diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2018-06-25 05:43:16 +0200 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2018-06-25 16:15:35 +0200 |
| commit | 88729f06bd48a6a098ef77c5abd4d2146b470d98 (patch) | |
| tree | b9aa29d895d8866d1f7d62110fd2855df7bcb9c7 | |
| parent | compat: more robust ktime backport (diff) | |
| download | wireguard-monolithic-historical-88729f06bd48a6a098ef77c5abd4d2146b470d98.tar.xz wireguard-monolithic-historical-88729f06bd48a6a098ef77c5abd4d2146b470d98.zip | |
wg-quick: android: prevent outgoing handshake packets from being dropped
| -rw-r--r-- | src/tools/wg-quick/android.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/tools/wg-quick/android.c b/src/tools/wg-quick/android.c index 66e5b3f..b2ca814 100644 --- a/src/tools/wg-quick/android.c +++ b/src/tools/wg-quick/android.c @@ -258,6 +258,8 @@ static void del_if(const char *iface) xregcomp(®, regex, REG_EXTENDED); + cmd("iptables -D OUTPUT -m mark --mark 0x20000 -j ACCEPT -m comment --comment \"wireguard rule %s\"", iface); + cmd("ip6tables -D OUTPUT -m mark --mark 0x20000 -j ACCEPT -m comment --comment \"wireguard rule %s\"", iface); cmd("ip link del %s", iface); for (char *ret = cmd_ret(&c, "ip rule show"); ret; ret = cmd_ret(&c, NULL)) { if (!regexec(®, ret, ARRAY_SIZE(matches), matches, 0)) { @@ -279,6 +281,8 @@ static void up_if(unsigned int *netid, const char *iface) *netid = random() & 0xfffe; cmd("wg set %s fwmark 0x20000", iface); + cmd("iptables -I OUTPUT 1 -m mark --mark 0x20000 -j ACCEPT -m comment --comment \"wireguard rule %s\"", iface); + cmd("ip6tables -I OUTPUT 1 -m mark --mark 0x20000 -j ACCEPT -m comment --comment \"wireguard rule %s\"", iface); cndc("interface setcfg %s up", iface); cndc("network create %u vpn 1 1", *netid); cndc("network interface add %u %s", *netid, iface); |