Why does 'allowed-ips' affect route selection behavior?

["Patrick O'Sullivan" <irish@insaneirish.com>]

Hi Folks,

Getting my feet wet with wireguard and enjoying the simplicity and
performance thus far. Nonetheless, I have a question about how the
normal route selection process is being affected by what's configured
for 'allowed-ips'.

I set up a peer and configured 'allowed-ips' for 0.0.0.0/0, as I was
going to be sending multiple routes over the peer link via BGP and
didn't want to keep modifying it. However, even though my default
route was over a different interface, this seemed to result in Linux
trying to route default traffic over wg0 despite there not being a
default route pointing to wg0.

Specifically:

$ sudo ip route show
default via 10.199.199.1 dev wlan0
10.111.111.0/24 dev wg0 proto kernel scope link src 10.111.111.100
10.199.199.0/24 dev wlan0 proto kernel scope link src 10.199.199.131

By this route table, traffic to e.g. 4.2.2.1 should use 10.199.199.1.
Packet captures were showing traffic trying to instead use wg0. Then I
found this:

$ sudo ip route get 4.2.2.1
4.2.2.1 dev wg0 table 51820 src 10.111.111.100
    cache

Can someone please explain this behavior?

Obligatory... $ uname -rvm
4.14.30-v7+ #1102 SMP Mon Mar 26 16:45:49 BST 2018 armv7l

And... $ dpkg -l | grep wireguard
ii  wireguard                       0.0.20180413-1               all
       fast, modern, secure kernel VPN tunnel (metapackage)
ii  wireguard-dkms                  0.0.20180413-1               all
       fast, modern, secure kernel VPN tunnel (DKMS version)
ii  wireguard-tools                 0.0.20180413-1               armhf
       fast, modern, secure kernel VPN tunnel (userland utilities)