/package/network/services/wireguard/Makefile
index ea34b7550b..d78fcfface 100644
--- a/package/network/services/wireguard/Makefile
+++ b/package/network/services/wireguard/Makefile
@@ -93,6 +93,8 @@ define Package/wireguard-tools/install
        $(INSTALL_BIN) ./files/wireguard_watchdog $(1)/usr/bin/
        $(INSTALL_DIR) $(1)/lib/netifd/proto/
        $(INSTALL_BIN) ./files/wireguard.sh $(1)/lib/netifd/proto/
+       $(INSTALL_DIR) $(1)/etc/init.d/
+       $(INSTALL_BIN) ./files/wireguard.init $(1)/etc/init.d/wireguard
 endef
 
 define KernelPackage/wireguard
diff --git a/package/network/services/wireguard/files/wireguard.init 
b/package/network/services/wireguard/files/wireguard.init
new file mode 100644
index 0000000000..781d0839bc
--- /dev/null
+++ b/package/network/services/wireguard/files/wireguard.init
@@ -0,0 +1,31 @@
+#!/bin/sh /etc/rc.common
+
+START=80
+USE_PROCD=1
+
+service_triggers() {
+       procd_add_reload_trigger "network"
+}
+
+reload_service() {
+       # delete old peers of related wireguard interface
+       wireguard_check_peers
+}
+
+wireguard_check_peers() {
+       local iface peer
+
+       # get all wireguard peers
+       for peer in $(uci show network | grep =wireguard_); do
+               # extract peer section type
+               peer="${peer##*=}"
+               # extract interface name
+               iface="${peer#*_}"
+
+               # delete peer if iface is not present anymore
+               if ! uci -q show "network.${iface}" 1>/dev/null 2>/dev/null; 
then
+                       uci -q delete "network.@${peer}[-1]"
+                       uci commit network
+               fi
+       done
+}
-- 
2.20.1


_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel