diff options
Diffstat (limited to 'src/plugins/wireguard')
-rw-r--r-- | src/plugins/wireguard/wireguard_if.c | 8 | ||||
-rw-r--r-- | src/plugins/wireguard/wireguard_peer.h | 2 |
2 files changed, 9 insertions, 1 deletions
diff --git a/src/plugins/wireguard/wireguard_if.c b/src/plugins/wireguard/wireguard_if.c index ab37d086492..fd123471a8c 100644 --- a/src/plugins/wireguard/wireguard_if.c +++ b/src/plugins/wireguard/wireguard_if.c @@ -153,6 +153,14 @@ wg_if_update_adj (vnet_main_t * vnm, u32 sw_if_index, adj_index_t ai) { index_t wgii; + /* Convert any neighbour adjacency that has a next-hop reachable through + * the wg interface into a midchain. This is to avoid sending ARP/ND to + * resolve the next-hop address via the wg interface. Then, if one of the + * peers has matching prefix among allowed prefixes, the midchain will be + * updated to the corresponding one. + */ + adj_nbr_midchain_update_rewrite (ai, NULL, NULL, ADJ_FLAG_NONE, NULL); + wgii = wg_if_find_by_sw_if_index (sw_if_index); wg_if_peer_walk (wg_if_get (wgii), wg_peer_if_adj_change, &ai); } diff --git a/src/plugins/wireguard/wireguard_peer.h b/src/plugins/wireguard/wireguard_peer.h index f3d80fbf9fe..a14f2692b1c 100644 --- a/src/plugins/wireguard/wireguard_peer.h +++ b/src/plugins/wireguard/wireguard_peer.h @@ -166,7 +166,7 @@ wg_peer_get (index_t peeri) static inline index_t wg_peer_get_by_adj_index (index_t ai) { - if (ai > vec_len (wg_peer_by_adj_index)) + if (ai >= vec_len (wg_peer_by_adj_index)) return INDEX_INVALID; return (wg_peer_by_adj_index[ai]); } |