From nobody Tue Mar 4 19:58:12 2025 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Z6mh80fF0z5qcTJ for ; Tue, 04 Mar 2025 19:58:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Z6mh760rbz3wYl for ; Tue, 04 Mar 2025 19:58:15 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1741118295; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XNidU2QbDyShnlWX6iFcS4chiC3LXfC7Hr8lktaCwxo=; b=ArXZVYvaxBzuMEnoPshFXQKJvAc+HbojKVNe6HOMEzlVW7W98xdKJqj1SlybjP90fSsFli 887LUqoSM0HzVSntrYT+zWeWul18oxuFHs5QzyLnXgFq5jrtCEnElwblYiWsTfGDXfLIC8 /z2JPrRi7C3GjUNLjoBlDL/n3+V7LN6Y6R9g8EPjVfH67vC8kcfU83OGj2nEqgS1/weU18 5k570yfcVQp3n272F8HU/KobbPYsu6/pfqEvmVYTQqwn4EFLhb0PoozlBGKuxeZNvNLQJW /PpNpAEwCbC7TzAzjQbf3ECSAls42mchEZd9fdgsl8sKLK+685E+8dRPXYm6vQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1741118295; a=rsa-sha256; cv=none; b=r4g1H4oTSfSpAxXxG74BhwcBj6LOS27Ct14y6gYYAfFo9c9mhN1rl6rXc5l+xN3jBoaSaK iVybJ7pXzSHskI9mrZxHbcDSUpSCnKwwDPKxV3kFafcBg2dUijvPWfYS3KcBKn/TUZqoyM LWvQImJjzy5uzoOMz0CASwIqNPu1X3xgzMbWXKuw7qCdt6LmeX5DwmTLdoP2qAFDOmAq9w 3AyYXMN/qbNQTl5iJNq+WXZ476XZDMNj4/iLmMILkZbO9R/3ttiKDQDyReFlxV8wacf27g 58tcl5gJwvvxGOqQdt0fzzAepJJMGInzkPFd1V5/JyAVSTjA7xlQEfk3VK7G0Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1741118295; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XNidU2QbDyShnlWX6iFcS4chiC3LXfC7Hr8lktaCwxo=; b=c6wVH/o1vylH9Yec977w50yQ+YbYkwXHWFpbEIVn+lSyWxI8pxJSWFs90Av27GfA0GguTX m1ta0dYGcTJWYrvsKuEodeCWrqYN029nIneV4jcxB6HBuHOD7XX1k1ud/tbYuCOFc+Oqxs fOc3s4OaRWEki5G3k6HjwKPE17AwDtEPnJGe+ex1YvOW+ffoJxVbfJ35jtc/cHY7Qc6h7B 67faE9/FbVoT85W0E0xv0TnWLNjJH40YkvoMWssO9mTi0wL/aU11W/NjTuG7whcPdaXtyO cbQSeJmxkLmd3Ecemi5Bwd3gZlAtFv+XTIbKT+tiD5Z1Omw/cLSwAmQfVFcSqA== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Z6mh75csBzY9v for ; Tue, 04 Mar 2025 19:58:15 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 524JwFsw079605 for ; Tue, 4 Mar 2025 19:58:15 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 524JwFPD079604 for net@FreeBSD.org; Tue, 4 Mar 2025 19:58:15 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 284857] wg(4): IPv4 packet with IPv6 nexthop not forwarded Date: Tue, 04 Mar 2025 19:58:12 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 15.0-CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: commit-hook@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: kevans@freebsd.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D284857 --- Comment #2 from commit-hook@FreeBSD.org --- A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3D2bef0d54f74dad6962ef7d1dfa407e95c= b4fb4ad commit 2bef0d54f74dad6962ef7d1dfa407e95cb4fb4ad Author: Kyle Evans AuthorDate: 2025-03-04 19:57:34 +0000 Commit: Kyle Evans CommitDate: 2025-03-04 19:57:34 +0000 kern: wg: remove overly-restrictive address family check IPv4 packets can be routed via an IPv6 nexthop, so the handling of the parsed address family is more strict than it needs to be. If we have a valid header that matches a known peer, then we have no reason to decline the packet. Convert it to an assertion that it matches the destination as viewed by the stack below it, instead. `dst` may be the gateway instead of the destination in the case of a nexthop, so the `af` assignment must be switched to use the destination in all cases. Add a test case that approximates a setup like in the PR and demonstrates the issue. PR: 284857 Reviewed by: markj (earlier version), zlei Differential Revision: https://reviews.freebsd.org/D49172 sys/dev/wg/if_wg.c | 8 ++--- tests/sys/net/if_wg.sh | 79 ++++++++++++++++++++++++++++++++++++++++++++++= ++++ 2 files changed, 82 insertions(+), 5 deletions(-) --=20 You are receiving this mail because: You are on the CC list for the bug.=