Linux::WireGuard - WireGuard in Perl
my @names = Linux::WireGuard::list_device_names(); my %device = map { $_ => Linux::WireGuard::get_device($_) } @names;
Linux::WireGuard provides an interface to WireGuard via Linux’s embedded WireGuard C library.
NB: Although WireGuard itself is cross-platform, its embedded C library is Linux-specific.
All strings into & out of this module are byte strings.
Failures become Perl exceptions. Currently those exceptions are plain strings. Errors that come from WireGuard also manifest as changes to Perl’s $! global; for example, if you try to get_device() while non-root, you’ll probably see (besides the thrown exception) $! become Errno::EPERM.
$!
get_device()
Returns a list of strings.
Returns a reference to a hash that describes the $NAME’d device:
name
ifindex
public_key and private_key (raw strings, or undef)
public_key
private_key
fwmark (can be undef)
fwmark
listen_port (can be undef)
listen_port
peers - reference to an array of hash references. Each hash is:
peers
public_key and preshared_key (raw strings, or undef)
preshared_key
endpoint - Raw sockaddr data (a string), or undef. To parse the sockaddr, use Socket’s sockaddr_family() to determine the address family, then unpack_sockaddr_in() for Socket::AF_INET or unpack_sockaddr_in6() for Socket::AF_INET6.
endpoint
sockaddr_family()
unpack_sockaddr_in()
unpack_sockaddr_in6()
rx_bytes and tx_bytes
rx_bytes
tx_bytes
persistent_keepalive_interval (can be undef)
persistent_keepalive_interval
last_handshake_time_sec and last_handshake_time_nsec
last_handshake_time_sec
last_handshake_time_nsec
allowed_ips - reference to an array of hash references. Each hash is:
allowed_ips
family - Socket::AF_INET or Socket::AF_INET6
family
addr - A packed IPv4 or IPv6 address. Unpack with Socket’s inet_ntoa() or inet_ntop().
addr
inet_ntoa()
inet_ntop()
cidr
Adds a WireGuard device with the given $NAME.
Deletes a WireGuard device with the given $NAME.
Returns a newly-generated private key (raw string).
Takes a private key and returns its public key. (Both raw strings.)
Returns a newly-generated preshared key (raw string).
An implementation of set_device() would be nice to have.
set_device()
Copyright 2022 Gasper Software Consulting. All rights reserved.
Linux::WireGuard is licensed under the same terms as Perl itself (cf. perlartistic); HOWEVER, the embedded C wireguard library has its own copyright terms. Use of Linux::WireGuard may imply acceptance of that embedded C library’s own copyright terms. See this distribution’s wireguard-tools/contrib/embeddable-wg-library/README for details.
To install Linux::WireGuard, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Linux::WireGuard
CPAN shell
perl -MCPAN -e shell install Linux::WireGuard
For more information on module installation, please visit the detailed CPAN module installation guide.