[OpenWrt-Devel] [PATCH] wireguard: do not add host-dependencies if fwmark is set

Daniel Golle daniel at makrotopia.org
Wed Mar 20 09:09:22 EDT 2019


On Wed, Mar 20, 2019 at 04:31:25PM +0800, Yousong Zhou wrote:
> On Tue, 19 Mar 2019 at 23:53, Daniel Golle <daniel at makrotopia.org> wrote:
> >
> > The 'fwmark' option is used to define routing traffic to
> > wireguard endpoints to go through specific routing tables.
> > In that case it doesn't make sense to setup routes for
> > host-dependencies in the 'main' table, so skip setting host
> > dependencies if 'fwmark' is set.
> >
> > Signed-off-by: Daniel Golle <daniel at makrotopia.org>
> 
> I would suggest keeping the host route there.  The direct effect of
> fwmark option is that traffic generated by wireguard will have that
> mark.  The actual rules and routes will need to be setup by userspace.
> If I understand it correctly, it's mainly for using wireguard as the
> default route while not colliding with existing local lan routes and
> dhcp processes (supress_prefixlength 0).  It fits in quite well across
> different network managers.  OpenWrt has its own way of managing rules
> and routes and does not depend on wg-quick script.  So in this context
> I think the host dependency route fits specifically well in OpenWrt
> environment ;)

So maybe we can add an explicit option 'nohostroute' instead of making
it depend on 'fwmark'?
Currently I'm locally patching OpenWrt's wireguard scripts, because
setting those host-routes in the 'main' routing table creates black-
holes in my setup (due to firewalling).


Cheers


Daniel
> 
> Regards,
>                 yousong
> 
> > ---
> >  .../network/services/wireguard/files/wireguard.sh  | 14 ++++++++------
> >  1 file changed, 8 insertions(+), 6 deletions(-)
> >
> > diff --git a/package/network/services/wireguard/files/wireguard.sh b/package/network/services/wireguard/files/wireguard.sh
> > index 96fa7215ff..58e47f9450 100644
> > --- a/package/network/services/wireguard/files/wireguard.sh
> > +++ b/package/network/services/wireguard/files/wireguard.sh
> > @@ -176,12 +176,14 @@ proto_wireguard_setup() {
> >    done
> >
> >    # endpoint dependency
> > -  wg show "${config}" endpoints | \
> > -    sed -E 's/\[?([0-9.:a-f]+)\]?:([0-9]+)/\1 \2/' | \
> > -    while IFS=$'\t ' read -r key address port; do
> > -    [ -n "${port}" ] || continue
> > -    proto_add_host_dependency "${config}" "${address}"
> > -  done
> > +  if [ ! "${fwmark}" ]; then
> > +    wg show "${config}" endpoints | \
> > +      sed -E 's/\[?([0-9.:a-f]+)\]?:([0-9]+)/\1 \2/' | \
> > +      while IFS=$'\t ' read -r key address port; do
> > +      [ -n "${port}" ] || continue
> > +      proto_add_host_dependency "${config}" "${address}"
> > +    done
> > +  fi
> >
> >    proto_send_update "${config}"
> >  }
> > --
> > 2.21.0
> >
> >
> > _______________________________________________
> > openwrt-devel mailing list
> > openwrt-devel at lists.openwrt.org
> > https://lists.openwrt.org/mailman/listinfo/openwrt-devel

_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list