FreeBSD if_wg POINTTOPOINT and MULTICAST behaviour

Toke Høiland-Jørgensen toke at toke.dk
Wed Apr 14 22:14:04 UTC 2021 

Stefan Haller <stefan.haller at stha.de> writes:

> Hi Jason,
>
> Thanks for your clarification. I understand that setting this flag would
> be a false promise to userspace, because generally Wireguard is
> point-to-multipoint and doesn't copy messages to multiple peers (which
> is not exactly necessary in my case, where only a single peer is
> configured on both sides).
>
> I just wanted to ensure that the introduced change was intentional
> before looking into other directions, hence my question.
>
> On Wed, Apr 14, 2021 at 02:24:20PM -0600, Jason A. Donenfeld wrote:
>> Does bird completely ignore interfaces without it? Is there no setting
>> to change that?
>
> At least a brief look at the code suggests this: [1]
>
> The Babel protocol seems to rely on well-known *link-local* IPv6
> multicast addresses. I did not find anything related to unicast "hello"
> messages in the RFC or in the implementations. (OSPF is similar, but
> as far as I remember unicast hellos are explicitly allowed.)
>
> One odd thing I noticed: On Linux (5.11.13-arch1-1, so quite recent),
> the interface does not list the MULTICAST flag and the interface is
> still used by bird:
>
> # ip l show dev wg1
> 4: wg1: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1400 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
>
> I will have a closer look why it doesn't work on FreeBSD but the same thing
> works on Linux. I am probably missing something important.

That's because the babel protocol code is checking for Bird's internal
MULTICAST flag, which is set like:

  else if (fl & IFF_POINTOPOINT)    /* PtP */
    f.flags |= IF_MULTICAST;
  else if (fl & IFF_BROADCAST)      /* Broadcast */
    f.flags |= IF_MULTIACCESS | IF_BROADCAST | IF_MULTICAST;

so it needs either the OS-level POINTOPOINT or the BROADCAST flag set.
Wireguard interfaces on Linux has POINTOPOINT which is enough for Bird.

And yeah, for now Babel only speaks multicast; the spec does allow for
unicast communication, but the code in Bird doesn't implement that yet
(I'm the author of the Babel implementation in Bird). Even for unicast,
Babel still needs multicast for discovery, but in the case of Wireguard
that could be replaced by reading the peers directly from the Wireguard
kernel module. Add in updating of Wireguard AllowedIPs, and presto,
there's you completely dynamic mesh requiring only a single wg interface
on each peer :)

Quite happy to review Bird patches if someone wants to hack on this,
BTW, but otherwise it's on my "eventually" list :P

-Toke

More information about the WireGuard mailing list