wireguard: T7087: Fix vyos-domain-resolver failing if no wireguard in…

…terfaces defined
vyos · Jan 25, 2025 · f07e1fb · f07e1fb
1 parent 10ee7ac
commit f07e1fb
Showing 1 changed file with 33 additions and 32 deletions.
diff --git a/src/services/vyos-domain-resolver b/src/services/vyos-domain-resolver
@@ -177,39 +177,40 @@ def update_fqdn(config, node):
 def update_interfaces(config, node):
     if node == 'interfaces':
         wg_interfaces = dict_search_args(config, 'wireguard')
+        if wg_interfaces:
+
+            peer_public_keys = {}
+            # for each wireguard interfaces
+            for interface, wireguard in wg_interfaces.items():
+                peer_public_keys[interface] = []
+                for peer, peer_config in wireguard['peer'].items():
+                    # check peer if peer host-name or address is set
+                    if 'host_name' in peer_config or 'address' in peer_config:
+                        # check latest handshake
+                        peer_public_keys[interface].append(
+                            peer_config['public_key']
+                        )
+
+            now_time = time.time()
+            for (interface, check_peer_public_keys) in peer_public_keys.items():
+                if len(check_peer_public_keys) == 0:
+                    continue
 
-        peer_public_keys = {}
-        # for each wireguard interfaces
-        for interface, wireguard in wg_interfaces.items():
-            peer_public_keys[interface] = []
-            for peer, peer_config in wireguard['peer'].items():
-                # check peer if peer host-name or address is set
-                if 'host_name' in peer_config or 'address' in peer_config:
-                    # check latest handshake
-                    peer_public_keys[interface].append(
-                        peer_config['public_key']
-                    )
-
-        now_time = time.time()
-        for (interface, check_peer_public_keys) in peer_public_keys.items():
-            if len(check_peer_public_keys) == 0:
-                continue
-
-            intf = WireGuardIf(interface, create=False, debug=False)
-            handshakes = intf.operational.get_latest_handshakes()
-
-            # WireGuard performs a handshake every WIREGUARD_REKEY_AFTER_TIME
-            # if data is being transmitted between the peers. If no data is
-            # transmitted, the handshake will not be initiated unless new
-            # data begins to flow. Each handshake generates a new session
-            # key, and the key is rotated at least every 120 seconds or
-            # upon data transmission after a prolonged silence.
-            for public_key, handshake_time in handshakes.items():
-                if public_key in check_peer_public_keys and (
-                    handshake_time == 0
-                    or (now_time - handshake_time > 3*WIREGUARD_REKEY_AFTER_TIME)
-                ):
-                    intf.operational.reset_peer(public_key=public_key)
+                intf = WireGuardIf(interface, create=False, debug=False)
+                handshakes = intf.operational.get_latest_handshakes()
+
+                # WireGuard performs a handshake every WIREGUARD_REKEY_AFTER_TIME
+                # if data is being transmitted between the peers. If no data is
+                # transmitted, the handshake will not be initiated unless new
+                # data begins to flow. Each handshake generates a new session
+                # key, and the key is rotated at least every 120 seconds or
+                # upon data transmission after a prolonged silence.
+                for public_key, handshake_time in handshakes.items():
+                    if public_key in check_peer_public_keys and (
+                        handshake_time == 0
+                        or (now_time - handshake_time > 3*WIREGUARD_REKEY_AFTER_TIME)
+                    ):
+                        intf.operational.reset_peer(public_key=public_key)
 
 if __name__ == '__main__':
     logger.info('VyOS domain resolver')