From a6bd1c3382b10b657f45e4fce6ef12f2d95fb3ff Mon Sep 17 00:00:00 2001
From: sskaje <sskaje@gmail.com>
Date: Fri, 22 Nov 2024 00:39:15 +0800
Subject: [PATCH] T4930: make wg dns retry configurable through `interfaces
 wireguard wgX max-dns-retry`

---
 interface-definitions/interfaces_wireguard.xml.in | 13 +++++++++++++
 python/vyos/ifconfig/wireguard.py                 |  6 ++++--
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/interface-definitions/interfaces_wireguard.xml.in b/interface-definitions/interfaces_wireguard.xml.in
index ecb7a64dfb..0818a4715b 100644
--- a/interface-definitions/interfaces_wireguard.xml.in
+++ b/interface-definitions/interfaces_wireguard.xml.in
@@ -40,6 +40,19 @@
             </properties>
             <defaultValue>0</defaultValue>
           </leafNode>
+          <leafNode name="max-dns-retry">
+            <properties>
+              <help>Max retry when DNS resolves failed.</help>
+              <valueHelp>
+                <format>u32:1-15</format>
+                <description>Max retry times</description>
+              </valueHelp>
+              <constraint>
+                <validator name="numeric" argument="--range 1-15"/>
+              </constraint>
+            </properties>
+            <defaultValue>3</defaultValue>
+          </leafNode>
           <leafNode name="private-key">
             <properties>
               <help>Base64 encoded private key</help>
diff --git a/python/vyos/ifconfig/wireguard.py b/python/vyos/ifconfig/wireguard.py
index 2c21856d2f..1ca4005011 100644
--- a/python/vyos/ifconfig/wireguard.py
+++ b/python/vyos/ifconfig/wireguard.py
@@ -161,6 +161,7 @@ def reset_peer(self, interface, peer_name=None):
 
         c = Config()
         c.set_level(['interfaces', 'wireguard', self.config['ifname']])
+        max_dns_retry = c.return_effective_value(['max-dns-retry'], 3)
 
         for peer in c.list_effective_nodes(['peer']):
             if peer_name is None or peer == peer_name:
@@ -179,7 +180,7 @@ def reset_peer(self, interface, peer_name=None):
                         f'Resetting {self.config["ifname"]} peer {public_key} endpoint to {address}:{port} ... ',
                         end='',
                     )
-                    self._cmd(cmd, env={'WG_ENDPOINT_RESOLUTION_RETRIES': '5'})
+                    self._cmd(cmd, env={'WG_ENDPOINT_RESOLUTION_RETRIES': str(max_dns_retry)})
                     print('done')
                 except:
                     print(f'Error\nPlease try to run command manually:\n{cmd}')
@@ -216,6 +217,7 @@ def update(self, config):
 
         # Wireguard base command is identical for every peer
         base_cmd = 'wg set ' + config['ifname']
+        max_dns_retry = config['max_dns_retry']
 
         interface_cmd = base_cmd
         if 'port' in config:
@@ -277,7 +279,7 @@ def update(self, config):
 
                     self._cmd(
                         cmd.format(**peer_config),
-                        env={'WG_ENDPOINT_RESOLUTION_RETRIES': '5'},
+                        env={'WG_ENDPOINT_RESOLUTION_RETRIES': str(max_dns_retry)},
                     )
                 except:
                     # todo: logging