Hello Abel,
On Mon, Jul 13, 2020 at 04:42:23AM -0500, Abel Abraham Camarillo Ojeda wrote:
</snip>
> # wg-quick up wg0
>
> (panic)
> login: panic: kernel diagnostic assertion "m->m_pkthdr.pf.statekey == NULL"
> failed: file "/usr/src/sys/net/pf.c", line 7455
> Stopped at db_enter+0x10: popq %rbp
> TID PID UID PRFLAGS PFLAGS CPU COMMAND
> *143795 57046 0 0x14000 0x200 0 softnet
> db_enter() at db_enter+0x10
> panic(ffffffff81de2358) at panic+0x128
> __assert(ffffffff81e4b90a,ffffffff81dbf1ea,1d1f,ffffffff81dda0a3) at
> __assert+0
> x2b
> pf_test(2,1,ffff800000b06000,ffff80000fd67ee8) at pf_test+0x10d3
> ip_input_if(ffff80000fd67ee8,ffff80000fd67ef4,4,0,ffff800000b06000) at
> ip_input
> _if+0x21c
> ipv4_input(ffff800000b06000,fffffd8022e88f00) at ipv4_input+0x39
> wg_deliver_in(ffff800000b4bcc0) at wg_deliver_in+0x122
> taskq_thread(ffff80000002b080) at taskq_thread+0x6d
> end trace frame: 0x0, count: 7
</snip>
thanks for reporting. and sorry for inconveniences.
I wonder if diff below fixes the assertion panic?
I suspect wg forgot to tell the IP address of decrypted packet got changed. I
have no wireguard by hand ready for try that out so the diff is kind of
shooting in-the-dark.
thanks for testing.
regards
sashan
--------8<---------------8<---------------8<------------------8<--------
diff --git a/sys/net/if_wg.c b/sys/net/if_wg.c
index 3f59681fed8..2745d20ff6c 100644
--- a/sys/net/if_wg.c
+++ b/sys/net/if_wg.c
@@ -18,6 +18,7 @@
*/
#include "bpfilter.h"
+#include "pf.h"
#include <sys/types.h>
#include <sys/systm.h>
@@ -2050,6 +2051,10 @@ wg_input(void *_sc, struct mbuf *m, struct ip *ip,
struct ip6_hdr *ip6,
t->t_mbuf = NULL;
t->t_done = 0;
+#if NPF > 0
+ pf_pkt_addr_changed(m);
+#endif /* NPF */
+
if (wg_queue_in(sc, t->t_peer, m) != 0)
counters_inc(sc->sc_if.if_counters,
ifc_iqdrops);
