From: Yu Watanabe Date: Sun, 16 Jan 2022 06:53:13 +0000 (+0900) Subject: network: wireguard: do not add routes to AllowedIPs= by default X-Git-Tag: v251-rc1~524^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cfe1237f3859c0cb19b98a47870f49942d5537d9;p=thirdparty%2Fsystemd.git network: wireguard: do not add routes to AllowedIPs= by default As setting such routes may break existing setups. Closes #21964. --- diff --git a/man/systemd.netdev.xml b/man/systemd.netdev.xml index 7d5c0ac7299..051c45c7485 100644 --- a/man/systemd.netdev.xml +++ b/man/systemd.netdev.xml @@ -1581,7 +1581,7 @@ networkd.conf5, or a number in the range 1…4294967295. When off the routes to the addresses specified in the AllowedIPs= setting will not be configured. - Defaults to main. This setting will be ignored when the same setting is + Defaults to off. This setting will be ignored when the same setting is specified in the [WireGuardPeer] section. diff --git a/src/network/netdev/wireguard.c b/src/network/netdev/wireguard.c index af91dc62576..2b26a92f5d9 100644 --- a/src/network/netdev/wireguard.c +++ b/src/network/netdev/wireguard.c @@ -895,13 +895,8 @@ int config_parse_wireguard_route_table( assert(data); assert(userdata); - if (isempty(rvalue)) { - *table = RT_TABLE_MAIN; - return 0; - } - - if (streq(rvalue, "off")) { - *table = 0; + if (isempty(rvalue) || streq(rvalue, "off")) { + *table = 0; /* Disabled. */ return 0; } @@ -1061,7 +1056,6 @@ static void wireguard_init(NetDev *netdev) { assert(w); w->flags = WGDEVICE_F_REPLACE_PEERS; - w->route_table = RT_TABLE_MAIN; } static void wireguard_done(NetDev *netdev) {