[prev in list] [next in list] [prev in thread] [next in thread]
List: wireguard
Subject: [PATCH] wg-quick: linux: fix sysctl inside a docker container
From: Dashamir Hoxha <dashohoxha () gmail ! com>
Date: 2020-10-15 14:00:56
Message-ID: CAMucfLxvG08p=Z+gR=YjePf1C40y9UiwgzHWgEwxp7jH5Ghviw () mail ! gmail ! com
[Download RAW message or body]
In Docker containers you cannot run `sysctl`. So, it is not possible to set
`sysctl -q net.ipv4.conf.all.src_valid_mark=1` from inside the container.
However you can set it when creating the container, with the Docker option:
`--sysctl net.ipv4.conf.all.src_valid_mark=1`
This patch checks first if `net.ipv4.conf.all.src_valid_mark` is already set,
before trying to set it. Otherwise `sysctl` will fail in a docker container,
and `wg-quick` will fail to start the interface.
["0001-wg-quick-linux-fix-sysctl-inside-a-docker-container.patch" (text/x-patch)]
From bb1e5da4dea2570f209ed461ff9cab4c5328df2a Mon Sep 17 00:00:00 2001
From: Dashamir Hoxha <dashohoxha@gmail.com>
Date: Thu, 15 Oct 2020 15:24:15 +0200
Subject: [PATCH] wg-quick: linux: fix sysctl inside a docker container
Signed-off-by: Dashamir Hoxha <dashohoxha@gmail.com>
---
src/wg-quick/linux.bash | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/wg-quick/linux.bash b/src/wg-quick/linux.bash
index e4d4c4f..44f79f1 100755
--- a/src/wg-quick/linux.bash
+++ b/src/wg-quick/linux.bash
@@ -237,7 +237,9 @@ add_default() {
printf -v restore '%sCOMMIT\n*mangle\n-I POSTROUTING -m mark --mark %d -p udp -j \
CONNMARK --save-mark %s\n-I PREROUTING -p udp -j CONNMARK --restore-mark \
%s\nCOMMIT\n' "$restore" $table "$marker" "$marker" printf -v nftcmd '%sadd rule %s \
%s postmangle meta l4proto udp mark %d ct mark set mark \n' "$nftcmd" "$pf" \
"$nftable" $table printf -v nftcmd '%sadd rule %s %s premangle meta l4proto udp meta \
mark set ct mark \n' "$nftcmd" "$pf" "$nftable"
- [[ $proto == -4 ]] && cmd sysctl -q net.ipv4.conf.all.src_valid_mark=1
+ if [[ $proto == -4 && $(sysctl -n net.ipv4.conf.all.src_valid_mark) == '0' ]]; then
+ cmd sysctl -q net.ipv4.conf.all.src_valid_mark=1
+ fi
if type -p nft >/dev/null; then
cmd nft -f <(echo -n "$nftcmd")
else
--
2.25.1
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic