* wg-quick and iptables race condition bug
@ 2022-01-31 7:05 Ali Intika
0 siblings, 0 replies; only message in thread
From: Ali Intika @ 2022-01-31 7:05 UTC (permalink / raw)
First thanks for this amazing piece of code :)
The bug: iptables rules can not be applied in parallel, thus iptables
have the "-w" option (--wait, maximum wait to acquire xtables lock
before giving up) to circumvent this; the "-w" parameter is not used
in wireguard-tools which lead to a racing condition on some systems.
When using wg-quick on a system that do handle often the iptables
rules, especially if we are using wg-quick for a long manipulation (eg
turn up/down multiple interfaces), the command just fail if an other
iptables manipulation is going on, on the system. replacing "iptables"
with "iptables -w 10" on the Wireguard's script/c app (for android)
will solve the issue.
eg where the issue occur
- server handling iptables rules dynamically
- server/client where iptables is often manipulated
Personally I am mainly having this issue on android where the script
is a binary and not as easily editable as an sh file.
Thanks for your consideration
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-02-14 13:55 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-31 7:05 wg-quick and iptables race condition bug Ali Intika
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).