@@ -1697,16 +1697,6 @@ int connman_inet_add_network_route(int index, const char *host,
addr.sin_addr.s_addr = inet_addr(host);
memcpy(&rt.rt_dst, &addr, sizeof(rt.rt_dst));
- /*
- * Don't add a routes for link-local or unspecified
- * destination address coupled with unspecified gateway.
- */
- if ((!host || is_addr_ll(AF_INET, (struct sockaddr *)&addr) || __connman_inet_is_any_addr(host, AF_INET))
- && (!gateway || __connman_inet_is_any_addr(gateway, AF_INET))) {
- close(sk);
- return -EINVAL;
- }
-
memset(&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
if (gateway)
@@ -2128,7 +2118,6 @@ int connman_inet_add_ipv6_network_route(int index, const char *host,
const char *gateway,
unsigned char prefix_len)
{
- struct sockaddr_in6 addr;
struct in6_rtmsg rt;
int sk, err = 0;
@@ -2137,19 +2126,6 @@ int connman_inet_add_ipv6_network_route(int index, const char *host,
if (!host)
return -EINVAL;
- if (inet_pton(AF_INET6, host, &addr.sin6_addr) != 1) {
- err = -errno;
- goto out;
- }
-
- /*
- * Don't add a route for link-local or unspecified
- * destination address coupled with unspecified gateway.
- */
- if ((!host || is_addr_ll(AF_INET6, (struct sockaddr *)&addr) || __connman_inet_is_any_addr(host, AF_INET6))
- && (!gateway || __connman_inet_is_any_addr(gateway, AF_INET6)))
- return -EINVAL;
-
memset(&rt, 0, sizeof(rt));
rt.rtmsg_dst_len = prefix_len;
Commit 9eb1772d31b6 ("Don't add route for invalid dst and gateway address combinations”) causes a problem regression in WireGuard support through the connman-vpn agent. I asssume because the wg0 interface matches the definition of "unspecified destination address coupled with unspecified gateway” added. Routing table with commit 9eb1772d31b6 and WireGuard (wg0) active: RPi5:~ # route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 172.16.50.1 0.0.0.0 UG 0 0 0 eth0 1.1.1.1 * 255.255.255.255 UH 0 0 0 wg0 8.8.8.8 * 255.255.255.255 UH 0 0 0 wg0 10.127.0.0 * 255.255.255.0 U 0 0 0 wg0 65.109.130.17 172.16.50.1 255.255.255.255 UGH 0 0 0 eth0 167.299.200.14 172.16.50.1 255.255.255.255 UGH 0 0 0 eth0 172.16.50.0 * 255.255.255.0 U 0 0 0 eth0 172.16.50.1 * 255.255.255.255 UH 0 0 0 eth0 As wg0 does not have the default route “all-traffic" is not routed down the tunnel as defined in "WireGuard.AllowedIPs = 0.0.0.0/0" config. Routing table with commit 9eb1772d31b6 reverted: RPi5:~ # route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default * 0.0.0.0 U 0 0 0 wg0 1.1.1.1 * 255.255.255.255 UH 0 0 0 wg0 8.8.8.8 * 255.255.255.255 UH 0 0 0 wg0 10.127.0.0 * 255.255.255.0 U 0 0 0 wg0 65.109.130.17 172.16.50.1 255.255.255.255 UGH 0 0 0 eth0 167.299.200.14 172.16.50.1 255.255.255.255 UGH 0 0 0 eth0 172.16.50.0 * 255.255.255.0 U 0 0 0 eth0 172.16.50.1 * 255.255.255.255 UH 0 0 0 eth0 WireGuard now correctly reoutes “all-traffic” through the tunnel again. Signed-off-by: Christian Hewitt <christianshewitt@gmail.com> --- This regression was pointed out in [0] shortly after it was merged but it's now 18-months later and distros are still carrying revert patches to make ConnMan + WireGuard usable. I'd prefer to see a fix for the problem, but there's been no sign of anyone taking up that challenge and I lack the skills to do it myself. Let's force the issue by reverting the regression. [0] https://lore.kernel.org/all/73D64378-2195-4669-8B60-39F808190977@nuovations.com/T/ src/inet.c | 24 ------------------------ 1 file changed, 24 deletions(-)