From f52deeed031d967ffc5b38fc6e1272cbf03d9ab1 Mon Sep 17 00:00:00 2001
From: Michael Stapelberg <stapelberg@google.com>
Date: Mon, 6 Jun 2022 13:58:57 +0200
Subject: [PATCH] allow configuring extra addresses on interfaces

Useful when you need IPv6 and IPv4 addresses on a WireGuard tunnel.
---
 integration/netconfig/netconfig_test.go | 11 ++++++++++-
 internal/netconfig/netconfig.go         | 23 +++++++++++++++++++----
 2 files changed, 29 insertions(+), 5 deletions(-)

diff --git a/integration/netconfig/netconfig_test.go b/integration/netconfig/netconfig_test.go
index c64a26f..f462ec5 100644
--- a/integration/netconfig/netconfig_test.go
+++ b/integration/netconfig/netconfig_test.go
@@ -50,7 +50,10 @@ const goldenInterfaces = `
     },
     {
       "name": "wg0",
-      "addr": "fe80::1/64"
+      "addr": "fe80::1/64",
+      "extra_addrs": [
+        "10.22.100.1/24"
+      ]
     }
   ]
 }
@@ -461,6 +464,12 @@ peer: AVU3LodtnFaFnJmMyNNW7cUk4462lqnVULTFkjWYvRo=
 		if !upRe.MatchString(string(out)) {
 			t.Errorf("regexp %s does not match %s", upRe, string(out))
 		}
+
+		addr4Re := regexp.MustCompile(`(?m)^\s*inet 10.22.100.1/24 brd 10.22.100.255 scope global wg0\s*$`)
+		if !addr4Re.MatchString(string(out)) {
+			t.Errorf("regexp %s does not match %s", addr4Re, string(out))
+		}
+
 		addr6Re := regexp.MustCompile(`(?m)^\s*inet6 fe80::1/64 scope link\s*$`)
 		if !addr6Re.MatchString(string(out)) {
 			t.Errorf("regexp %s does not match %s", addr6Re, string(out))
diff --git a/internal/netconfig/netconfig.go b/internal/netconfig/netconfig.go
index 0b250f1..726055e 100644
--- a/internal/netconfig/netconfig.go
+++ b/internal/netconfig/netconfig.go
@@ -192,10 +192,11 @@ func applyDhcp6(dir string) error {
 }
 
 type InterfaceDetails struct {
-	HardwareAddr      string `json:"hardware_addr"`       // e.g. dc:9b:9c:ee:72:fd
-	SpoofHardwareAddr string `json:"spoof_hardware_addr"` // e.g. dc:9b:9c:ee:72:fd
-	Name              string `json:"name"`                // e.g. uplink0, or lan0
-	Addr              string `json:"addr"`                // e.g. 192.168.42.1/24
+	HardwareAddr      string   `json:"hardware_addr"`       // e.g. dc:9b:9c:ee:72:fd
+	SpoofHardwareAddr string   `json:"spoof_hardware_addr"` // e.g. dc:9b:9c:ee:72:fd
+	Name              string   `json:"name"`                // e.g. uplink0, or lan0
+	Addr              string   `json:"addr"`                // e.g. 192.168.42.1/24
+	ExtraAddrs        []string `json:"extra_addrs"`         // e.g. ["192.168.23.1/24"]
 }
 
 type BridgeDetails struct {
@@ -399,6 +400,20 @@ func applyInterfaces(dir, root string) error {
 				}
 			}
 		}
+
+		for _, addr := range details.ExtraAddrs {
+			addr, err := netlink.ParseAddr(addr)
+			if err != nil {
+				return fmt.Errorf("ParseAddr(%q): %v", addr, err)
+			}
+
+			if err := netlink.AddrReplace(l, addr); err != nil {
+				return fmt.Errorf("AddrReplace(%s, %v): %v", attr.Name, addr, err)
+			}
+		}
+
+		// TODO: allow static route configuration (ExtraRoutes)
+		// 2a02:168:4a00:22::/64 via fe80::2 dev wg0
 	}
 	return nil
 }