diff options
| author | Luca Boccassi <luca.boccassi@microsoft.com> | 2022-01-16 14:04:30 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-16 14:04:30 +0000 |
| commit | aac3efd24caf2510a316b8310c4a57e3bc196504 (patch) | |
| tree | 651a455edf556001db50c5af321da0f2f10db5f0 | |
| parent | e8f93a60a29de9f6ff7d150d3e828910f32c190b (diff) | |
| parent | e135559d805e749a0a1f8d1396cf71f6edd94831 (diff) | |
| download | systemd-aac3efd24caf2510a316b8310c4a57e3bc196504.tar.gz | |
Merge pull request #22136 from yuwata/network-wireguard-disable-adding-routes-to-allowed-ips-by-default
network: wireguard: disable adding routes to allowed ips by default
| -rw-r--r-- | man/systemd.netdev.xml | 16 | ||||
| -rw-r--r-- | src/network/netdev/wireguard.c | 12 |
2 files changed, 11 insertions, 17 deletions
diff --git a/man/systemd.netdev.xml b/man/systemd.netdev.xml index 7d5c0ac729..ee5b61a068 100644 --- a/man/systemd.netdev.xml +++ b/man/systemd.netdev.xml @@ -1575,14 +1575,14 @@ <term><varname>RouteTable=</varname></term> <listitem> <para>The table identifier for the routes to the addresses specified in the - <varname>AllowedIPs=</varname>. Takes the special value <literal>off</literal>, one of the - predefined names <literal>default</literal>, <literal>main</literal>, and - <literal>local</literal>, names defined in <varname>RouteTable=</varname> in + <varname>AllowedIPs=</varname>. Takes a negative boolean value, one of the predefined names + <literal>default</literal>, <literal>main</literal>, and <literal>local</literal>, names + defined in <varname>RouteTable=</varname> in <citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>, or a number in the range 1…4294967295. When <literal>off</literal> the routes to the addresses specified in the <varname>AllowedIPs=</varname> setting will not be configured. - Defaults to <literal>main</literal>. This setting will be ignored when the same setting is - specified in the [WireGuardPeer] section.</para> + Defaults to false. This setting will be ignored when the same setting is specified in the + [WireGuardPeer] section.</para> </listitem> </varlistentry> <varlistentry> @@ -1682,9 +1682,9 @@ <term><varname>RouteTable=</varname></term> <listitem> <para>The table identifier for the routes to the addresses specified in the - <varname>AllowedIPs=</varname>. Takes the special value <literal>off</literal>, one of the - predefined names <literal>default</literal>, <literal>main</literal>, and - <literal>local</literal>, names defined in <varname>RouteTable=</varname> in + <varname>AllowedIPs=</varname>. Takes a negative boolean value, one of the predefined names + <literal>default</literal>, <literal>main</literal>, and <literal>local</literal>, names + defined in <varname>RouteTable=</varname> in <citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>, or a number in the range 1…4294967295. Defaults to unset, and the value specified in the same setting in the [WireGuard] section will be used.</para> diff --git a/src/network/netdev/wireguard.c b/src/network/netdev/wireguard.c index af91dc6257..88f668753a 100644 --- a/src/network/netdev/wireguard.c +++ b/src/network/netdev/wireguard.c @@ -895,13 +895,8 @@ int config_parse_wireguard_route_table( assert(data); assert(userdata); - if (isempty(rvalue)) { - *table = RT_TABLE_MAIN; - return 0; - } - - if (streq(rvalue, "off")) { - *table = 0; + if (isempty(rvalue) || parse_boolean(rvalue) == 0) { + *table = 0; /* Disabled. */ return 0; } @@ -952,7 +947,7 @@ int config_parse_wireguard_peer_route_table( return 0; } - if (streq(rvalue, "off")) { + if (parse_boolean(rvalue) == 0) { peer->route_table = 0; /* Disabled. */ peer->route_table_set = true; TAKE_PTR(peer); @@ -1061,7 +1056,6 @@ static void wireguard_init(NetDev *netdev) { assert(w); w->flags = WGDEVICE_F_REPLACE_PEERS; - w->route_table = RT_TABLE_MAIN; } static void wireguard_done(NetDev *netdev) { |