diff options
| author | Eugene Grosbein <eugen@FreeBSD.org> | 2025-08-06 01:19:55 +0700 |
|---|---|---|
| committer | Eugene Grosbein <eugen@FreeBSD.org> | 2025-08-06 01:23:54 +0700 |
| commit | 618ae04f2c3ac2dafbd597117995137d08a1376c (patch) | |
| tree | 5dd4345bab7363a2a53ceb1127e1dd950b88b8c9 /net/amnezia-tools/files/patch-config.c | |
| parent | net-mgmt/netdata: Enable essential DASHBOARD option by default (diff) | |
net/amnezia-kmod, net/amnezia-tools: new ports
AmneziaWG is a version of the popular VPN protocol, WireGuard.
It offers protection against detection by Deep Packet Inspection
(DPI) systems. At the same time, it retains the simplified
architecture and high performance of the original.
PR: 288599
Approved by: core (glebius)
Diffstat (limited to 'net/amnezia-tools/files/patch-config.c')
| -rw-r--r-- | net/amnezia-tools/files/patch-config.c | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/net/amnezia-tools/files/patch-config.c b/net/amnezia-tools/files/patch-config.c new file mode 100644 index 000000000000..4e07d978251a --- /dev/null +++ b/net/amnezia-tools/files/patch-config.c @@ -0,0 +1,50 @@ +--- config.c.orig 2024-10-01 13:02:42 UTC ++++ config.c +@@ -337,6 +337,20 @@ static bool validate_netmask(struct wgallowedip *allow + return true; + } + ++static inline void parse_ip_prefix(struct wgpeer *peer, uint32_t *flags, char **mask) ++{ ++ /* If the IP is prefixed with either '+' or '-' consider this an ++ * incremental change. Disable WGPEER_REPLACE_ALLOWEDIPS. */ ++ switch ((*mask)[0]) { ++ case '-': ++ *flags |= WGALLOWEDIP_REMOVE_ME; ++ /* fall through */ ++ case '+': ++ peer->flags &= ~WGPEER_REPLACE_ALLOWEDIPS; ++ ++(*mask); ++ } ++} ++ + static inline bool parse_allowedips(struct wgpeer *peer, struct wgallowedip **last_allowedip, const char *value) + { + struct wgallowedip *allowedip = *last_allowedip, *new_allowedip; +@@ -353,10 +367,18 @@ static inline bool parse_allowedips(struct wgpeer *pee + } + sep = mutable; + while ((mask = strsep(&sep, ","))) { ++ uint32_t flags = 0; + unsigned long cidr; + char *end, *ip; + ++ parse_ip_prefix(peer, &flags, &mask); ++ + saved_entry = strdup(mask); ++ if (!saved_entry) { ++ perror("strdup"); ++ free(mutable); ++ return false; ++ } + ip = strsep(&mask, "/"); + + new_allowedip = calloc(1, sizeof(*new_allowedip)); +@@ -387,6 +409,7 @@ static inline bool parse_allowedips(struct wgpeer *pee + else + goto err; + new_allowedip->cidr = cidr; ++ new_allowedip->flags = flags; + + if (!validate_netmask(new_allowedip)) + fprintf(stderr, "Warning: AllowedIP has nonzero host part: %s/%s\n", ip, mask); |