Development discussion of WireGuard
 help / color / mirror / Atom feed
* wg-quick and iptables race condition bug
@ 2022-01-31  7:05 Ali Intika
  0 siblings, 0 replies; only message in thread
From: Ali Intika @ 2022-01-31  7:05 UTC (permalink / raw)
  To: wireguard

Hi,

First thanks for this amazing piece of code :)

The bug: iptables rules can not be applied in parallel, thus iptables
have the "-w" option (--wait, maximum wait to acquire xtables lock
before giving up) to circumvent this; the "-w" parameter is not used
in wireguard-tools which lead to a racing condition on some systems.

When using wg-quick on a system that do handle often the iptables
rules, especially if we are using wg-quick for a long manipulation (eg
turn up/down multiple interfaces), the command just fail if an other
iptables manipulation is going on, on the system. replacing "iptables"
with "iptables -w 10" on the Wireguard's script/c app (for android)
will solve the issue.

eg where the issue occur
- server handling iptables rules dynamically
- server/client where iptables is often manipulated

Personally I am mainly having this issue on android where the script
is a binary and not as easily editable as an sh file.

Thanks for your consideration
:)

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2022-02-14 13:55 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-31  7:05 wg-quick and iptables race condition bug Ali Intika

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).