From: Til Kaiser <mail@tk154.de>
To: wireguard@lists.zx2c4.com
Cc: Til Kaiser <mail@tk154.de>
Subject: [PATCH] wg-quick: replace ip route add with ip route append
Date: Fri, 26 Jan 2024 19:37:42 +0100 [thread overview]
Message-ID: <20240126183742.1172754-1-mail@tk154.de> (raw)
Adding a WireGuard interface with an IPv6 link-local address
isn't possible when there is a route for another interface
with the same IPv6 prefix length on the system, assuming that
the "ip route add" command chooses the same metric value.
The Manpage of ip-route states: "With IPv6, further nexthops
may be appended to the same route via 'ip route append' command."
So this patch replaces all occurrences of "ip route add"
with "ip route append."
Steps to reproduce:
$ ip link add ip6-test-if type dummy
$ ip address add fe80::2/64 dev ip6-test-if
$ ip link set ip6-test-if up
$ ip -6 route flush dev ip6-test-if
$ ip -6 route add fe80::/64 dev ip6-test-if
$ wg-quick up ip6-test-wg
[#] ip link add ip6-test-wg type wireguard
[#] wg setconf ip6-test-wg /dev/fd/63
[#] ip -6 address add fe80::3/128 dev ip6-test-wg
[#] ip link set mtu 1420 up dev ip6-test-wg
[#] ip -6 route add fe80::/64 dev ip6-test-wg
RTNETLINK answers: File exists
[#] ip link delete dev ip6-test-wg
/etc/wireguard/ip6-test-wg.conf:
[Interface]
Address = fe80::3/128
...
[Peer]
AllowedIPs = fe80::/64
...
Signed-off-by: Til Kaiser <mail@tk154.de>
---
src/wg-quick/linux.bash | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/wg-quick/linux.bash b/src/wg-quick/linux.bash
index 4193ce5..f324762 100755
--- a/src/wg-quick/linux.bash
+++ b/src/wg-quick/linux.bash
@@ -170,11 +170,11 @@ add_route() {
[[ $TABLE != off ]] || return 0
if [[ -n $TABLE && $TABLE != auto ]]; then
- cmd ip $proto route add "$1" dev "$INTERFACE" table "$TABLE"
+ cmd ip $proto route append "$1" dev "$INTERFACE" table "$TABLE"
elif [[ $1 == */0 ]]; then
add_default "$1"
else
- [[ -n $(ip $proto route show dev "$INTERFACE" match "$1" 2>/dev/null) ]] || cmd ip $proto route add "$1" dev "$INTERFACE"
+ [[ -n $(ip $proto route show dev "$INTERFACE" match "$1" 2>/dev/null) ]] || cmd ip $proto route append "$1" dev "$INTERFACE"
fi
}
@@ -222,7 +222,7 @@ add_default() {
[[ $1 == *:* ]] && proto=-6 iptables=ip6tables pf=ip6
cmd ip $proto rule add not fwmark $table table $table
cmd ip $proto rule add table main suppress_prefixlength 0
- cmd ip $proto route add "$1" dev "$INTERFACE" table $table
+ cmd ip $proto route append "$1" dev "$INTERFACE" table $table
local marker="-m comment --comment \"wg-quick(8) rule for $INTERFACE\"" restore=$'*raw\n' nftable="wg-quick-$INTERFACE" nftcmd
printf -v nftcmd '%sadd table %s %s\n' "$nftcmd" "$pf" "$nftable"
--
2.40.1
next reply other threads:[~2024-11-18 14:13 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-26 18:37 Til Kaiser [this message]
-- strict thread matches above, loose matches on Subject: below --
2024-01-17 21:01 Til Kaiser
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240126183742.1172754-1-mail@tk154.de \
--to=mail@tk154.de \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).