The branch main has been updated by kevans:
URL:
https://cgit.FreeBSD.org/src/commit/?id=f6d9e22982a1d0354c0199e94ebdb4474eaa74b9
commit f6d9e22982a1d0354c0199e94ebdb4474eaa74b9
Author: Kyle Evans <kev...@freebsd.org>
AuthorDate: 2025-06-26 02:57:03 +0000
Commit: Kyle Evans <kev...@freebsd.org>
CommitDate: 2025-06-26 02:58:25 +0000
wg: ipc: add allowed-ip flags support for FreeBSD
For $reasons, we can't rely on flags in wireguard-tools for the kernel
side of WireGuard. Provide a mapping function that uses flags from the
kernel that we're building against and fail the operation if we made it
to the end without turning some wg(8) flag off.
Signed-off-by: Kyle Evans <kev...@freebsd.org>
Reviewed by: ivy (previous version), Jason A. Donenfeld, jhb
Differential Revision: https://reviews.freebsd.org/D50450
---
contrib/wireguard-tools/ipc-freebsd.h | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/contrib/wireguard-tools/ipc-freebsd.h
b/contrib/wireguard-tools/ipc-freebsd.h
index 58e5e71ce5cb..69077038a15a 100644
--- a/contrib/wireguard-tools/ipc-freebsd.h
+++ b/contrib/wireguard-tools/ipc-freebsd.h
@@ -307,11 +307,8 @@ static int kernel_set_device(struct wgdevice *dev)
nvl_aips[j] = nvlist_create(0);
if (!nvl_aips[j])
goto err_peer;
- if (aip->flags) {
- //TODO: implement me
- ret = -EOPNOTSUPP;
- goto err_peer;
- }
+ if (aip->flags)
+ nvlist_add_number(nvl_aips[j], "flags",
aip->flags);
nvlist_add_number(nvl_aips[j], "cidr", aip->cidr);
if (aip->family == AF_INET)
nvlist_add_binary(nvl_aips[j], "ipv4",
&aip->ip4, sizeof(aip->ip4));
