From 88729f06bd48a6a098ef77c5abd4d2146b470d98 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Mon, 25 Jun 2018 05:43:16 +0200
Subject: wg-quick: android: prevent outgoing handshake packets from being
 dropped

---
 src/tools/wg-quick/android.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/tools/wg-quick/android.c')

diff --git a/src/tools/wg-quick/android.c b/src/tools/wg-quick/android.c
index 66e5b3f..b2ca814 100644
--- a/src/tools/wg-quick/android.c
+++ b/src/tools/wg-quick/android.c
@@ -258,6 +258,8 @@ static void del_if(const char *iface)
 
 	xregcomp(&reg, regex, REG_EXTENDED);
 
+	cmd("iptables -D OUTPUT -m mark --mark 0x20000 -j ACCEPT -m comment --comment \"wireguard rule %s\"", iface);
+	cmd("ip6tables -D OUTPUT -m mark --mark 0x20000 -j ACCEPT -m comment --comment \"wireguard rule %s\"", iface);
 	cmd("ip link del %s", iface);
 	for (char *ret = cmd_ret(&c, "ip rule show"); ret; ret = cmd_ret(&c, NULL)) {
 		if (!regexec(&reg, ret, ARRAY_SIZE(matches), matches, 0)) {
@@ -279,6 +281,8 @@ static void up_if(unsigned int *netid, const char *iface)
 		*netid = random() & 0xfffe;
 
 	cmd("wg set %s fwmark 0x20000", iface);
+	cmd("iptables -I OUTPUT 1 -m mark --mark 0x20000 -j ACCEPT -m comment --comment \"wireguard rule %s\"", iface);
+	cmd("ip6tables -I OUTPUT 1 -m mark --mark 0x20000 -j ACCEPT -m comment --comment \"wireguard rule %s\"", iface);
 	cndc("interface setcfg %s up", iface);
 	cndc("network create %u vpn 1 1", *netid);
 	cndc("network interface add %u %s", *netid, iface);
-- 
cgit v1.2.3-59-g8ed1b