From 8e98e29e9715bc517a01cc058194e0ad40f7c578 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Sun, 5 Nov 2023 15:17:54 +0100
Subject: [PATCH] modules/wireguard-initrd: fix udp option for ipproto in ip
 rule

---
 modules/wireguard-initrd/default.nix | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/modules/wireguard-initrd/default.nix b/modules/wireguard-initrd/default.nix
index b4750d4..61fc797 100644
--- a/modules/wireguard-initrd/default.nix
+++ b/modules/wireguard-initrd/default.nix
@@ -58,16 +58,21 @@ in
         persistent-keepalive "25" \
         allowed-ips "0.0.0.0/0,::/0,10.20.30.0/24,2a01:4f8:c0c:15f1::/113"
 
-      #ip route add "::/0" dev "wg-initrd" table 1337
-      #ip route add "0.0.0.0/0" dev "wg-initrd" table 1337
+      ip route add "::/0" dev "wg-initrd" table 1337
+      ip route add "0.0.0.0/0" dev "wg-initrd" table 1337
 
+      # Error: Argument "udp" is wrong: Invalid "ipproto" value
+      # For some reason ip rule does not recognize "udp" as a value for "ipproto" in initrd,
+      # so we pass the numeric value for it manually
+      # This is from linux/include/uapi/linux/in.h
+      IPPROTO_UDP=17
 
       ${concatMapStringsSep "\n" (ip: ''
         ip -6 rule add from "${ip}" lookup 1337 prio 19000
         ip -6 rule add from "${ip}" unreachable prio 19001
       '') cfg.ipv6s}
-      ip -6 rule add to "2a01:4f8:c0c:15f1::1/128" ipproto udp dport 51820 lookup main prio 20000
-      ip -6 rule add to "2a01:4f8:c0c:15f1::1/128" ipproto udp dport 51820 unreachable prio 20001
+      ip -6 rule add to "2a01:4f8:c0c:15f1::1/128" ipproto $IPPROTO_UDP dport 51820 lookup main prio 20000
+      ip -6 rule add to "2a01:4f8:c0c:15f1::1/128" ipproto $IPPROTO_UDP dport 51820 unreachable prio 20001
       ip -6 rule add lookup main prio 21000
       ip -6 rule add lookup 1337 prio 21001
       ip -6 rule add unreachable prio 21000
@@ -77,8 +82,8 @@ in
         ip -4 rule add from "${ip}" lookup 1337 prio 19000
         ip -4 rule add from "${ip}" unreachable prio 19001
       '') cfg.ipv4s}
-      ip -4 rule add to "78.47.183.82/32" ipproto udp dport 51820 lookup main prio 20000
-      ip -4 rule add to "78.47.183.82/32" ipproto udp dport 51820 unreachable prio 20001
+      ip -4 rule add to "78.47.183.82/32" ipproto $IPPROTO_UDP dport 51820 lookup main prio 20000
+      ip -4 rule add to "78.47.183.82/32" ipproto $IPPROTO_UDP dport 51820 unreachable prio 20001
       ip -4 rule add lookup main prio 21000
       ip -4 rule add lookup 1337 prio 21001
       ip -4 rule add unreachable prio 21000