openwrt route_allowed_ips is inprecise
Dan Lüdtke
mail at danrl.com
Tue Dec 20 09:52:04 CET 2016
Regarding the initial preciseness issue, have you tested that on LEDE? I can't manage to get duplicate routes. However, outdated testing environment. Will rebuild and test again. I can't quite understand what the initial issue was. Wouldn't you get a "rtnetlink: file exists" when you try to add an route that already exists?
This also can only occur if someone uses static routes AND decides to use route_allowed_ips, right?
>> This is pretty straightforward with netlink
>
> No, it's much less straight-forward with raw netlink. Raw netlink
> involves hundreds of lines of code to do anything at all. A real mess.
> Fortunately there are wrapper libraries you can use from various
> languages to make it easier.
True. I was referring to the auto-route option I read on LKML a while ago. Of course, when done from userspace, netlink is not the ideal way.
>
>> Regarding LEDE, netifd should track the routes being added and the extra routes do not really do harm.
>
> Alright then...
>
> Speaking of netifd, did you ever fix that netifd issue with the IP dependency?
I am on it. First version did add dependency for both protocols if the endpoint name had A and AAAA records. However, I find it cleaner to check which endpoint wg chose to use and only add that IP address as an depedency. Patch/PR comes when I am satisfied with stability.
More information about the WireGuard
mailing list