WireGuard Archive on lore.kernel.org
 help / color / Atom feed
* Error with wg-quick down when IPv6 not present
@ 2019-09-25  1:06 Brassy Panache
  2019-09-25  9:25 ` Jason A. Donenfeld
  0 siblings, 1 reply; 3+ messages in thread
From: Brassy Panache @ 2019-09-25  1:06 UTC (permalink / raw)
  To: wireguard

[-- Attachment #1.1: Type: text/plain, Size: 1117 bytes --]

I have a kernel without IPv6 support.  I've noticed when running:

$ wg-quick down vpn


I receive the following errors:

[#] ip -4 rule delete table 51820
[#] ip -4 rule delete table main suppress_prefixlength 0
RTNETLINK answers: Address family not supported by protocol
Dump terminated
RTNETLINK answers: Address family not supported by protocol
Dump terminated
[#] ip link delete dev vpn
[#] resolvconf -d vpn -f


This is caused by the assumption that the command:

$ ip -6 rule show


will run on the system.  I have made a change to my local wg-quick script
which first tests if the command runs successfully before it clears the
rules.  The same should probably also be done prior to running the IPv4
version of the command.

An alternate approach could also be to check that IPv6 is available in the
running kernel, but there didn't seem to be a reliable cross-platform
mechanism to do that [0].

In any case, I have attached a patch which I am running locally to avoid
these spurious errors.

[0]:
https://stackoverflow.com/questions/39983121/how-to-detect-if-system-has-ipv6-enabled-in-a-unix-shell-script

[-- Attachment #1.2: Type: text/html, Size: 1743 bytes --]

<div dir="ltr"><div>I have a kernel without IPv6 support.  I&#39;ve noticed when running:</div><div><br></div><div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div>$ wg-quick down vpn</div></blockquote><br></div><div>I receive the following errors:</div><div><br></div><div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div>[#] ip -4 rule delete table 51820<br>[#] ip -4 rule delete table main suppress_prefixlength 0<br>RTNETLINK answers: Address family not supported by protocol<br>Dump terminated<br>RTNETLINK answers: Address family not supported by protocol<br>Dump terminated<br>[#] ip link delete dev vpn<br>[#] resolvconf -d vpn -f<br></div></blockquote><br></div><div>This is caused by the assumption that the command:</div><div><br></div><div><blockquote style="margin:0 0 0 40px;border:none;padding:0px">$ ip -6 rule show<br></blockquote><br></div><div>will run on the system.  I have made a change to my local wg-quick script which first tests if the command runs successfully before it clears the rules.  The same should probably also be done prior to running the IPv4 version of the command.</div><div><br></div><div>An alternate approach could also be to check that IPv6 is available in the running kernel, but there didn&#39;t seem to be a reliable cross-platform mechanism to do that [0].</div><div><br></div><div>In any case, I have attached a patch which I am running locally to avoid these spurious errors.</div><div><br></div><div>[0]: <a href="https://stackoverflow.com/questions/39983121/how-to-detect-if-system-has-ipv6-enabled-in-a-unix-shell-script">https://stackoverflow.com/questions/39983121/how-to-detect-if-system-has-ipv6-enabled-in-a-unix-shell-script</a></div></div>

[-- Attachment #2: patch --]
[-- Type: application/octet-stream, Size: 927 bytes --]

[-- Attachment #3: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Error with wg-quick down when IPv6 not present
  2019-09-25  1:06 Error with wg-quick down when IPv6 not present Brassy Panache
@ 2019-09-25  9:25 ` Jason A. Donenfeld
  2019-09-25  9:30   ` Brassy Panache
  0 siblings, 1 reply; 3+ messages in thread
From: Jason A. Donenfeld @ 2019-09-25  9:25 UTC (permalink / raw)
  To: Brassy Panache; +Cc: wireguard

