Merge pull request #22136 from yuwata/network-wireguard-disable-adding-routes-to-allowed-ips-by-default

network: wireguard: disable adding routes to allowed ips by default
2025-01-26 10:03:40 +03:00 · 2022-01-16 14:04:30 +00:00 · 2022-01-16 14:04:30 +00:00 · aac3efd24c
commit aac3efd24c
parent e8f93a60a2 e135559d80
2 changed files with 11 additions and 17 deletions
--- a/man/systemd.netdev.xml
+++ b/man/systemd.netdev.xml
@ -1575,14 +1575,14 @@
        <term><varname>RouteTable=</varname></term>
        <listitem>
          <para>The table identifier for the routes to the addresses specified in the
-          <varname>AllowedIPs=</varname>. Takes the special value <literal>off</literal>, one of the
-          predefined names <literal>default</literal>, <literal>main</literal>, and
-          <literal>local</literal>, names defined in <varname>RouteTable=</varname> in
+          <varname>AllowedIPs=</varname>. Takes a negative boolean value, one of the predefined names
+          <literal>default</literal>, <literal>main</literal>, and <literal>local</literal>, names
+          defined in <varname>RouteTable=</varname> in
          <citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
          or a number in the range 1…4294967295. When <literal>off</literal> the routes to the
          addresses specified in the <varname>AllowedIPs=</varname> setting will not be configured.
-          Defaults to <literal>main</literal>. This setting will be ignored when the same setting is
-          specified in the [WireGuardPeer] section.</para>
+          Defaults to false. This setting will be ignored when the same setting is specified in the
+          [WireGuardPeer] section.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
@ -1682,9 +1682,9 @@
        <term><varname>RouteTable=</varname></term>
        <listitem>
          <para>The table identifier for the routes to the addresses specified in the
-          <varname>AllowedIPs=</varname>. Takes the special value <literal>off</literal>, one of the
-          predefined names <literal>default</literal>, <literal>main</literal>, and
-          <literal>local</literal>, names defined in <varname>RouteTable=</varname> in
+          <varname>AllowedIPs=</varname>. Takes a negative boolean value, one of the predefined names
+          <literal>default</literal>, <literal>main</literal>, and <literal>local</literal>, names
+          defined in <varname>RouteTable=</varname> in
          <citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
          or a number in the range 1…4294967295. Defaults to unset, and the value specified in the
          same setting in the [WireGuard] section will be used.</para>
--- a/src/network/netdev/wireguard.c
+++ b/src/network/netdev/wireguard.c
@ -895,13 +895,8 @@ int config_parse_wireguard_route_table(
        assert(data);
        assert(userdata);

-        if (isempty(rvalue)) {
-                *table = RT_TABLE_MAIN;
-                return 0;
-        }
-
-        if (streq(rvalue, "off")) {
-                *table = 0;
+        if (isempty(rvalue) || parse_boolean(rvalue) == 0) {
+                *table = 0; /* Disabled. */
                return 0;
        }

@ -952,7 +947,7 @@ int config_parse_wireguard_peer_route_table(
                return 0;
        }

-        if (streq(rvalue, "off")) {
+        if (parse_boolean(rvalue) == 0) {
                peer->route_table = 0; /* Disabled. */
                peer->route_table_set = true;
                TAKE_PTR(peer);
@ -1061,7 +1056,6 @@ static void wireguard_init(NetDev *netdev) {
        assert(w);

        w->flags = WGDEVICE_F_REPLACE_PEERS;
-        w->route_table = RT_TABLE_MAIN;
 }

 static void wireguard_done(NetDev *netdev) {