From nobody Sat Mar 15 02:53:11 2025 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZF5QJ6SSqz5rCHX for ; Sat, 15 Mar 2025 02:53:12 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ZF5QJ5h06z3y15 for ; Sat, 15 Mar 2025 02:53:12 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1742007192; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=BzUBBBVQ+O026JMXOTtm/Nba8aAwM3zBE5Xn/ttFU3Y=; b=A35IhIvNveVgb/u58XRbELUEBadxsYp9sQzO2P1vwcUmDc+q+bqNuwM62DLg9dg6FiteUJ VLDIf1U6KGxdHJiSAyxLDhMOebZvSjmR2TmFsA9agrSCbTl4BEV65ufPC3Z1M9x0IB8EDn aL1V2FTHqLq+34mB5qFBJbQhdpLr4FtCQjSAp9FaGM7SNeL8Xj+PvbIwCRx9qimUsJ0omD 4xI4JdfChLqKI093gL0XvBifjx9gIyM8tAvWw89iTzLYI5wPLa3iWbl4p6HWnjCBlYJe6t lnwCgv2QJIeauw9weSekP7oCLkMWMwieaAcu3/3l8ZUgKWGkzgqXZ8KmQD820Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1742007192; a=rsa-sha256; cv=none; b=njyKnFfdsSeX5zedObQFw6cUuWuj2D31AB4DaY8eh49mi/ygh2C+gPokr3s4mNGR+M1Jey am+ty91nSRU7u6LlQKl+VfheXoa6Spa9IUml2O9vmky4OArJxEYL/9GbVusVphCuMVtiPW CsxCwVdZWZnjYYoSqPRMkZpJ0/a4t+xeRvA9t2YcbCtUYtaRLUKmj1mZW6pZxCQ5h4VlQE yFG0LobPajj1IBkJHBCJrZKdIkqsQP6A5c/IOdEF1MKFOWXmvw1VGoL+CccWbPVLi8is7D qooyWSzpaXemdZbXByieoUbxoUewMxbZKL6m8B4OvhXT8n43mwmZmbZ6xooVzQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1742007192; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=BzUBBBVQ+O026JMXOTtm/Nba8aAwM3zBE5Xn/ttFU3Y=; b=tBa/fF4NwkYnJrc9lkKQ1SeEogHS2GHV435b0bi16PXnv49IVB0k0MZYbaIO96R0AMRznq R0/64aY8Rovzam1J6o/tzRZ38TFv+Hf97XgRqoX4Z5KAvTLUxk3mtzKZ4JFiiMqd6cx34n ypg+ptUOFgK4JKTRZ6ueFiTUPuUzROHFsloVP/gmP818sp943HNt+JtJ2uN0QSKzn0lpsa h/RG6bdk23c/5aGJd2sCLQJHH4355jAkJrPcDjNTucBOkHjcihmfkwFRk5xFLuCU6TzNcP /zfC+86YhGBSVZhLV3fwDwLGSxSZJx1rJG60NxyTl4jA1jxgF/qsIAla62LwHA== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZF5QJ5F3lz1BZM for ; Sat, 15 Mar 2025 02:53:12 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 52F2rCGU046714 for ; Sat, 15 Mar 2025 02:53:12 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 52F2rCGk046713 for net@FreeBSD.org; Sat, 15 Mar 2025 02:53:12 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 284857] wg(4): IPv4 packet with IPv6 nexthop not forwarded Date: Sat, 15 Mar 2025 02:53:11 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 15.0-CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: commit-hook@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: kevans@freebsd.org X-Bugzilla-Flags: mfc-stable14? mfc-stable13- X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D284857 --- Comment #3 from commit-hook@FreeBSD.org --- A commit in branch stable/14 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3D7215aed7974cc4b7d3197ca5e5fcf545d= 3a28c0f commit 7215aed7974cc4b7d3197ca5e5fcf545d3a28c0f Author: Kyle Evans AuthorDate: 2025-03-04 19:57:34 +0000 Commit: Kyle Evans CommitDate: 2025-03-15 02:52:02 +0000 kern: wg: remove overly-restrictive address family check IPv4 packets can be routed via an IPv6 nexthop, so the handling of the parsed address family is more strict than it needs to be. If we have a valid header that matches a known peer, then we have no reason to decline the packet. Convert it to an assertion that it matches the destination as viewed by the stack below it, instead. `dst` may be the gateway instead of the destination in the case of a nexthop, so the `af` assignment must be switched to use the destination in all cases. Add a test case that approximates a setup like in the PR and demonstrates the issue. PR: 284857 Reviewed by: markj (earlier version), zlei (cherry picked from commit 2bef0d54f74dad6962ef7d1dfa407e95cb4fb4ad) sys/dev/wg/if_wg.c | 8 ++--- tests/sys/net/if_wg.sh | 79 ++++++++++++++++++++++++++++++++++++++++++++++= ++++ 2 files changed, 82 insertions(+), 5 deletions(-) --=20 You are receiving this mail because: You are on the CC list for the bug.=