FreeBSD if_wg POINTTOPOINT and MULTICAST behaviour
stefan.haller at stha.de
Wed Apr 14 18:43:37 UTC 2021
Today I tried switching to the if_wg kernel module. I observed that the
behaviour of the tunnel interface was changed to drop the POINTTOPOINT
and MULTICAST flags (8801509656e9).
For some reason the bird2 routing daemon is not picking up my interface
if there is only a /32 address configured and I manually add host routes
over the wg interface. This broke my wireguard mesh setup and I wanted
to find out ways to get it back into a working state.
Luckily, a look into the git history showed up change 0adab0e961c6e that
I find really useful (and also quite smart). I can simply say `ifconfig
wg0 link1` to get the POINTTOPOINT behaviour back.
Unfortunately, most routing protocols seem to rely on multicast traffic
(e.g. OSPF, Babel, at least with default settings). bird2 will not pick
up my interface, because the MULTICAST flag is missing.
I tested a simple change that you can also find at the end of this email. The
link1 flag will not only toggle the POINTTOPOINT flag, but additionally also
toggles the MULTICAST flag. I am not really experienced with kernel and network
stack code, but to me it makes sense to mark the interface as multicast capable
in a peer-to-peer setting (if you use this, you will most likely set AllowedIPs
to 0.0.0.0/0, ::/0 anyway). Is such a change sensible?
I tested the change for my specific use case and everything seems to be working
again (without broader changes to the configuration otherwise necessary).
I do not want to imply that the current behaviour is wrong, because I
simply don't know much about the topic. If someone else is using dynamic
routing protocols over p2p wireguard tunnels successfully, I appreciate
pointers into the right direction :)
diff --git a/src/if_wg.c b/src/if_wg.c
index ca54476..414a641 100644
@@ -2910,9 +2910,9 @@ wg_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
if ((ifp->if_flags & IFF_LINK0) || !(ifp->if_flags & IFF_LINK1))
- ifp->if_flags &= ~IFF_POINTOPOINT;
+ ifp->if_flags &= ~IFF_POINTOPOINT & ~IFF_MULTICAST;
else if (ifp->if_flags & IFF_LINK1)
- ifp->if_flags |= IFF_POINTOPOINT;
+ ifp->if_flags |= IFF_POINTOPOINT | IFF_MULTICAST;
ifp->if_flags &= ~(IFF_LINK0 | IFF_LINK1 | IFF_LINK2);
if (ifp->if_flags & IFF_UP)
More information about the WireGuard