| Top | |
|
|
|
NMSettingWireGuardNMSettingWireGuard — Describes connection properties for wireguard related options |
| #define | NM_WIREGUARD_PUBLIC_KEY_LEN |
| #define | NM_WIREGUARD_SYMMETRIC_KEY_LEN |
| #define | NM_SETTING_WIREGUARD_SETTING_NAME |
| #define | NM_SETTING_WIREGUARD_FWMARK |
| #define | NM_SETTING_WIREGUARD_LISTEN_PORT |
| #define | NM_SETTING_WIREGUARD_PRIVATE_KEY |
| #define | NM_SETTING_WIREGUARD_PRIVATE_KEY_FLAGS |
| #define | NM_SETTING_WIREGUARD_PEERS |
| #define | NM_SETTING_WIREGUARD_MTU |
| #define | NM_SETTING_WIREGUARD_PEER_ROUTES |
| #define | NM_SETTING_WIREGUARD_IP4_AUTO_DEFAULT_ROUTE |
| #define | NM_SETTING_WIREGUARD_IP6_AUTO_DEFAULT_ROUTE |
| #define | NM_WIREGUARD_PEER_ATTR_ALLOWED_IPS |
| #define | NM_WIREGUARD_PEER_ATTR_ENDPOINT |
| #define | NM_WIREGUARD_PEER_ATTR_PERSISTENT_KEEPALIVE |
| #define | NM_WIREGUARD_PEER_ATTR_PRESHARED_KEY |
| #define | NM_WIREGUARD_PEER_ATTR_PRESHARED_KEY_FLAGS |
| #define | NM_WIREGUARD_PEER_ATTR_PUBLIC_KEY |
The NMSettingWireGuard object is a NMSetting subclass that contains settings for configuring WireGuard.
NMWireGuardPeer * nm_wireguard_peer_new_clone (const NMWireGuardPeer *self,gboolean with_secrets);
self |
the NMWireGuardPeer instance to copy. |
|
with_secrets |
if |
Since: 1.16
NMWireGuardPeer *
nm_wireguard_peer_ref (NMWireGuardPeer *self);
returns the input argument self
after incrementing
the reference count.
Since 1.42, ref-counting of NMWireGuardPeer is thread-safe.
Since: 1.16
void
nm_wireguard_peer_unref (NMWireGuardPeer *self);
Drop a reference to self
. If the last reference is dropped,
the instance is freed and all associate data released.
Since 1.42, ref-counting of NMWireGuardPeer is thread-safe.
Since: 1.16
void
nm_wireguard_peer_seal (NMWireGuardPeer *self);
Seal the NMWireGuardPeer instance. Afterwards, it is a bug
to call all functions that modify the instance (except ref/unref).
A sealed instance cannot be unsealed again, but you can create
an unsealed copy with nm_wireguard_peer_new_clone().
Since: 1.16
gboolean
nm_wireguard_peer_is_sealed (const NMWireGuardPeer *self);
Since: 1.16
const char *
nm_wireguard_peer_get_public_key (const NMWireGuardPeer *self);
Since: 1.16
gboolean nm_wireguard_peer_set_public_key (NMWireGuardPeer *self,const char *public_key,gboolean accept_invalid);
Reset the public key. Note that if the public key is valid, it will be normalized (which may or may not modify the set value).
It is a bug trying to modify a sealed NMWireGuardPeer instance.
self |
the unsealed NMWireGuardPeer instance |
|
public_key |
the new public
key or |
[nullable][transfer none] |
accept_invalid |
if |
TRUE if the key was valid or NULL. Returns
FALSE for invalid keys. Depending on accept_invalid
will an invalid key be set or not.
Since: 1.16
const char *
nm_wireguard_peer_get_preshared_key (const NMWireGuardPeer *self);
Since: 1.16
gboolean nm_wireguard_peer_set_preshared_key (NMWireGuardPeer *self,const char *preshared_key,gboolean accept_invalid);
Reset the preshared key. Note that if the preshared key is valid, it will be normalized (which may or may not modify the set value).
Note that the preshared-key is a secret and consequently has corresponding
preshared-key-flags property. This is so that secrets can be optional
and requested on demand from a secret-agent. Also, an invalid preshared-key
may optionally cause nm_wireguard_peer_is_valid() to fail or it may
be accepted.
