Wireguard: Reinit wg device at shutdown

1 files changed, 25 insertions, 0 deletions

diff --git a/proto/wireguard/wireguard.c b/proto/wireguard/wireguard.c
index 261c0e6e..16dad4ff 100644
--- a/proto/wireguard/wireguard.c
+++ b/proto/wireguard/wireguard.c
@@ -265,8 +265,15 @@ int get_device(struct wg_proto *p, wg_device **pdev, const char *device_name)
   /* else */
   /*   return wg_get_device(dev, device_name); */
 
+  if (p->dev)
+    {
+      wg_free_device(p->dev);
+      p->dev = NULL;
+    }
+
   wg_device *dev = calloc(1, sizeof(wg_device));
   strncpy(dev->name, device_name, sizeof(dev->name));
+  dev->flags = WGDEVICE_REPLACE_PEERS;
   if (c->private_key)
     {
       dev->flags |= WGDEVICE_HAS_PRIVATE_KEY | WGDEVICE_HAS_PUBLIC_KEY;
@@ -288,6 +295,8 @@ int get_device(struct wg_proto *p, wg_device **pdev, const char *device_name)
 	dev->last_peer->next_peer = peer;
       dev->last_peer = peer;
 
+      peer->flags = WGPEER_REPLACE_ALLOWEDIPS;
+
       if (pc->public_key)
 	{
 	  peer->flags = WGPEER_HAS_PUBLIC_KEY;
@@ -935,6 +944,21 @@ wg_start(struct proto *P)
   return PS_UP;
 }
 
+static int
+wg_shutdown(struct proto *P)
+{
+  struct wg_config *cf =  (struct wg_config*)P->cf;
+  struct wg_proto *p = (struct wg_proto*)P;
+  wg_device *dev = NULL;
+
+  log(L_TRACE "WG: wg_shutdown");
+  if (get_device(p, &p->dev, cf->ifname) >= 0)
+    {
+      int res = set_device(p);
+      log(L_TRACE "WG: flush wg_set_device %d", res);
+    }
+}
+
 static void
 wg_dump(struct proto *P)
 {
@@ -983,6 +1007,7 @@ struct protocol proto_wireguard = {
   .postconfig =		wg_postconfig,
   .init =		wg_init,
   .start =		wg_start,
+  .shutdown =		wg_shutdown,
   .dump = 		wg_dump,
 /*  .multitable =		1,
   .preference =		DEF_PREF_PIPE,