From: Stefan Hanreich <s.hanreich@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [PATCH proxmox-ve-rs 09/13] fabric: wireguard: add helper for findings peer based on endpoint
Date: Wed, 17 Jun 2026 13:10:06 +0200 [thread overview]
Message-ID: <20260617111012.312710-10-s.hanreich@proxmox.com> (raw)
In-Reply-To: <20260617111012.312710-1-s.hanreich@proxmox.com>
This function will be used by the status reporting, which requires the
ability to match an entry from the dump output to the respective node
in the section config, in order to include the corresponding
node/interface in its informational output. This helps users matching
peers from the running WireGuard configuration to their respective
section config entry.
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
proxmox-ve-config/src/sdn/fabric/mod.rs | 115 +++++++++++++++++-
.../section_config/protocol/wireguard.rs | 8 ++
2 files changed, 121 insertions(+), 2 deletions(-)
diff --git a/proxmox-ve-config/src/sdn/fabric/mod.rs b/proxmox-ve-config/src/sdn/fabric/mod.rs
index 22f19c7..d608266 100644
--- a/proxmox-ve-config/src/sdn/fabric/mod.rs
+++ b/proxmox-ve-config/src/sdn/fabric/mod.rs
@@ -7,6 +7,7 @@ use std::marker::PhantomData;
use std::ops::Deref;
use anyhow::Error;
+use proxmox_network_types::endpoint::ServiceEndpoint;
use section_config::protocol::wireguard::WireGuardProperties;
use serde::{Deserialize, Serialize};
@@ -34,8 +35,9 @@ use crate::sdn::fabric::section_config::protocol::ospf::{
OspfNodePropertiesUpdater, OspfProperties, OspfPropertiesUpdater,
};
use crate::sdn::fabric::section_config::protocol::wireguard::{
- WireGuardDeletableProperties, WireGuardNode, WireGuardNodeDeletableProperties,
- WireGuardNodePeer, WireGuardNodeUpdater, WireGuardPropertiesUpdater,
+ WireGuardDeletableProperties, WireGuardInterfaceProperties, WireGuardNode,
+ WireGuardNodeDeletableProperties, WireGuardNodePeer, WireGuardNodeUpdater,
+ WireGuardPropertiesUpdater,
};
use crate::sdn::fabric::section_config::{FabricOrNode, Section};
@@ -215,6 +217,115 @@ impl_entry!(Ospf, OspfProperties, OspfNodeProperties);
impl_entry!(WireGuard, WireGuardProperties, WireGuardNode);
impl_entry!(Bgp, BgpProperties, BgpNode);
+impl Entry<WireGuardProperties, WireGuardNode> {
+ /// Search for a node in the fabric based on its endpoint.
+ ///
+ /// Searches for the node in the fabric configuration that has the given endpoint on a specific
+ /// node. Mainly useful for mapping the `wg show` output to a node entry in the section config
+ /// via the specified endpoint.
+ pub fn find_node_and_interface_by_endpoint(
+ &self,
+ local_node_id: &NodeId,
+ endpoint: &ServiceEndpoint,
+ ) -> Result<Option<(&Node, Option<&WireGuardInterfaceProperties>)>, Error> {
+ let node = self.get_node(local_node_id)?;
+
+ let Node::WireGuard(wireguard_node) = node else {
+ anyhow::bail!("no wireguard node with id {local_node_id} found");
+ };
+
+ let WireGuardNode::Internal(internal_node) = wireguard_node.properties() else {
+ anyhow::bail!("wireguard node with id {local_node_id} is not an internal node");
+ };
+
+ for peer in internal_node.peers() {
+ if let Some(peer_endpoint) = peer.endpoint() {
+ if endpoint == peer_endpoint {
+ let referenced_node = self.get_node(peer.node())?;
+
+ return Ok(Some(match peer {
+ WireGuardNodePeer::Internal(internal_peer) => {
+ let referenced_wireguard_node =
+ self.node_section(&internal_peer.node)?;
+
+ let WireGuardNode::Internal(referenced_internal_node) =
+ referenced_wireguard_node.properties()
+ else {
+ anyhow::bail!(
+ "referenced node {} is not a internal wireguard node",
+ internal_peer.node
+ );
+ };
+
+ (
+ referenced_node,
+ Some(
+ referenced_internal_node
+ .interfaces()
+ .find(|interface| {
+ interface.name() == &internal_peer.node_iface
+ })
+ .ok_or_else(|| {
+ anyhow::anyhow!("referenced interface does not exist")
+ })?,
+ ),
+ )
+ }
+ WireGuardNodePeer::External(_) => (referenced_node, None),
+ }));
+ }
+ } else {
+ let referenced_node = self.get_node(peer.node())?;