It is a bug trying to modify a sealed NMWireGuardPeer instance.
self |
the unsealed NMWireGuardPeer instance |
|
preshared_key |
the new preshared
key or |
[nullable][transfer none] |
accept_invalid |
whether to allow setting the key to an invalid
value. If |
TRUE if the preshared-key is valid, otherwise FALSE.
NULL is considered a valid value.
If the key is invalid, it depends on accept_invalid
whether the
previous value was reset.
Since: 1.16
NMSettingSecretFlags
nm_wireguard_peer_get_preshared_key_flags
(const NMWireGuardPeer *self);
Since: 1.16
void nm_wireguard_peer_set_preshared_key_flags (NMWireGuardPeer *self,NMSettingSecretFlags preshared_key_flags);
It is a bug trying to modify a sealed NMWireGuardPeer instance.
Since: 1.16
guint16
nm_wireguard_peer_get_persistent_keepalive
(const NMWireGuardPeer *self);
Since: 1.16
void nm_wireguard_peer_set_persistent_keepalive (NMWireGuardPeer *self,guint16 persistent_keepalive);
It is a bug trying to modify a sealed NMWireGuardPeer instance.
self |
the unsealed NMWireGuardPeer instance |
|
persistent_keepalive |
the keep-alive value to set. |
Since: 1.16
const char *
nm_wireguard_peer_get_endpoint (const NMWireGuardPeer *self);
Since: 1.16
gboolean nm_wireguard_peer_set_endpoint (NMWireGuardPeer *self,const char *endpoint,gboolean allow_invalid);
Sets or clears the endpoint of self
.
It is a bug trying to modify a sealed NMWireGuardPeer instance.
self |
the unsealed NMWireGuardPeer instance |
|
endpoint |
the socket address endpoint to set or |
|
allow_invalid |
if |
TRUE if the endpoint is NULL or valid. For an
invalid endpoint
argument, FALSE is returned. Depending
on allow_invalid
, the instance will be modified.
Since: 1.16
guint
nm_wireguard_peer_get_allowed_ips_len (const NMWireGuardPeer *self);
Since: 1.16
const char * nm_wireguard_peer_get_allowed_ip (const NMWireGuardPeer *self,guint idx,gboolean *out_is_valid);
self |
the NMWireGuardPeer instance |
|
idx |
the index from zero to (allowed-ips-len - 1) to retrieve. |
|
out_is_valid |
|
[nullable] |
the allowed-ip setting at index idx
.
If idx
is out of range, NULL will be returned.
[transfer none][nullable]
Since: 1.16
void
nm_wireguard_peer_clear_allowed_ips (NMWireGuardPeer *self);
Removes all allowed-ip entries.
It is a bug trying to modify a sealed NMWireGuardPeer instance.
Since: 1.16
gboolean nm_wireguard_peer_append_allowed_ip (NMWireGuardPeer *self,const char *allowed_ip,gboolean accept_invalid);
Appends allowed_ip
setting to the list. This does not check
for duplicates and always appends allowed_ip
to the end of the
list. If allowed_ip
is valid, it will be normalized and a modified
for might be appended. If allowed_ip
is invalid, it will still be
appended, but later verification will fail.
It is a bug trying to modify a sealed NMWireGuardPeer instance.
self |
the unsealed NMWireGuardPeer instance |
|
allowed_ip |
the allowed-ip entry to set. |
|
accept_invalid |
if |
TRUE if the value is a valid allowed-ips value, FALSE otherwise.
Depending on accept_invalid
, also invalid values are added.
Since: 1.16
gboolean nm_wireguard_peer_remove_allowed_ip (NMWireGuardPeer *self,guint idx);
Removes the allowed-ip at the given idx
. This shifts all
following entries one index down.
It is a bug trying to modify a sealed NMWireGuardPeer instance.
self |
the unsealed NMWireGuardPeer instance |
|
idx |
the index from zero to (allowed-ips-len - 1) to
retrieve. If the index is out of range, |
TRUE if idx
was valid and the allowed-ip was removed.
FALSE otherwise, and the peer will not be changed.
Since: 1.16
gboolean nm_wireguard_peer_is_valid (const NMWireGuardPeer *self,gboolean check_non_secrets,gboolean check_secrets,GError **error);
self |
the NMWireGuardPeer instance |
|
check_secrets |
if |
|
check_non_secrets |
if |
|
error |
the GError location for returning the failure reason. |
Since: 1.16
int nm_wireguard_peer_cmp (const NMWireGuardPeer *a,const NMWireGuardPeer *b,NMSettingCompareFlags compare_flags);
a |
the NMWireGuardPeer to compare. |
[nullable] |
b |
the other NMWireGuardPeer to compare. |
[nullable] |
compare_flags |
NMSettingCompareFlags to affect the comparison. |
zero of the two instances are equivalent or a non-zero integer otherwise. This defines a total ordering over the peers. Whether a peer is sealed or not, does not affect the comparison.
