WireGuard · Manouchehri · Mar 3, 2020
diff --git a/contrib/highlighter/gui/highlight.cpp b/contrib/highlighter/gui/highlight.cpp
@@ -25,6 +25,7 @@ static QColor colormap[] = {
 	[HighlightDelimiter] = QColor("#7aa6da"),
 #ifndef MOBILE_WGQUICK_SUBSET
 	[HighlightTable] = QColor("#c397d8"),
+	[HighlightNetNS] = QColor("#c397d8"),
 	[HighlightFwMark] = QColor("#c397d8"),
 	[HighlightSaveConfig] = QColor("#c397d8"),
 	[HighlightCmd] = QColor("#969896"),

diff --git a/contrib/highlighter/highlight.c b/contrib/highlighter/highlight.c
@@ -51,6 +51,7 @@ static const char *colormap[] = {
 	[HighlightDelimiter] = TERMINAL_FG_CYAN,
 #ifndef MOBILE_WGQUICK_SUBSET
 	[HighlightTable] = TERMINAL_FG_BLUE,
+	[HighlightNetNS] = TERMINAL_FG_BLUE,
 	[HighlightFwMark] = TERMINAL_FG_BLUE,
 	[HighlightSaveConfig] = TERMINAL_FG_BLUE,
 	[HighlightCmd] = TERMINAL_FG_WHITE,

diff --git a/contrib/highlighter/highlighter.h b/contrib/highlighter/highlighter.h
@@ -21,6 +21,7 @@ enum highlight_type {
 	HighlightDelimiter,
 #ifndef MOBILE_WGQUICK_SUBSET
 	HighlightTable,
+	HighlightNetNS,
 	HighlightFwMark,
 	HighlightSaveConfig,
 	HighlightCmd,

diff --git a/src/man/wg-quick.8 b/src/man/wg-quick.8
@@ -92,6 +92,9 @@ special values: `off' disables the creation of routes altogether, and `auto'
 (the default) adds routes to the default table and enables special handling of
 default routes.
 .IP \(bu
+NetNS \(em Controls in which network namespace the WireGuard UDP socket is added to. The
+namespace has to be created before WireGuard use.
+.IP \(bu
 PreUp, PostUp, PreDown, PostDown \(em script snippets which will be executed by
 .BR bash (1)
 before/after setting up/tearing down the interface, most commonly used

diff --git a/src/wg-quick/linux.bash b/src/wg-quick/linux.bash
@@ -18,6 +18,7 @@ MTU=""
 DNS=( )
 DNS_SEARCH=( )
 TABLE=""
+NETNS=""
 PRE_UP=( )
 POST_UP=( )
 PRE_DOWN=( )
@@ -61,6 +62,7 @@ parse_options() {
 				[[ $v =~ (^[0-9.]+$)|(^.*:.*$) ]] && DNS+=( $v ) || DNS_SEARCH+=( $v )
 			done; continue ;;
 			Table) TABLE="$value"; continue ;;
+			NetNS) NETNS="$value"; continue ;;
 			PreUp) PRE_UP+=( "$value" ); continue ;;
 			PreDown) PRE_DOWN+=( "$value" ); continue ;;
 			PostUp) POST_UP+=( "$value" ); continue ;;
@@ -87,7 +89,18 @@ auto_su() {
 
 add_if() {
 	local ret
-	if ! cmd ip link add "$INTERFACE" type wireguard; then
+	if [[ -n $NETNS ]]; then
+		if ! ip netns pids "${NETNS}" > /dev/null; then
+			ret=$?
+			echo "[!] Target namespace '${NETNS}' not found"
+			exit $ret
+		elif ! cmd ip -n "${NETNS}" link add "$INTERFACE" type wireguard; then
+			ret=$?
+			[[ -e /sys/module/wireguard ]] || ! command -v "${WG_QUICK_USERSPACE_IMPLEMENTATION:-wireguard-go}" >/dev/null && exit $ret
+			echo "[!] Missing WireGuard kernel module. Falling back to slow userspace implementation."
+		fi
+		cmd ip -n "${NETNS}" link set "$INTERFACE" netns 1
+	elif ! cmd ip link add "$INTERFACE" type wireguard; then
 		ret=$?
 		[[ -e /sys/module/wireguard ]] || ! command -v "${WG_QUICK_USERSPACE_IMPLEMENTATION:-wireguard-go}" >/dev/null && exit $ret
 		echo "[!] Missing WireGuard kernel module. Falling back to slow userspace implementation." >&2
@@ -263,6 +276,7 @@ save_config() {
 	done < <(resolvconf -l "$(resolvconf_iface_prefix)$INTERFACE" 2>/dev/null || cat "/etc/resolvconf/run/interface/$(resolvconf_iface_prefix)$INTERFACE" 2>/dev/null)
 	[[ -n $MTU && $(ip link show dev "$INTERFACE") =~ mtu\ ([0-9]+) ]] && new_config+="MTU = ${BASH_REMATCH[1]}"$'\n'
 	[[ -n $TABLE ]] && new_config+="Table = $TABLE"$'\n'
+	[[ -n $NETNS ]] && new_config+="NetNS = $NETNS"$'\n'
 	[[ $SAVE_CONFIG -eq 0 ]] || new_config+=$'SaveConfig = true\n'
 	for cmd in "${PRE_UP[@]}"; do
 		new_config+="PreUp = $cmd"$'\n'