upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-03-09 17:51:07 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sys/dev/wg
History
Kyle Evans 7215aed797 kern: wg: remove overly-restrictive address family check 
IPv4 packets can be routed via an IPv6 nexthop, so the handling of the
parsed address family is more strict than it needs to be.  If we have a
valid header that matches a known peer, then we have no reason to
decline the packet.

Convert it to an assertion that it matches the destination as viewed by
the stack below it, instead.  `dst` may be the gateway instead of the
destination in the case of a nexthop, so the `af` assignment must be
switched to use the destination in all cases.

Add a test case that approximates a setup like in the PR and
demonstrates the issue.

PR:		284857
Reviewed by:	markj (earlier version), zlei

(cherry picked from commit 2bef0d54f74dad6962ef7d1dfa407e95cb4fb4ad)
2025-03-14 21:52:02 -05:00
..
compat.h wg: Drop the compat shim for sbcreatecontrol(). 2022-11-11 14:18:48 -08:00
crypto.h wg: Trim compat shims for versions older than current stable/13. 2022-10-28 13:36:13 -07:00
if_wg.c kern: wg: remove overly-restrictive address family check 2025-03-14 21:52:02 -05:00
if_wg.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
version.h
wg_cookie.c wg: uma_zcreate() does not fail 2024-05-02 09:25:08 -04:00
wg_cookie.h
wg_crypto.c wg: Trim compat shims for versions older than current stable/13. 2022-10-28 13:36:13 -07:00
wg_noise.c if_wg: fix access to noise_local->l_has_identity and l_private 2024-01-29 23:37:33 -06:00
wg_noise.h