HomeFreeBSD
Diffusion FreeBSD src repository 2bef0d54f74d

kern: wg: remove overly-restrictive address family check
2bef0d54f74d
Actions

Description

kern: wg: remove overly-restrictive address family check

IPv4 packets can be routed via an IPv6 nexthop, so the handling of the
parsed address family is more strict than it needs to be. If we have a
valid header that matches a known peer, then we have no reason to
decline the packet.

Convert it to an assertion that it matches the destination as viewed by
the stack below it, instead. dst may be the gateway instead of the
destination in the case of a nexthop, so the af assignment must be
switched to use the destination in all cases.

Add a test case that approximates a setup like in the PR and
demonstrates the issue.

PR: 284857
Reviewed by: markj (earlier version), zlei
Differential Revision: https://reviews.freebsd.org/D49172

Details

Provenance
kevansAuthored on Tue, Mar 4, 7:57 PM
Reviewer
markj
Differential Revision
D49172: kern: wg: remove overly-restrictive address family check
Parents
rG429b03a00ba7: libc: fix _FORTIFY_SOURCE build on aarch64
Branches
Unknown
Tags
Unknown

Changes (2)

PathSize
sys/
dev/
wg/
tests/
sys/
net/

rG2bef0d54f74d

View Options

sys/dev/wg/if_wg.c

Loading...
View Options

tests/sys/net/if_wg.sh

Loading...