[Bug 284857] wg(4): IPv4 packet with IPv6 nexthop not forwarded

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284857

--- Comment #2 from commit-hook@FreeBSD.org ---
A commit in branch main references this bug:

URL:
https://cgit.FreeBSD.org/src/commit/?id=2bef0d54f74dad6962ef7d1dfa407e95cb4fb4ad

commit 2bef0d54f74dad6962ef7d1dfa407e95cb4fb4ad
Author:     Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2025-03-04 19:57:34 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2025-03-04 19:57:34 +0000

    kern: wg: remove overly-restrictive address family check

    IPv4 packets can be routed via an IPv6 nexthop, so the handling of the
    parsed address family is more strict than it needs to be.  If we have a
    valid header that matches a known peer, then we have no reason to
    decline the packet.

    Convert it to an assertion that it matches the destination as viewed by
    the stack below it, instead.  `dst` may be the gateway instead of the
    destination in the case of a nexthop, so the `af` assignment must be
    switched to use the destination in all cases.

    Add a test case that approximates a setup like in the PR and
    demonstrates the issue.

    PR:             284857
    Reviewed by:    markj (earlier version), zlei
    Differential Revision:  https://reviews.freebsd.org/D49172

 sys/dev/wg/if_wg.c     |  8 ++---
 tests/sys/net/if_wg.sh | 79 ++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 82 insertions(+), 5 deletions(-)

-- 
You are receiving this mail because:
You are on the CC list for the bug.