* Some potential bug in wg-quick re. fwmark and default route
@ 2018-03-12 14:17 Saeid Akbari
2018-03-26 20:53 ` Luis Ressel
0 siblings, 1 reply; 3+ messages in thread
From: Saeid Akbari @ 2018-03-12 14:17 UTC (permalink / raw)
To: WireGuard mailing list
Hi,
Straight to the point :)
Suppose the following scenario:
On a client system I have 2 interfaces:
wg0 -> which has allowedips of 0.0.0.0; so it gets special treatment by wg-
quick -> so `ip rule add not fwmark 51820 table 51820`
wg1 -> which has a restrictive allowedips of 192.168.255.10/32 (not important)
also each one have a FwMark set in their config file:
wg0 -> 51800
wg1 -> 51820
Then: `wg-quick up wg0` and `wg-quick up wg1`
Now the problem is, when I do `wg-quick down wg1` it also deletes the default
rules for wg0, as its fwmark is 51820 which belongs to table of wg0. I see
that this might seem a little bit weird to do, but why rely on hard-coded
numbers if we can use the ones provided by the user...
So wouldn't be better if `add_default()` function first checks if fwmark is
present on device (thus config file) and use that as fwmark and table-id?
Like what `del_if()` does, borrowing its code:
```DEFAULT_TABLE=
add_default() {
local fwmark
fwmark="$(wg show "$INTERFACE" fwmark)"
[[ $fwmark != off ]] && DEFAULT_TABLE=$(( fwmark )) # borrowed
if [[ -z $DEFAULT_TABLE ]]; then
DEFAULT_TABLE=51820
while [[ -n $(ip -4 route show table $DEFAULT_TABLE) || -n $(ip -6 route
show table $DEFAULT_TABLE) ]]; do
((DEFAULT_TABLE++))
done
fi```
This way, default interface (the one having allowedips of 0.0.0.0) would
register its own fwmark, and bringing down other interfaces, doesn't delete
its rule.
+ But another issue, `del_if()` seems to assume that the interface is used as
default route when a fwmark is present on it. This causes deletion of "from
all lookup main suppress_prefixlength 0" when bringing down a non-default
interface (in this scenario, wg1).
Any ideas?
Thanks.
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: Some potential bug in wg-quick re. fwmark and default route
2018-03-12 14:17 Some potential bug in wg-quick re. fwmark and default route Saeid Akbari
@ 2018-03-26 20:53 ` Luis Ressel
2018-04-14 0:41 ` Jason A. Donenfeld
0 siblings, 1 reply; 3+ messages in thread
From: Luis Ressel @ 2018-03-26 20:53 UTC (permalink / raw)
To: Saeid Akbari; +Cc: WireGuard mailing list
Hello Saeid,
I'm sorry your inquiry has gone unanswered for two weeks; it was simply
drowned by all the user questions. I'm glad I found it now, since you
raise a few interesting points.
As you have discovered, wg-quick is very limited (being the wacky shell
script that it is) and behaves oddly in some corner cases.
I'm drawing a few diagrams right now to see if I can find a way to
improve the add_route/add_default and del_if parts of wg-quick without
increasing the overall complexity too much. Both of your suggestions are
good ideas; if you have further input, that'd be much appreciated!
Cheers,
Luis
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-04-14 0:27 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-03-12 14:17 Some potential bug in wg-quick re. fwmark and default route Saeid Akbari
2018-03-26 20:53 ` Luis Ressel
2018-04-14 0:41 ` Jason A. Donenfeld
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.