On 2016-12-18 21:14, Jason A. Donenfeld wrote:
> Hey Dan,
>
> The route_allowed_ips directive is not precise enough. I'm CCing Jorg,
> the NixOS maintainer, because this same concern probably applies to
> the Nix logic.
>
> Your code is:
>
> if [ ${route_allowed_ips} -ne 0 ]; then
> for allowed_ip in ${allowed_ips}; do
> case "${allowed_ip}" in
> *:*/*)
> proto_add_ipv6_route "${allowed_ip%%/*}" "${allowed_ip##*/}"
> ;;
> */*)
> proto_add_ipv4_route "${allowed_ip%%/*}" "${allowed_ip##*/}"
> ;;
> esac
> done
> fi
>
> The way it should be done is described in wg-config:
>
> https://git.zx2c4.com/WireGuard/tree/contrib/examples/wg-config/wg-config#n130
>
> if [[ $AUTO_ROUTE -eq 1 ]]; then
> for i in $(wg show "$INTERFACE" allowed-ips | cut -f 2 | tr -d ,); do
> if ! add_default "$i" && [[ $(ip route get "$i") != *dev\
> $INTERFACE\ * ]]; then
> add_route "$i"
> fi
> done
> fi
>
> The add_default thing just accounts for dealing with 0/1 128/1, which
> you can ignore, since openwrt has the dependency mechanism. But the
> important thing is that I run `ip route get` for each one, and only
> add a route if necessary.
Should no the output first sorted from the shortest subnet prefix to the
longest?
What do you mean be precise? Is there a bug in the other logic apart from
probably unnecessary routes?
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
