From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Jason@zx2c4.com Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id e35a0a43 for ; Tue, 20 Dec 2016 03:07:07 +0000 (UTC) Received: from frisell.zx2c4.com (frisell.zx2c4.com [192.95.5.64]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 9afbaee0 for ; Tue, 20 Dec 2016 03:07:07 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id cfef5198 for ; Tue, 20 Dec 2016 03:07:07 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id c9229d29 (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128:NO) for ; Tue, 20 Dec 2016 03:07:07 +0000 (UTC) Received: by mail-oi0-f53.google.com with SMTP id b126so165714056oia.2 for ; Mon, 19 Dec 2016 19:14:07 -0800 (PST) MIME-Version: 1.0 In-Reply-To: <20161220011334.GB16814@tuxmachine.polynome.dn42> References: <20161220011334.GB16814@tuxmachine.polynome.dn42> From: "Jason A. Donenfeld" Date: Tue, 20 Dec 2016 04:14:06 +0100 Message-ID: Subject: Re: openwrt route_allowed_ips is inprecise To: Baptiste Jonglez Content-Type: text/plain; charset=UTF-8 Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Hey Baptiste, On Tue, Dec 20, 2016 at 2:13 AM, Baptiste Jonglez wrote: > By the way, besides the issue of magic, this approach seems incorrect > depending on the order of the routes. Consider the case where cmd_add() > handles the following sequence of allowed-ips: > > 10.0.0.0/8 dev wg0 > 10.4.7.0/24 dev wg0 > 10.4.0.0/16 dev wg1 > > Your method would incorrectly drop the second route, and then the third > route would take over traffic for this /24 through the wrong interface. Very smart point and astute observation! This should be fixed here: https://git.zx2c4.com/WireGuard/commit/?id=5838c950859f1b55ad344e81b77a0b71917ffd61 Unless there are objections, that will ship with the next snapshot. Jason