diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2021-05-31 14:41:52 +0200 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2021-06-02 18:31:09 +0200 |
| commit | b50ef4dc456178d6d0bc531936501f12f11c2ea8 (patch) | |
| tree | cf64b8d0626a37300285f82cbc68f070cda60fff | |
| parent | version: bump (diff) | |
| download | wireguard-linux-compat-b50ef4dc456178d6d0bc531936501f12f11c2ea8.tar.xz wireguard-linux-compat-b50ef4dc456178d6d0bc531936501f12f11c2ea8.zip | |
netns: make sure rp_filter is disabled on vethc
Some distros may enable strict rp_filter by default, which will prevent
vethc from receiving the packets with an unroutable reverse path address.
Reported-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| -rwxr-xr-x | src/tests/netns.sh | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/tests/netns.sh b/src/tests/netns.sh index 756e494..5fa01f1 100755 --- a/src/tests/netns.sh +++ b/src/tests/netns.sh @@ -367,6 +367,7 @@ ip1 -6 rule add table main suppress_prefixlength 0 ip1 -4 route add default dev wg0 table 51820 ip1 -4 rule add not fwmark 51820 table 51820 ip1 -4 rule add table main suppress_prefixlength 0 +n1 bash -c 'printf 0 > /proc/sys/net/ipv4/conf/vethc/rp_filter' # suppress_prefixlength only got added in 3.12, and we want to support 3.10+. if [[ $(ip1 -4 rule show all) == *suppress_prefixlength* ]]; then # Flood the pings instead of sending just one, to trigger routing table reference counting bugs. |