614eb10d67
- `internal/wireguard` client package with unit tests - Implementation works with kernel space or user space if unavailable - `WIREGUARD_PRIVATE_KEY` - `WIREGUARD_ADDRESS` - `WIREGUARD_PRESHARED_KEY` - `WIREGUARD_PORT` - `internal/netlink` package used by `internal/wireguard`
29 lines
600 B
Go
29 lines
600 B
Go
package wireguard
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/vishvananda/netlink"
|
|
)
|
|
|
|
func (w *Wireguard) addRule(rulePriority, firewallMark int) (
|
|
cleanup func() error, err error) {
|
|
rule := netlink.NewRule()
|
|
rule.Invert = true
|
|
rule.Priority = rulePriority
|
|
rule.Mark = firewallMark
|
|
rule.Table = firewallMark
|
|
if err := w.netlink.RuleAdd(rule); err != nil {
|
|
return nil, fmt.Errorf("%w: when adding rule: %s", err, rule)
|
|
}
|
|
|
|
cleanup = func() error {
|
|
err := w.netlink.RuleDel(rule)
|
|
if err != nil {
|
|
return fmt.Errorf("%w: when deleting rule: %s", err, rule)
|
|
}
|
|
return nil
|
|
}
|
|
return cleanup, nil
|
|
}
|