From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: Jordan Rife <jordan@jrife.io>
Cc: wireguard@lists.zx2c4.com, netdev@vger.kernel.org,
Jakub Kicinski <kuba@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>
Subject: Re: [RESEND PATCH v1 wireguard-tools] ipc: linux: Support incremental allowed ips updates
Date: Tue, 20 May 2025 22:14:38 +0200 [thread overview]
Message-ID: <aCzirk7xt3K-5_ql@zx2c4.com> (raw)
In-Reply-To: <20250517192955.594735-1-jordan@jrife.io>
On Sat, May 17, 2025 at 12:29:51PM -0700, Jordan Rife wrote:
> Extend the interface of `wg set` to leverage the WGALLOWEDIP_F_REMOVE_ME
> flag, a direct way of removing a single allowed ip from a peer,
> allowing for incremental updates to a peer's configuration. By default,
> allowed-ips fully replaces a peer's allowed ips using
> WGPEER_REPLACE_ALLOWEDIPS under the hood. When '+' or '-' is prepended
> to any ip in the list, wg clears WGPEER_F_REPLACE_ALLOWEDIPS and sets
> the WGALLOWEDIP_F_REMOVE_ME flag on any ip prefixed with '-'.
>
> $ wg set wg0 peer <PUBKEY> allowed-ips +192.168.88.0/24,-192.168.0.1/32
>
> This command means "add 192.168.88.0/24 to this peer's allowed ips if
> not present, and remove 192.168.0.1/32 if present".
>
> Use -isystem so that headers in uapi/ take precedence over system
> headers; otherwise, the build will fail on systems running kernels
> without the WGALLOWEDIP_F_REMOVE_ME flag.
>
> Note that this patch is meant to be merged alongside the kernel patch
> that introduces the flag.
Merged here:
https://git.zx2c4.com/wireguard-tools/commit/?id=0788f90810efde88cfa07ed96e7eca77c7f2eedd
With a followup here:
https://git.zx2c4.com/wireguard-tools/commit/?id=dce8ac6e2fa30f8b07e84859f244f81b3c6b2353
Sorry for the delay. Next, the kernel changes.
Regards,
Jason
next prev parent reply other threads:[~2025-05-20 20:14 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-17 19:29 [RESEND PATCH v1 wireguard-tools] ipc: linux: Support incremental allowed ips updates Jordan Rife
2025-05-17 19:29 ` [RESEND PATCH v3 net-next] wireguard: allowedips: Add WGALLOWEDIP_F_REMOVE_ME flag Jordan Rife
2025-05-20 21:47 ` Jason A. Donenfeld
2025-05-20 22:00 ` Jason A. Donenfeld
2025-05-21 23:11 ` Jordan Rife
2025-05-20 21:50 ` Jason A. Donenfeld
2025-05-20 23:25 ` Jason A. Donenfeld
2025-05-21 23:13 ` Jordan Rife
2025-05-20 20:14 ` Jason A. Donenfeld [this message]
2025-05-20 21:10 ` [RESEND PATCH v1 wireguard-tools] ipc: linux: Support incremental allowed ips updates Jason A. Donenfeld
2025-05-21 23:02 ` Jordan Rife
2025-05-21 23:51 ` Jason A. Donenfeld
2025-06-26 3:37 ` Kyle Evans
2025-06-28 16:05 ` Jordan Rife
2025-06-30 1:44 ` Kyle Evans
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aCzirk7xt3K-5_ql@zx2c4.com \
--to=jason@zx2c4.com \
--cc=daniel@iogearbox.net \
--cc=jordan@jrife.io \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.