[PATCH] wireguard: Make IPv6 addrs available for automatic prefix assignment
dxld at darkboxed.org
dxld at darkboxed.org
Mon Jul 27 18:38:02 EDT 2020
From: Daniel Gröber <dxld at darkboxed.org>
Currently when assigning IPv6 addresses with large prefixes to a wireguard
interface, like
config interface 'wg'
option proto 'wireguard'
list addresses 'fd::/48'
and having, say, a LAN interface such as
config interface 'lan'
option proto 'static'
option ip6assign '60'
as is default the interface does not automatically receive the wg
interface's prefix.
For this to happen the proto needs to use proto_add_ipv6_prefix to register
the fact that a prefix is available for assignment which is simple enough.
Note that the addresses configured here usually include a non-zero host
part but currently netifd handles this poorly when more than one interface
should receive a sub-prefix. I'm including another one-line patch in
netifd's patches/ dir for your testing convinence.
---
This applies cleanly on both master and the 19.07 branch so I hope
this can be applied there too.
Also I'm not sure if I should send just the netifd patch to the list
too?
...malise-prefix-address-using-netmask-.patch | 48 +++++++++++++++++++
.../utils/wireguard-tools/files/wireguard.sh | 1 +
2 files changed, 49 insertions(+)
create mode 100644 package/network/config/netifd/patches/0001-interface-ip-Normalise-prefix-address-using-netmask-.patch
diff --git a/package/network/config/netifd/patches/0001-interface-ip-Normalise-prefix-address-using-netmask-.patch b/package/network/config/netifd/patches/0001-interface-ip-Normalise-prefix-address-using-netmask-.patch
new file mode 100644
index 0000000000..bc599ee9ea
--- /dev/null
+++ b/package/network/config/netifd/patches/0001-interface-ip-Normalise-prefix-address-using-netmask-.patch
@@ -0,0 +1,48 @@
+From 280d0b713cce731bc4516b16184c0b4c5af005d8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20Gr=C3=B6ber?= <dxld at darkboxed.org>
+Date: Mon, 27 Jul 2020 22:52:28 +0200
+Subject: [PATCH] interface-ip: Normalise prefix address using netmask before
+ using it
+
+When a proto registers a prefix with an address which has bits outside the
+netmask set this confuses the prefix-assignment code further down the line.
+
+For example if we have an interface with
+
+ option ip6prefix fdff:ffff:ffff:ffff::1/48
+
+and a couple with
+
+ option ip6assign 64
+
+then all these interfaces will be assigned fdff:ffff:ffff:ffff::1/64 which
+is obviously wrong, they should at least have unique prefixes.
+
+What is happening here is that we simply OR the calculated assignment part
+into the address in interface_set_prefix_address:961, like so:
+
+ addr.addr.in6.s6_addr32[1] |= htonl(assignment->assigned);
+
+but we never masked the host address bits out of the address after parsing
+it using inet_pton. To fix this we simply mask away the host bits in the
+address before using it.
+---
+ interface-ip.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/interface-ip.c b/interface-ip.c
+index 2e46f14..5cad5f7 100644
+--- a/interface-ip.c
++++ b/interface-ip.c
+@@ -1284,6 +1284,8 @@ interface_ip_add_device_prefix(struct interface *iface, struct in6_addr *addr,
+ prefix->iface = iface;
+ INIT_LIST_HEAD(&prefix->assignments);
+
++ clear_if_addr((union if_addr *)&prefix->addr, prefix->length);
++
+ if (excl_addr) {
+ prefix->excl_addr = *excl_addr;
+ prefix->excl_length = excl_length;
+--
+2.20.1
+
diff --git a/package/network/utils/wireguard-tools/files/wireguard.sh b/package/network/utils/wireguard-tools/files/wireguard.sh
index ccac34e45f..d977c2ba45 100644
--- a/package/network/utils/wireguard-tools/files/wireguard.sh
+++ b/package/network/utils/wireguard-tools/files/wireguard.sh
@@ -150,6 +150,7 @@ proto_wireguard_setup() {
case "${address}" in
*:*/*)
proto_add_ipv6_address "${address%%/*}" "${address##*/}"
+ proto_add_ipv6_prefix "${address}"
;;
*.*/*)
proto_add_ipv4_address "${address%%/*}" "${address##*/}"
--
2.20.1
More information about the openwrt-devel
mailing list