Since wg-quick(8) calls wg(8) which does hostname lookups, we should
probably only run this after we're allowed to look up hostnames.
Reported-by: Anton Castelli <anton.c42@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
FreeBSD adds a route for point-to-point destination addresses. We don't
really want to specify any destination address, but unfortunately we
have to. Before we tried to cheat by giving our own address as the
destination, but this had the unfortunate effect of preventing
loopback from working on our local ip address. We work around this with
yet another kludge: we set the destination address to 127.0.0.1. Since
127.0.0.1 is already assigned to an interface, this has the same effect
of not specifying a destination address, and therefore we accomplish the
intended behavior.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This avoids another ip(8) invocation for little benefit.
Confirmed to work with iproute2 and busybox.
Signed-off-by: Aaron Jones <aaronmdjones@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
An empty allowed IPs is totally valid, for folks wishing to move IP
addresses between multiple peers atomically.
Suggested-by: Comex <comexk@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Netlink returns NLM_F_DUMP_INTR if the set of all tunnels changed
during the dump. That's unfortunate, but is pretty common on busy
systems that are adding and removing tunnels all the time. Rather
than retrying, potentially indefinitely, we just work with the
partial results.
Reported-by: Robert Gerus <ar@is-a.cat>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
We don't actually use any C11 features, so we can at least compile with
ancient gcc.
Reported-by: Aaron M. D. Jones <aaronmdjones@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
It's not used for anything, and LKML doesn't like the type being used as
an index value.
Suggested-by: Eugene Syromiatnikov <esyr@redhat.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Suggested-by: Toke Høiland-Jørgensen <toke@toke.dk>
Suggested-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
The kernel has very specific rules correlating file type with comment
type, and also SPDX identifiers can't be merged with other comments.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This is not useful for WireGuard, but for the general use case we
probably want it this way, and the speed difference is mostly lost in
the noise.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
The only things wg-quick(8) needs from Homebrew are bash(1) and wg(8).
Other than that, it's explicitly coded against the native system
utilities. Since wg-quick(8) and bash(1) are invoked in auto_su by their
full absolute path (via $SELF and $BASH, respectively), we can simply
set the $PATH to be prefixed by the default system binary paths. This
way, if users install tools that conflict with system tools -- such as
GNU coreutils -- we won't accidently call those.
Reported-by: Deirdre Connolly <durumcrustulum@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
It's unclear why it was like this in the first place, but it apparently
broke certain IPv6 setups.
Reported-by: Jonas Blahut <j@die-blahuts.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This eliminates a few style warnings from "mandoc -T lint src/tools/wg*.8".
Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
`ndc users add` eventually invokes SOCK_DESTROY on user sockets, causing
them to reconnect. By delaying this until after routes are set, we
ensure that the sockets reconnect using the tunnel, rather than the old
route.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This works around a race condition in macOS's network daemons, while
also adding one in the form of possibly calling kill -ALRM on a stale
PID; unfortunately bash can't wait from a trap.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>