network/wireguard: make AllowedIPs= cleared by specifying an empty string

diff --git a/src/network/netdev/wireguard.c b/src/network/netdev/wireguard.c
index 51e7e0299011d43a76614ff671bba2cf77c71b47..ffc6452bbfedc1d7a9dbe3d265978c491a6e9643 100644 (file)
--- a/src/network/netdev/wireguard.c
+++ b/src/network/netdev/wireguard.c
@@ -34,9 +34,18 @@
 static void wireguard_resolve_endpoints(NetDev *netdev);
 static int peer_resolve_endpoint(WireguardPeer *peer);
 
-static WireguardPeer* wireguard_peer_free(WireguardPeer *peer) {
+static void wireguard_peer_clear_ipmasks(WireguardPeer *peer) {
         WireguardIPmask *mask;
 
+        assert(peer);
+
+        while ((mask = peer->ipmasks)) {
+                LIST_REMOVE(ipmasks, peer->ipmasks, mask);
+                free(mask);
+        }
+}
+
+static WireguardPeer* wireguard_peer_free(WireguardPeer *peer) {
         if (!peer)
                 return NULL;
 
@@ -49,10 +58,7 @@ static WireguardPeer* wireguard_peer_free(WireguardPeer *peer) {
 
         config_section_free(peer->section);
 
-        while ((mask = peer->ipmasks)) {
-                LIST_REMOVE(ipmasks, peer->ipmasks, mask);
-                free(mask);
-        }
+        wireguard_peer_clear_ipmasks(peer);
 
         free(peer->endpoint_host);
         free(peer->endpoint_port);
@@ -685,6 +691,12 @@ int config_parse_wireguard_allowed_ips(
         if (r < 0)
                 return log_oom();
 
+        if (isempty(rvalue)) {
+                wireguard_peer_clear_ipmasks(peer);
+                TAKE_PTR(peer);
+                return 0;
+        }
+
         for (const char *p = rvalue;;) {
                 _cleanup_free_ char *word = NULL;
                 union in_addr_union masked;