summaryrefslogtreecommitdiffstats
path: root/src/plugins/wireguard
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/wireguard')
-rw-r--r--src/plugins/wireguard/wireguard_if.c8
-rw-r--r--src/plugins/wireguard/wireguard_peer.h2
2 files changed, 9 insertions, 1 deletions
diff --git a/src/plugins/wireguard/wireguard_if.c b/src/plugins/wireguard/wireguard_if.c
index ab37d086492..fd123471a8c 100644
--- a/src/plugins/wireguard/wireguard_if.c
+++ b/src/plugins/wireguard/wireguard_if.c
@@ -153,6 +153,14 @@ wg_if_update_adj (vnet_main_t * vnm, u32 sw_if_index, adj_index_t ai)
{
index_t wgii;
+ /* Convert any neighbour adjacency that has a next-hop reachable through
+ * the wg interface into a midchain. This is to avoid sending ARP/ND to
+ * resolve the next-hop address via the wg interface. Then, if one of the
+ * peers has matching prefix among allowed prefixes, the midchain will be
+ * updated to the corresponding one.
+ */
+ adj_nbr_midchain_update_rewrite (ai, NULL, NULL, ADJ_FLAG_NONE, NULL);
+
wgii = wg_if_find_by_sw_if_index (sw_if_index);
wg_if_peer_walk (wg_if_get (wgii), wg_peer_if_adj_change, &ai);
}
diff --git a/src/plugins/wireguard/wireguard_peer.h b/src/plugins/wireguard/wireguard_peer.h
index f3d80fbf9fe..a14f2692b1c 100644
--- a/src/plugins/wireguard/wireguard_peer.h
+++ b/src/plugins/wireguard/wireguard_peer.h
@@ -166,7 +166,7 @@ wg_peer_get (index_t peeri)
static inline index_t
wg_peer_get_by_adj_index (index_t ai)
{
- if (ai > vec_len (wg_peer_by_adj_index))
+ if (ai >= vec_len (wg_peer_by_adj_index))
return INDEX_INVALID;
return (wg_peer_by_adj_index[ai]);
}