On Wed, Sep 25, 2019 at 11:06:18AM +1000, Brassy Panache wrote:
> I have a kernel without IPv6 support.  I've noticed when running:
> 
> $ wg-quick down vpn
> 
> 
> I receive the following errors:
> 
> [#] ip -4 rule delete table 51820
> [#] ip -4 rule delete table main suppress_prefixlength 0
> RTNETLINK answers: Address family not supported by protocol
> Dump terminated
> RTNETLINK answers: Address family not supported by protocol
> Dump terminated
> [#] ip link delete dev vpn
> [#] resolvconf -d vpn -f
> 
> 
> This is caused by the assumption that the command:
> 
> $ ip -6 rule show
> 
> 
> will run on the system.  I have made a change to my local wg-quick script
> which first tests if the command runs successfully before it clears the
> rules.  The same should probably also be done prior to running the IPv4
> version of the command.

Would this work?

diff --git a/src/tools/wg-quick/linux.bash b/src/tools/wg-quick/linux.bash
index e690944d..612ecd77 100755
--- a/src/tools/wg-quick/linux.bash
+++ b/src/tools/wg-quick/linux.bash
@@ -102,10 +102,10 @@ del_if() {
 		while [[ $(ip -4 rule show) == *"from all lookup main suppress_prefixlength 0"* ]]; do
 			cmd ip -4 rule delete table main suppress_prefixlength 0
 		done
-		while [[ $(ip -6 rule show) == *"lookup $table"* ]]; do
+		while [[ $(ip -6 rule show 2>/dev/null) == *"lookup $table"* ]]; do
 			cmd ip -6 rule delete table $table
 		done
-		while [[ $(ip -6 rule show) == *"from all lookup main suppress_prefixlength 0"* ]]; do
+		while [[ $(ip -6 rule show 2>/dev/null) == *"from all lookup main suppress_prefixlength 0"* ]]; do
 			cmd ip -6 rule delete table main suppress_prefixlength 0
 		done
 	fi

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Error with wg-quick down when IPv6 not present
  2019-09-25  9:25 ` Jason A. Donenfeld
@ 2019-09-25  9:30   ` Brassy Panache
  0 siblings, 0 replies; 3+ messages in thread
From: Brassy Panache @ 2019-09-25  9:30 UTC (permalink / raw)
  To: Jason A. Donenfeld; +Cc: wireguard

[-- Attachment #1.1: Type: text/plain, Size: 2193 bytes --]

I've just tested your patch and that works!  I no longer see the errors.  I
don't have a IPv6 environment to test with at the moment, so I cannot
verify that case.

On Wed, Sep 25, 2019 at 7:25 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:

> On Wed, Sep 25, 2019 at 11:06:18AM +1000, Brassy Panache wrote:
> > I have a kernel without IPv6 support.  I've noticed when running:
> >
> > $ wg-quick down vpn
> >
> >
> > I receive the following errors:
> >
> > [#] ip -4 rule delete table 51820
> > [#] ip -4 rule delete table main suppress_prefixlength 0
> > RTNETLINK answers: Address family not supported by protocol
> > Dump terminated
> > RTNETLINK answers: Address family not supported by protocol
> > Dump terminated
> > [#] ip link delete dev vpn
> > [#] resolvconf -d vpn -f
> >
> >
> > This is caused by the assumption that the command:
> >
> > $ ip -6 rule show
> >
> >
> > will run on the system.  I have made a change to my local wg-quick script
> > which first tests if the command runs successfully before it clears the
> > rules.  The same should probably also be done prior to running the IPv4
> > version of the command.
>
> Would this work?
>
> diff --git a/src/tools/wg-quick/linux.bash b/src/tools/wg-quick/linux.bash
> index e690944d..612ecd77 100755
> --- a/src/tools/wg-quick/linux.bash
> +++ b/src/tools/wg-quick/linux.bash
> @@ -102,10 +102,10 @@ del_if() {
>                 while [[ $(ip -4 rule show) == *"from all lookup main
> suppress_prefixlength 0"* ]]; do
>                         cmd ip -4 rule delete table main
> suppress_prefixlength 0
>                 done
> -               while [[ $(ip -6 rule show) == *"lookup $table"* ]]; do
> +               while [[ $(ip -6 rule show 2>/dev/null) == *"lookup
> $table"* ]]; do
>                         cmd ip -6 rule delete table $table
>                 done
> -               while [[ $(ip -6 rule show) == *"from all lookup main
> suppress_prefixlength 0"* ]]; do
> +               while [[ $(ip -6 rule show 2>/dev/null) == *"from all
> lookup main suppress_prefixlength 0"* ]]; do
>                         cmd ip -6 rule delete table main
> suppress_prefixlength 0
>                 done
>         fi
>
>

