Bug 253487

Summary: if_wg module multiple ipv4 in allowed-ips will cause all IPs' subnet mask become the same.
Product: Base System Reporter: nyan
Component: kernAssignee: freebsd-net (Nobody) <net>
Status: Closed FIXED    
Severity: Affects Some People CC: flo, garga, khng, kp, lwhsu, mmacy
Priority: ---    
Version: 13.0-STABLE   
Hardware: Any   
OS: Any   

Description nyan 2021-02-13 17:39:00 UTC 
When using `if_wg`, adding a peer with a list of allowed-ip, for example

 allowed-ips 10.0.20.0/24 allowed-ips 192.168.0.0/16

will result in

AllowedIPs = 10.0.20.0/24, 192.168.0.0/24

Expected:

AllowedIPs = 10.0.20.0/24, 192.168.0.0/16
Comment 1 nyan 2021-02-13 17:44:25 UTC 
Revision: FreeBSD 13.0-CURRENT #11 r369260M
Comment 2 Ka Ho Ng freebsd_committer freebsd_triage 2021-02-13 17:46:08 UTC 
This bug also affects -STABLE at 6136a10e355a7a837edecbccbed04c34b4bc32c9.

Some extra hints on mixing IPv4 and IPv6 allowed-ips

command:
allowed-ips 10.88.88.0/24 allowed-ips fccc:cccc:cccc:0::/64 allowed-ips fbbb:bbbb:bbbb:bbbb:bbbb::/80

Output:
[Peer]
PublicKey = ***
Endpoint = *:*
AllowedIPs = 10.88.88.0/24
[Peer]
PublicKey = ***
Endpoint = *:*
AllowedIPs = 10.88.88.0/24, fccc:cccc:cccc::/24
[Peer]
PublicKey = ***
Endpoint = *:*
AllowedIPs = 10.88.88.0/24, fccc:cccc:cccc::/24, fbbb:bbbb:bbbb:bbbb:bbbb::/24
Comment 3 nyan 2021-02-13 23:42:00 UTC 
https://reviews.freebsd.org/D28655
The above commit fixes this issue.
Comment 4 Kristof Provost freebsd_committer freebsd_triage 2021-02-16 09:31:00 UTC 
That fix went in as https://cgit.freebsd.org/src/commit/?id=0646b83f0779260256e03a11c7bc2e6bcfefa694
Comment 5 Li-Wen Hsu freebsd_committer freebsd_triage 2021-02-16 15:51:46 UTC 
Should this be merged to stable/13 and even releng/13.0?