wg: Remove IFF_POINTOPOINT. Unclear why this was set; setting it seems to have required a kludge in netinet/in.c that broke ipsec tunnels. Clearing it makes wg work again after that kludge was reverted.

(riastradh)

 @@ -1,14 +1,14 @@
-/*	$NetBSD: if_wg.c,v 1.32 2020/08/28 07:03:08 riastradh Exp $	*/
+/*	$NetBSD: if_wg.c,v 1.33 2020/08/31 20:20:22 riastradh Exp $	*/
 /*
  * Copyright (C) Ryota Ozaki <ozaki.ryota@gmail.com>
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
 @@ -31,27 +31,27 @@
 /*
  * This network interface aims to implement the WireGuard protocol.
  * The implementation is based on the paper of WireGuard as of
  * 2018-06-30 [1].  The paper is referred in the source code with label
  * [W].  Also the specification of the Noise protocol framework as of
  * 2018-07-11 [2] is referred with label [N].
+ *
  * [1] https://www.wireguard.com/papers/wireguard.pdf
  * [2] http://noiseprotocol.org/noise.pdf
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_wg.c,v 1.32 2020/08/28 07:03:08 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_wg.c,v 1.33 2020/08/31 20:20:22 riastradh Exp $");
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
 #endif
 #include <sys/param.h>
 #include <sys/types.h>
 #include <sys/atomic.h>
 #include <sys/callout.h>
 #include <sys/cprng.h>
 #include <sys/cpu.h>
 #include <sys/device.h>
 @@ -3372,27 +3372,27 @@ wg_destroy_peer_name(struct wg_softc *wg
 	wg_destroy_peer(wgp);
 	return 0;
+}
 static int
 wg_if_attach(struct wg_softc *wg)
+{
 	int error;
 	wg->wg_if.if_addrlen = 0;
 	wg->wg_if.if_mtu = WG_MTU;
-	wg->wg_if.if_flags = IFF_POINTOPOINT | IFF_MULTICAST;
+	wg->wg_if.if_flags = IFF_MULTICAST;
 	wg->wg_if.if_extflags = IFEF_NO_LINK_STATE_CHANGE;
 	wg->wg_if.if_extflags |= IFEF_MPSAFE;
 	wg->wg_if.if_ioctl = wg_ioctl;
 	wg->wg_if.if_output = wg_output;
 	wg->wg_if.if_init = wg_init;
 	wg->wg_if.if_stop = wg_stop;
 	wg->wg_if.if_type = IFT_OTHER;
 	wg->wg_if.if_dlt = DLT_NULL;
 	wg->wg_if.if_softc = wg;
 	IFQ_SET_READY(&wg->wg_if.if_snd);
 	error = if_initialize(&wg->wg_if);
 	if (error != 0)

 @@ -1,14 +1,14 @@
-.\"	$NetBSD: wg.4,v 1.5 2020/08/26 16:03:41 riastradh Exp $
+.\"	$NetBSD: wg.4,v 1.6 2020/08/31 20:20:22 riastradh Exp $
 .\"
 .\" Copyright (c) 2020 The NetBSD Foundation, Inc.
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
 .\" 1. Redistributions of source code must retain the above copyright
 .\"    notice, this list of conditions and the following disclaimer.
 .\" 2. Redistributions in binary form must reproduce the above copyright
 .\"    notice, this list of conditions and the following disclaimer in the
 .\"    documentation and/or other materials provided with the distribution.
 .\"
 @@ -28,28 +28,28 @@
 .Dt WG 4
 .Os
 .\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
 .Sh NAME
 .Nm wg
 .Nd virtual private network tunnel (EXPERIMENTAL)
 .\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
 .Sh SYNOPSIS
 .Cd pseudo-device wg
 .\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
 .Sh DESCRIPTION
 The
 .Nm
-interface implements a point-to-point roaming-capable virtual private
+interface implements a roaming-capable virtual private network tunnel,
-network tunnel, configured with
+configured with
 .Xr ifconfig 8
 and
 .Xr wgconfig 8 .
 .Pp
 .Sy WARNING:
 .Nm
 is experimental.
 .Pp
 Packets exchanged on a
 .Nm
 interface are authenticated and encrypted with a secret key negotiated
 with the peer, and the encapsulation is exchanged over IP or IPv6 using
 UDP.
 @@ -107,43 +107,45 @@ X7EGm3T3IfodBcyilkaC89j0SH3XD6+/pwvp7Dgp
 .Ed
 .Pp
 Configure A to listen on port 1234 and allow connections from B to
 appear in the 10.0.1.0/24 subnet:
 .Bd -literal -offset abcd
 A# ifconfig wg0 create 10.0.1.0/24
 A# wgconfig wg0 set private-key /etc/wg/wg0
 A# wgconfig wg0 set listen-port 1234
 A# wgconfig wg0 add peer B \e
     X7EGm3T3IfodBcyilkaC89j0SH3XD6+/pwvp7Dgp5SU= \e
     --allowed-ips=10.0.1.1/32
 A# ifconfig wg0 up
 A# ifconfig wg0
-wg0: flags=0x51<UP,POINTOPOINT,RUNNING> mtu 1420
+wg0: flags=0x8041<UP,RUNNING,MULTICAST> mtu 1420
-        inet 10.0.1.0/24 ->  flags 0
+        inet 10.0.1.0/24 flags 0
         inet6 fe80::22f7:d6ff:fe3a:1e60%wg0/64 flags 0 scopeid 0x3
 .Ed
 .Pp
 Configure B to connect to A at 1.2.3.4 on port 1234 and the packets can
 begin to flow:
 .Bd -literal -offset abcd
 B# ifconfig wg0 create 10.0.1.1/24
 B# wgconfig wg0 set private-key /etc/wg/wg0
 B# wgconfig wg0 add peer A \e
     N+B4Nelg+4ysvbLW3qenxIwrJVE9MdjMyqrIisH7V0Y= \e
     --allowed-ips=10.0.1.0/32 \e
     --endpoint=1.2.3.4:1234
 B# ifconfig wg0 up
 B# ifconfig wg0
-wg0: flags=0x51<UP,POINTOPOINT,RUNNING> mtu 1420
+wg0: flags=0x8041<UP,RUNNING,MULTICAST> mtu 1420
-        inet 10.0.1.1/24 ->  flags 0
+        inet 10.0.1.1/24 flags 0
         inet6 fe80::56eb:59ff:fe3d:d413%wg0/64 flags 0 scopeid 0x3
 B# ping -n 10.0.1.0
 PING 10.0.1.0 (10.0.1.0): 56 data bytes
 bytes from 10.0.1.0: icmp_seq=0 ttl=255 time=2.721110 ms
 \&...
 .Ed
 .\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
 .Sh SEE ALSO
 .Xr wg-keygen 8 ,
 .Xr wgconfig 8
 .\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
 .Sh COMPATIBILITY
 The
 .Nm