[PATCH] wg-quick: replace ip route add with ip route append
Til Kaiser
mail at tk154.de
Wed Jan 17 21:03:05 UTC 2024
Adding a WireGuard interface with an IPv6 link-local address
isn't possible when there is a route for another interface
with the same IPv6 prefix length on the system, assuming that
the "ip route add" command chooses the same metric value.
The Manpage of ip-route states: "With IPv6, further nexthops
may be appended to the same route via 'ip route append' command."
So this patch replaces all occurrences of "ip route add"
with "ip route append."
Steps to reproduce:
$ ip link add ip6-test-if type dummy
$ ip address add fe80::2/64 dev ip6-test-if
$ ip link set ip6-test-if up
$ ip -6 route flush dev ip6-test-if
$ ip -6 route add fe80::/64 dev ip6-test-if
$ wg-quick up ip6-test-wg
[#] ip link add ip6-test-wg type wireguard
[#] wg setconf ip6-test-wg /dev/fd/63
[#] ip -6 address add fe80::3/128 dev ip6-test-wg
[#] ip link set mtu 1420 up dev ip6-test-wg
[#] ip -6 route add fe80::/64 dev ip6-test-wg
RTNETLINK answers: File exists
[#] ip link delete dev ip6-test-wg
/etc/wireguard/ip6-test-wg.conf:
[Interface]
Address = fe80::3/128
...
[Peer]
AllowedIPs = fe80::/64
...
Signed-off-by: Til Kaiser <mail at tk154.de>
---
src/wg-quick/linux.bash | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/wg-quick/linux.bash b/src/wg-quick/linux.bash
index 4193ce5..f324762 100755
--- a/src/wg-quick/linux.bash
+++ b/src/wg-quick/linux.bash
@@ -170,11 +170,11 @@ add_route() {
[[ $TABLE != off ]] || return 0
if [[ -n $TABLE && $TABLE != auto ]]; then
- cmd ip $proto route add "$1" dev "$INTERFACE" table "$TABLE"
+ cmd ip $proto route append "$1" dev "$INTERFACE" table "$TABLE"
elif [[ $1 == */0 ]]; then
add_default "$1"
else
- [[ -n $(ip $proto route show dev "$INTERFACE" match "$1" 2>/dev/null) ]] || cmd ip $proto route add "$1" dev "$INTERFACE"
+ [[ -n $(ip $proto route show dev "$INTERFACE" match "$1" 2>/dev/null) ]] || cmd ip $proto route append "$1" dev "$INTERFACE"
fi
}
@@ -222,7 +222,7 @@ add_default() {
[[ $1 == *:* ]] && proto=-6 iptables=ip6tables pf=ip6
cmd ip $proto rule add not fwmark $table table $table
cmd ip $proto rule add table main suppress_prefixlength 0
- cmd ip $proto route add "$1" dev "$INTERFACE" table $table
+ cmd ip $proto route append "$1" dev "$INTERFACE" table $table
local marker="-m comment --comment \"wg-quick(8) rule for $INTERFACE\"" restore=$'*raw\n' nftable="wg-quick-$INTERFACE" nftcmd
printf -v nftcmd '%sadd table %s %s\n' "$nftcmd" "$pf" "$nftable"
--
2.40.1
More information about the WireGuard
mailing list