Skip to content

Commit dc0d196

Browse files
grischegrische
committed
ffmuc-mesh-vpn-wireguard-vxlan: fix IPv6 regex
This fixes and improves IPv6 matching - do not strip trailing "::", for IPs like 2003:a:87f:c37c:: - match IPs with leading "::", like ::1 - match IPs not starting with a digit, like fd62:f45c:4d09:180:22b3:ff:: - match IPs containing a zone identifier ("%"), like fe80::abcd%enp5s0 Follow-up of 5ac2ac9
1 parent 5ac2ac9 commit dc0d196

File tree

1 file changed

+15
-4
lines changed
  • ffmuc-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan

1 file changed

+15
-4
lines changed

ffmuc-mesh-vpn-wireguard-vxlan/files/lib/gluon/gluon-mesh-wireguard-vxlan/checkuplink

+15-4
Original file line numberDiff line numberDiff line change
@@ -76,16 +76,27 @@ if [ "$(uci get wireguard.mesh_vpn.enabled)" = "true" ] || [ "$(uci get wireguar
7676
logger -t checkuplink "Reconnecting ..."
7777
NTP_SERVERS=$(uci get system.ntp.server)
7878
NTP_SERVERS_ADDRS=""
79+
80+
set -o pipefail # Enable pipefail: this script does not fully support pipefail yet, but required below
7981
for NTP_SERVER in $NTP_SERVERS; do
80-
ipv6="$(gluon-wan nslookup "$NTP_SERVER" | grep 'Address:\? [0-9]' | grep -E -o '([a-f0-9:]+:+)+[a-f0-9]+')"
81-
ipv4="$(gluon-wan nslookup "$NTP_SERVER" | grep 'Address:\? [0-9]' | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")"
82+
all_ntp_ips="$(gluon-wan nslookup "$NTP_SERVER" | grep '^Address:\? ' | sed 's/^Address:\? //')"
8283
if ip -6 route show table 1 | grep -q 'default via'
8384
then
84-
NTP_SERVERS_ADDRS="$(for ip in $ipv6; do echo -n "-p $ip "; done) ${NTP_SERVERS_ADDRS}"
85+
# We need to match a few special cases for IPv6 here:
86+
# - IPs with trailing "::", like 2003:a:87f:c37c::
87+
# - IPs with leading "::", like ::1
88+
# - IPs not starting with a digit, like fd62:f45c:4d09:180:22b3:ff::
89+
# - IPs containing a zone identifier ("%"), like fe80::abcd%enp5s0
90+
# As all incoming IPs are already valid IPs, we just grep for all not-IPv4s
91+
selected_ntp_ips="$(echo "${all_ntp_ips}" | grep -vE '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b')"
8592
else
86-
NTP_SERVERS_ADDRS="$(for ip in $ipv4; do echo -n "-p $ip "; done) ${NTP_SERVERS_ADDRS}"
93+
# We want to match IPv4s and not match RFC2765 2.1) IPs like "::ffff:255.255.255.255"
94+
selected_ntp_ips="$(echo "${all_ntp_ips}" | grep -oE '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b')"
8795
fi
96+
NTP_SERVERS_ADDRS="$(for ip in $selected_ntp_ips; do echo -n "-p $ip "; done)${NTP_SERVERS_ADDRS}"
8897
done
98+
set +o pipefail # Disable pipefail: this script does not fully support pipefail yet
99+
89100
# shellcheck disable=SC2086 # otherwise ntpd cries
90101
if ! LD_PRELOAD=libpacketmark.so LIBPACKETMARK_MARK=1 gluon-wan /usr/sbin/ntpd -n -N -S /usr/sbin/ntpd-hotplug ${NTP_SERVERS_ADDRS} -q
91102
then

0 commit comments

Comments
 (0)