Wireguard: can't remove multiple peers at once.

Mon, 11 Jan 2021 18:28:21 -0800 


Hi.

I have set up multiple peers in a wg0 interface,
and tried to remove more than one peers at once.
Ifconfig(1) only removes the first peer.

Command line was like following.

```
# ifconfig wg0 -wgpeer <keyA> -wgpeer <keyB> -wgpeer <keyC>
```

Only <keyA> was removed.

I think next peer pointer isn't calculated in case of removing peer
in sys/net/if_wg.c: wg_ioctl_set() function.

I have tried following patch that can fix this problem.
Is it OK?

diff --git a/sys/net/if_wg.c b/sys/net/if_wg.c
index c534f966363..c21f883269f 100644
--- a/sys/net/if_wg.c
+++ b/sys/net/if_wg.c
@@ -2270,7 +2270,7 @@ wg_ioctl_set(struct wg_softc *sc, struct wg_data_io *data)
 
                /* Peer must have public key */
                if (!(peer_o.p_flags & WG_PEER_HAS_PUBLIC))
-                       continue;
+                       goto next_peer;
 
                /* 0 = latest protocol, 1 = this protocol */
                if (peer_o.p_protocol_version != 0) {
@@ -2283,7 +2283,7 @@ wg_ioctl_set(struct wg_softc *sc, struct wg_data_io *data)
                /* Get local public and check that peer key doesn't match */
                if (noise_local_keys(&sc->sc_local, public, NULL) == 0 &&
                    bcmp(public, peer_o.p_public, WG_KEY_SIZE) == 0)
-                       continue;
+                       goto next_peer;
 
                /* Lookup peer, or create if it doesn't exist */
                if ((peer = wg_peer_lookup(sc, peer_o.p_public)) == NULL) {
@@ -2291,7 +2291,7 @@ wg_ioctl_set(struct wg_softc *sc, struct wg_data_io *data)
                         * Also, don't create a new one if we only want to
                         * update. */
                        if (peer_o.p_flags & (WG_PEER_REMOVE|WG_PEER_UPDATE))
-                               continue;
+                               goto next_peer;
 
                        if ((peer = wg_peer_create(sc,
                            peer_o.p_public)) == NULL) {
@@ -2303,7 +2303,7 @@ wg_ioctl_set(struct wg_softc *sc, struct wg_data_io *data)
                /* Remove peer and continue if specified */
                if (peer_o.p_flags & WG_PEER_REMOVE) {
                        wg_peer_destroy(peer);
-                       continue;
+                       goto next_peer;
                }
 
                if (peer_o.p_flags & WG_PEER_HAS_ENDPOINT)
@@ -2333,6 +2333,11 @@ wg_ioctl_set(struct wg_softc *sc, struct wg_data_io 
*data)
                }
 
                peer_p = (struct wg_peer_io *)aip_p;
+               continue;
+       next_peer:
+               aip_p = &peer_p->p_aips[0];
+               aip_p += peer_o.p_aips_count;
+               peer_p = (struct wg_peer_io *)aip_p;
        }
 
 error:

—
Yuichiro NAITO
naito.yuich...@gmail.com

Reply via email to