https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284857
--- Comment #3 from commit-h...@freebsd.org --- A commit in branch stable/14 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=7215aed7974cc4b7d3197ca5e5fcf545d3a28c0f commit 7215aed7974cc4b7d3197ca5e5fcf545d3a28c0f Author: Kyle Evans <kev...@freebsd.org> AuthorDate: 2025-03-04 19:57:34 +0000 Commit: Kyle Evans <kev...@freebsd.org> CommitDate: 2025-03-15 02:52:02 +0000 kern: wg: remove overly-restrictive address family check IPv4 packets can be routed via an IPv6 nexthop, so the handling of the parsed address family is more strict than it needs to be. If we have a valid header that matches a known peer, then we have no reason to decline the packet. Convert it to an assertion that it matches the destination as viewed by the stack below it, instead. `dst` may be the gateway instead of the destination in the case of a nexthop, so the `af` assignment must be switched to use the destination in all cases. Add a test case that approximates a setup like in the PR and demonstrates the issue. PR: 284857 Reviewed by: markj (earlier version), zlei (cherry picked from commit 2bef0d54f74dad6962ef7d1dfa407e95cb4fb4ad) sys/dev/wg/if_wg.c | 8 ++--- tests/sys/net/if_wg.sh | 79 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 82 insertions(+), 5 deletions(-) -- You are receiving this mail because: You are on the CC list for the bug.