+
+ match peer {
+ WireGuardNodePeer::Internal(internal_peer) => {
+ let referenced_wireguard_node = self.node_section(&internal_peer.node)?;
+
+ let WireGuardNode::Internal(referenced_internal_node) =
+ referenced_wireguard_node.properties()
+ else {
+ anyhow::bail!(
+ "referenced node {} is not a internal wireguard node",
+ internal_peer.node
+ );
+ };
+
+ let Some(ip_host) = &referenced_internal_node.endpoint else {
+ continue;
+ };
+
+ for interface in internal_node.interfaces() {
+ let node_endpoint =
+ ServiceEndpoint::new(&ip_host.to_string(), interface.listen_port)?;
+
+ if &node_endpoint == endpoint {
+ return Ok(Some((referenced_node, Some(interface))));
+ }
+ }
+ }
+ WireGuardNodePeer::External(external_peer) => {
+ let referenced_wireguard_node = self.node_section(&external_peer.node)?;
+
+ let WireGuardNode::External(referenced_external_node) = referenced_wireguard_node.properties()
+ else {
+ anyhow::bail!(
+ "referenced node {} is not an external wireguard node",
+ external_peer.node
+ );
+ };
+
+ if &referenced_external_node.endpoint == endpoint {
+ return Ok(Some((referenced_node, None)));
+ }
+ }
+ }
+ }
+ }
+
+ return Ok(None);
+ }
+}
+
/// All possible entries in a [`FabricConfig`].
///
/// It utilizes the [`Entry`] struct to validate proper combinations of [`FabricSection`] and
diff --git a/proxmox-ve-config/src/sdn/fabric/section_config/protocol/wireguard.rs b/proxmox-ve-config/src/sdn/fabric/section_config/protocol/wireguard.rs
index a2d8c6e..38cc8f0 100644
--- a/proxmox-ve-config/src/sdn/fabric/section_config/protocol/wireguard.rs
+++ b/proxmox-ve-config/src/sdn/fabric/section_config/protocol/wireguard.rs
@@ -488,6 +488,14 @@ impl WireGuardNodePeer {
}
}
+ /// Returns the endpoint override for this peer definition, if it exists.
+ pub fn endpoint(&self) -> Option<&ServiceEndpoint> {
+ match self {
+ WireGuardNodePeer::Internal(internal_peer) => internal_peer.endpoint.as_ref(),
+ WireGuardNodePeer::External(external_peer) => external_peer.endpoint.as_ref(),
+ }
+ }
+
pub fn node_iface(&self) -> Option<&WireGuardInterfaceName> {
match self {
WireGuardNodePeer::Internal(internal_peer) => Some(&internal_peer.node_iface),
--
2.47.3
next prev parent reply other threads:[~2026-06-17 11:10 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-17 11:09 [PATCH docs/manager/network/proxmox{,-backup,-datacenter-manager,-firewall,-network-interface-pinning,-ve-rs,-perl-rs} 00/13] Status reporting for wireguard fabrics Stefan Hanreich
2026-06-17 11:09 ` [PATCH proxmox 01/13] iproute2: schema: move iproute2 helpers to new create / schema Stefan Hanreich
2026-06-17 11:09 ` [PATCH proxmox 02/13] iproute2: add missing getters Stefan Hanreich
2026-06-17 11:10 ` [PATCH proxmox 03/13] iproute2: add support for parsing interface flags Stefan Hanreich
2026-06-17 11:10 ` [PATCH proxmox 04/13] wireguard: derive additional traits for public key Stefan Hanreich
2026-06-17 11:10 ` [PATCH proxmox-backup 05/13] metric_collection: switch to proxmox-iproute2 crate Stefan Hanreich
2026-06-17 11:10 ` [PATCH proxmox-datacenter-manager 06/13] " Stefan Hanreich
2026-06-17 11:10 ` [PATCH proxmox-firewall 07/13] firewall config: " Stefan Hanreich
2026-06-17 11:10 ` [PATCH proxmox-network-interface-pinning 08/13] network-interface-pinning: " Stefan Hanreich
2026-06-17 11:10 ` Stefan Hanreich [this message]
2026-06-17 11:10 ` [PATCH proxmox-perl-rs 10/13] sdn status: fabrics: add status reporting for wireguard Stefan Hanreich
2026-06-17 11:10 ` [PATCH pve-network 11/13] api: fabric status: add schema for wireguard properties Stefan Hanreich
2026-06-17 11:10 ` [PATCH pve-manager 12/13] ui: fabric content: add wireguard protocol Stefan Hanreich
2026-06-17 11:10 ` [PATCH pve-docs 13/13] sdn: add documentation for wireguard status reporting Stefan Hanreich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260617111012.312710-10-s.hanreich@proxmox.com \
--to=s.hanreich@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.