diff --git a/sys/dev/if_wg/module/if_wg_session.c b/sys/dev/if_wg/module/if_wg_session.c index 0102d697007..492f356bca9 100644 --- a/sys/dev/if_wg/module/if_wg_session.c +++ b/sys/dev/if_wg/module/if_wg_session.c @@ -1890,7 +1890,12 @@ wg_input(struct mbuf *m0, int offset, struct inpcb *inpcb, goto free; } e = wg_mbuf_endpoint_get(m); - e->e_remote.r_sa = *srcsa; + if (srcsa->sa_family == AF_INET) + e->e_remote.r_sin = *(const struct sockaddr_in *)srcsa; + else if (srcsa->sa_family == AF_INET6) + e->e_remote.r_sin6 = *(const struct sockaddr_in6 *)srcsa; + else + e->e_remote.r_sa = *srcsa; verify_endpoint(m); if_inc_counter(sc->sc_ifp, IFCOUNTER_IPACKETS, 1); diff --git a/sys/dev/if_wg/module/module.c b/sys/dev/if_wg/module/module.c index 6c0df29be93..d437c0ee7b6 100644 --- a/sys/dev/if_wg/module/module.c +++ b/sys/dev/if_wg/module/module.c @@ -391,13 +391,20 @@ wg_peer_to_nvl(struct wg_peer *peer) int i, count; nvlist_t *nvl; caddr_t key; + size_t sa_sz; struct wg_allowedip *aip; + struct wg_endpoint *ep; if ((nvl = nvlist_create(0)) == NULL) return (NULL); key = peer->p_remote.r_public; nvlist_add_binary(nvl, "public-key", key, WG_KEY_SIZE); - nvlist_add_binary(nvl, "endpoint", &peer->p_endpoint.e_remote, sizeof(struct sockaddr)); + ep = &peer->p_endpoint; + if (ep->e_remote.r_sa.sa_family != 0) { + sa_sz = (ep->e_remote.r_sa.sa_family == AF_INET) ? + sizeof(struct sockaddr_in) : sizeof(struct sockaddr_in6); + nvlist_add_binary(nvl, "endpoint", &ep->e_remote, sa_sz); + } i = count = 0; CK_LIST_FOREACH(rt, &peer->p_routes, r_entry) { count++; @@ -592,13 +599,12 @@ wg_peer_add(struct wg_softc *sc, const nvlist_t *nvl) } if (nvlist_exists_binary(nvl, "endpoint")) { endpoint = nvlist_get_binary(nvl, "endpoint", &size); - if (size != sizeof(*endpoint)) { + if (size > sizeof(peer->p_endpoint.e_remote)) { device_printf(dev, "%s bad length for endpoint %zu\n", __func__, size); err = EBADMSG; goto out; } - memcpy(&peer->p_endpoint.e_remote, endpoint, - sizeof(peer->p_endpoint.e_remote)); + memcpy(&peer->p_endpoint.e_remote, endpoint, size); } if (nvlist_exists_binary(nvl, "pre-shared-key")) { const void *key;