NetBSD Problem Report #58013
From www@netbsd.org Sat Mar 9 06:37:18 2024
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 38AAE1A923C
for <gnats-bugs@gnats.NetBSD.org>; Sat, 9 Mar 2024 06:37:18 +0000 (UTC)
Message-Id: <20240309063716.A1D6A1A923F@mollari.NetBSD.org>
Date: Sat, 9 Mar 2024 06:37:16 +0000 (UTC)
From: campbell+netbsd@mumble.net
Reply-To: campbell+netbsd@mumble.net
To: gnats-bugs@NetBSD.org
Subject: tun(4) with TUNSLMODE enabled is hard-coded to be IPv4-only
X-Send-Pr-Version: www-1.0
>Number: 58013
>Category: kern
>Synopsis: tun(4) with TUNSLMODE enabled is hard-coded to be IPv4-only
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Mar 09 06:40:00 +0000 2024
>Closed-Date: Mon Mar 11 22:26:26 +0000 2024
>Last-Modified: Mon Mar 11 22:26:26 +0000 2024
>Originator: Taylor R Campbell
>Release: current, 10, 9, 8, ...
>Organization:
The NetBSD Foundatun
>Environment:
>Description:
When a tun(4) instance is configured with ioctl(TUNSLMODE), every packet put out by the kernel and read by the process backing the tun(4) instance has the destination socket address prepended, length-delimited by the .sa_len member.
However, it is hard-coded to be IPv4-only, i.e., to handle only destination socket addresses with .sa_family = AF_INET.
This happens because:
1. ioctl(TUNSLMODE) sets the TUN_PREPADDR flag internally, which is exclusive with the TUN_IFHEAD flag set by ioctl(TUNSIFHEAD).
2. When TUN_IFHEAD is _not_ set, tun_output explicitly restricts dst->sa_family to be AF_INET:
590 switch(dst->sa_family) {
591 #ifdef INET6
592 case AF_INET6:
593 #endif
594 #ifdef INET
595 case AF_INET:
596 #endif
597 #if defined(INET) || defined(INET6)
598 if (tp->tun_flags & TUN_PREPADDR) {
...
607 }
608
609 if (tp->tun_flags & TUN_IFHEAD) {
...
619 } else {
620 #ifdef INET
621 if (dst->sa_family != AF_INET)
622 #endif
623 {
624 error = EAFNOSUPPORT;
625 goto out;
626 }
627 }
...
641 default:
642 error = EAFNOSUPPORT;
643 goto out;
https://nxr.netbsd.org/xref/src/sys/net/if_tun.c?r=1.174#590
>How-To-Repeat:
set up wg-userspace with IPv6
>Fix:
Lines 607-609 quoted above should maybe be `} else if ...' instead of `} if ...'.
>Release-Note:
>Audit-Trail:
From: "Taylor R Campbell" <riastradh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/58013 CVS commit: src/share/man/man4
Date: Sat, 9 Mar 2024 12:36:07 +0000
Module Name: src
Committed By: riastradh
Date: Sat Mar 9 12:36:07 UTC 2024
Modified Files:
src/share/man/man4: wg.4
Log Message:
wg(4): Spruce up example a bit.
- Suggest umask so the private keys aren't world readable.
- Suggest use of pre-shared key files.
- Use TEST-NET-1 and TEST-NET-2 addresses for the example instead of
real publicly routable addresses.
Holding off on adding IPv6 example until the tun(4) issue is fixed
(PR bin/58013).
PR misc/58015
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 src/share/man/man4/wg.4
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->needs-pullups
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Sat, 09 Mar 2024 13:56:32 +0000
State-Changed-Why:
fixed in HEAD, needs pullups to all branches
also needs some automatic tests but that's a lot of work
From: "Taylor R Campbell" <riastradh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/58013 CVS commit: src/sys/net
Date: Sat, 9 Mar 2024 13:55:28 +0000
Module Name: src
Committed By: riastradh
Date: Sat Mar 9 13:55:28 UTC 2024
Modified Files:
src/sys/net: if_tun.c
Log Message:
tun(4): Allow IPv6 packets with TUNSLMODE configured.
PR kern/58013
To generate a diff of this commit:
cvs rdiff -u -r1.174 -r1.175 src/sys/net/if_tun.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: needs-pullups->pending-pullups
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Mon, 11 Mar 2024 01:09:46 +0000
State-Changed-Why:
pullup-10 #627
pullup-9 #1815
pullup-8 #1946
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/58013 CVS commit: [netbsd-10] src/sys/net
Date: Mon, 11 Mar 2024 19:28:45 +0000
Module Name: src
Committed By: martin
Date: Mon Mar 11 19:28:45 UTC 2024
Modified Files:
src/sys/net [netbsd-10]: if_tun.c
Log Message:
Pull up following revision(s) (requested by riastradh in ticket #627):
sys/net/if_tun.c: revision 1.175
tun(4): Allow IPv6 packets with TUNSLMODE configured.
PR kern/58013
To generate a diff of this commit:
cvs rdiff -u -r1.173.4.1 -r1.173.4.2 src/sys/net/if_tun.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/58013 CVS commit: [netbsd-9] src/sys/net
Date: Mon, 11 Mar 2024 19:30:06 +0000
Module Name: src
Committed By: martin
Date: Mon Mar 11 19:30:06 UTC 2024
Modified Files:
src/sys/net [netbsd-9]: if_tun.c
Log Message:
Pull up following revision(s) (requested by riastradh in ticket #1815):
sys/net/if_tun.c: revision 1.175
tun(4): Allow IPv6 packets with TUNSLMODE configured.
PR kern/58013
To generate a diff of this commit:
cvs rdiff -u -r1.156 -r1.156.2.1 src/sys/net/if_tun.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/58013 CVS commit: [netbsd-8] src/sys/net
Date: Mon, 11 Mar 2024 19:31:31 +0000
Module Name: src
Committed By: martin
Date: Mon Mar 11 19:31:31 UTC 2024
Modified Files:
src/sys/net [netbsd-8]: if_tun.c
Log Message:
Pull up following revision(s) (requested by riastradh in ticket #1946):
sys/net/if_tun.c: revision 1.175
tun(4): Allow IPv6 packets with TUNSLMODE configured.
PR kern/58013
To generate a diff of this commit:
cvs rdiff -u -r1.139.2.4 -r1.139.2.5 src/sys/net/if_tun.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/58013 CVS commit: [netbsd-10] src/share/man/man4
Date: Mon, 11 Mar 2024 19:39:23 +0000
Module Name: src
Committed By: martin
Date: Mon Mar 11 19:39:23 UTC 2024
Modified Files:
src/share/man/man4 [netbsd-10]: wg.4
Log Message:
Pull up following revision(s) (requested by riastradh in ticket #629):
share/man/man4/wg.4: revision 1.7
wg(4): Spruce up example a bit.
- Suggest umask so the private keys aren't world readable.
- Suggest use of pre-shared key files.
- Use TEST-NET-1 and TEST-NET-2 addresses for the example instead of
real publicly routable addresses.
Holding off on adding IPv6 example until the tun(4) issue is fixed
(PR bin/58013).
PR misc/58015
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.6.6.1 src/share/man/man4/wg.4
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: pending-pullups->closed
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Mon, 11 Mar 2024 22:26:26 +0000
State-Changed-Why:
fixed and pulled up
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2024
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.