wg: give "off" value for fwmark

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

diff --git a/src/config.c b/src/config.c
index b3384da77f47f1be2602a40bae212531ea9e2f09..b9a65c121d40487cf0a46e0e892c427646e5b55e 100644 (file)
--- a/src/config.c
+++ b/src/config.c
@@ -97,6 +97,12 @@ static inline bool parse_fwmark(uint32_t *fwmark, unsigned int *flags, const cha
        char *end;
        int base = 10;
 
+       if (!strcasecmp(value, "off")) {
+               *fwmark = 0;
+               *flags |= WGDEVICE_REMOVE_FWMARK;
+               return true;
+       }
+
        if (value[0] == '0' && value[1] == 'x') {
                value += 2;
                base = 16;

diff --git a/src/show.c b/src/show.c
index c20d858c82590916233287dfbea1f665b95da6c8..6cf2b23d5d6c86b0bec975c7a445e1542f6e1eca 100644 (file)
--- a/src/show.c
+++ b/src/show.c
@@ -276,7 +276,10 @@ static bool ugly_print(struct wgdevice *device, const char *param, bool with_int
        } else if (!strcmp(param, "fwmark")) {
                if (with_interface)
                        printf("%s\t", device->interface);
-               printf("0x%x\n", device->fwmark);
+               if (device->fwmark)
+                       printf("0x%x\n", device->fwmark);
+               else
+                       printf("off\n");
        } else if (!strcmp(param, "endpoints")) {
                if (with_interface)
                        printf("%s\t", device->interface);

diff --git a/src/wg-quick.bash b/src/wg-quick.bash
index ccf27a9cc4e2564727b89a541d5fd927af7432db..bb7325cc011969aec05b0c5e9162527692ee44fa 100755 (executable)
--- a/src/wg-quick.bash
+++ b/src/wg-quick.bash
@@ -79,7 +79,9 @@ add_if() {
 }
 
 del_if() {
-       DEFAULT_TABLE=$(( $(wg show "$INTERFACE" fwmark) ))
+       local fwmark="$(wg show "$INTERFACE" fwmark)"
+       DEFAULT_TABLE=0
+       [[ $fwmark != off ]] && DEFAULT_TABLE=$(( $fwmark ))
        if [[ $DEFAULT_TABLE -ne 0 ]]; then
                while [[ -n $(ip -4 rule show table $DEFAULT_TABLE) ]]; do
                        cmd ip -4 rule delete table $DEFAULT_TABLE

diff --git a/src/wg.8 b/src/wg.8
index 9aa76cfa033118669b3ff1ff4e15c33087f2072f..293376128f389cbb9b5e11741883d6b111d637cb 100644 (file)
--- a/src/wg.8
+++ b/src/wg.8
@@ -67,14 +67,16 @@ it adds an additional layer of symmetric-key cryptography to be mixed into
 the already existing public-key cryptography, for post-quantum resistance.
 If \fIallowed-ips\fP is specified, but the value is the empty string, all
 allowed ips are removed from the peer. The use of \fIpersistent-keepalive\fP
-is optional and is by default off; setting it to 0 or "off", disables it.
+is optional and is by default off; setting it to 0 or "off" disables it.
 Otherwise it represents, in seconds, between 1 and 65535 inclusive, how often
 to send an authenticated empty packet to the peer, for the purpose of keeping
 a stateful firewall or NAT mapping valid persistently. For example, if the
 interface very rarely sends traffic, but it might at anytime receive traffic
 from a peer, and it is behind NAT, the interface might benefit from having a
 persistent keepalive interval of 25 seconds; however, most users will not need
-this.
+this. The use of \fIfwmark\fP is optional and is by default off; setting it to
+0 or "off" disables it. Otherwise it is a 32-bit fwmark for outgoing packets
+and may be specified in hexadecimal by prepending "0x".
 .TP
 \fBsetconf\fP \fI<interface>\fP \fI<configuration-filename>\fP
 Sets the current configuration of \fI<interface>\fP to the contents of
@@ -126,7 +128,8 @@ for post-quantum resistance.
 ListenPort \(em a 16-bit port for listening. Optional; if not specified, chosen
 randomly.
 .IP \(bu
-FwMark \(em a 32-bit fwmark for outgoing packets. Optional.
+FwMark \(em a 32-bit fwmark for outgoing packets. If set to 0 or "off", this
+option is disabled. May be specified in hexadecimal by prepending "0x". Optional.
 .P
 The \fIPeer\fP sections may contain the following fields:
 .IP \(bu