[-- Attachment #1.2: Type: text/html, Size: 2865 bytes --]

<div dir="ltr">I&#39;ve just tested your patch and that works!  I no longer see the errors.  I don&#39;t have a IPv6 environment to test with at the moment, so I cannot verify that case.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Sep 25, 2019 at 7:25 PM Jason A. Donenfeld &lt;<a href="mailto:Jason@zx2c4.com">Jason@zx2c4.com</a>&gt; wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Wed, Sep 25, 2019 at 11:06:18AM +1000, Brassy Panache wrote:<br>
&gt; I have a kernel without IPv6 support.  I&#39;ve noticed when running:<br>
&gt; <br>
&gt; $ wg-quick down vpn<br>
&gt; <br>
&gt; <br>
&gt; I receive the following errors:<br>
&gt; <br>
&gt; [#] ip -4 rule delete table 51820<br>
&gt; [#] ip -4 rule delete table main suppress_prefixlength 0<br>
&gt; RTNETLINK answers: Address family not supported by protocol<br>
&gt; Dump terminated<br>
&gt; RTNETLINK answers: Address family not supported by protocol<br>
&gt; Dump terminated<br>
&gt; [#] ip link delete dev vpn<br>
&gt; [#] resolvconf -d vpn -f<br>
&gt; <br>
&gt; <br>
&gt; This is caused by the assumption that the command:<br>
&gt; <br>
&gt; $ ip -6 rule show<br>
&gt; <br>
&gt; <br>
&gt; will run on the system.  I have made a change to my local wg-quick script<br>
&gt; which first tests if the command runs successfully before it clears the<br>
&gt; rules.  The same should probably also be done prior to running the IPv4<br>
&gt; version of the command.<br>
<br>
Would this work?<br>
<br>
diff --git a/src/tools/wg-quick/linux.bash b/src/tools/wg-quick/linux.bash<br>
index e690944d..612ecd77 100755<br>
--- a/src/tools/wg-quick/linux.bash<br>
+++ b/src/tools/wg-quick/linux.bash<br>
@@ -102,10 +102,10 @@ del_if() {<br>
                while [[ $(ip -4 rule show) == *&quot;from all lookup main suppress_prefixlength 0&quot;* ]]; do<br>
                        cmd ip -4 rule delete table main suppress_prefixlength 0<br>
                done<br>
-               while [[ $(ip -6 rule show) == *&quot;lookup $table&quot;* ]]; do<br>
+               while [[ $(ip -6 rule show 2&gt;/dev/null) == *&quot;lookup $table&quot;* ]]; do<br>
                        cmd ip -6 rule delete table $table<br>
                done<br>
-               while [[ $(ip -6 rule show) == *&quot;from all lookup main suppress_prefixlength 0&quot;* ]]; do<br>
+               while [[ $(ip -6 rule show 2&gt;/dev/null) == *&quot;from all lookup main suppress_prefixlength 0&quot;* ]]; do<br>
                        cmd ip -6 rule delete table main suppress_prefixlength 0<br>
                done<br>
        fi<br>
<br>
</blockquote></div>

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-25  1:06 Error with wg-quick down when IPv6 not present Brassy Panache
2019-09-25  9:25 ` Jason A. Donenfeld
2019-09-25  9:30   ` Brassy Panache

WireGuard Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/wireguard/0 wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ https://lore.kernel.org/wireguard \
		wireguard@lists.zx2c4.com
	public-inbox-index wireguard

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.zx2c4.lists.wireguard


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git