Since: 1.16
NMSetting *
nm_setting_wireguard_new (void);
Creates a new NMSettingWireGuard object with default values.
Since: 1.16
const char *
nm_setting_wireguard_get_private_key (NMSettingWireGuard *self);
Since: 1.16
NMSettingSecretFlags
nm_setting_wireguard_get_private_key_flags
(NMSettingWireGuard *self);
Since: 1.16
guint16
nm_setting_wireguard_get_listen_port (NMSettingWireGuard *self);
Since: 1.16
guint32
nm_setting_wireguard_get_fwmark (NMSettingWireGuard *self);
Since: 1.16
guint
nm_setting_wireguard_get_peers_len (NMSettingWireGuard *self);
Since: 1.16
NMWireGuardPeer * nm_setting_wireguard_get_peer (NMSettingWireGuard *self,guint idx);
the NMWireGuardPeer entry at
index idx
. If the index is out of range, NULL is returned.
[transfer none]
Since: 1.16
NMWireGuardPeer * nm_setting_wireguard_get_peer_by_public_key (NMSettingWireGuard *self,const char *public_key,guint *out_idx);
self |
the NMSettingWireGuard instance |
|
public_key |
the public key for looking up the peer. |
|
out_idx |
optional output argument
for the index of the found peer. If no index is found,
this is set to the |
[out][optional] |
the NMWireGuardPeer instance with a
matching public key. If no such peer exists, NULL is returned.
[transfer none][nullable]
Since: 1.16
void nm_setting_wireguard_set_peer (NMSettingWireGuard *self,NMWireGuardPeer *peer,guint idx);
If idx
is one past the last peer, the behavior is the same
as nm_setting_wireguard_append_peer().
Otherwise, the peer will be at idx
and replace the peer
instance at that index. Note that if a peer with the same
public-key exists on another index, then that peer will also
be replaced. In that case, the number of peers will shrink
by one (because the one at idx
got replace and then one
with the same public-key got removed). This also means,
that the resulting index afterwards may be one less than
idx
(if another peer with a lower index was dropped).
self |
the NMSettingWireGuard instance |
|
peer |
the NMWireGuardPeer instance to set.
This seals |
|
idx |
the index, in the range of 0 to the number of
peers (including). That means, if |
Since: 1.16
void nm_setting_wireguard_append_peer (NMSettingWireGuard *self,NMWireGuardPeer *peer);
If a peer with the same public-key already exists, that
one is replaced by peer
. The new peer
is always appended
(or moved to) the end, so in case a peer is replaced, the
indexes are shifted and the number of peers stays unchanged.
self |
the NMSettingWireGuard instance |
|
peer |
the NMWireGuardPeer instance to append.
This seals |
Since: 1.16
gboolean nm_setting_wireguard_remove_peer (NMSettingWireGuard *self,guint idx);
Since: 1.16
guint
nm_setting_wireguard_clear_peers (NMSettingWireGuard *self);
Since: 1.16
gboolean
nm_setting_wireguard_get_peer_routes (NMSettingWireGuard *self);
Since: 1.16
guint32
nm_setting_wireguard_get_mtu (NMSettingWireGuard *self);
Since: 1.16
NMTernary
nm_setting_wireguard_get_ip4_auto_default_route
(NMSettingWireGuard *self);
Since: 1.20
NMTernary
nm_setting_wireguard_get_ip6_auto_default_route
(NMSettingWireGuard *self);
Since: 1.20
#define NM_SETTING_WIREGUARD_PRIVATE_KEY_FLAGS "private-key-flags"
#define NM_SETTING_WIREGUARD_IP4_AUTO_DEFAULT_ROUTE "ip4-auto-default-route"
#define NM_SETTING_WIREGUARD_IP6_AUTO_DEFAULT_ROUTE "ip6-auto-default-route"
#define NM_WIREGUARD_PEER_ATTR_PERSISTENT_KEEPALIVE "persistent-keepalive"
#define NM_WIREGUARD_PEER_ATTR_PRESHARED_KEY_FLAGS "preshared-key-flags"