Comments (4)
Hi there, thanks for your bug report.
Could you give me the kernel version you're running wag on? I cant replicate this on my dev machine (kernel 6.1.15-1 lts)
I would also recommend trying to build with the docker image, make docker
after following the release build instructions down the end of the readme.
Does the binary release work?
https://github.com/NHAS/wag/releases/download/v5.1.1/wag
If it doesnt, could you tell me what version stops working?
from wag.
Yes binary is working. Have to check other things on monday
from wag.
Yep fair enough. I suspect your version of clang or the header files are slightly different to mine.
What version of ubuntu are you using 22.04.2 LTS?
from wag.
Sweet, found what the problem is. Apparently in later version of the kernel they made the verifier less strict.
So in the C
portions of the code it was accessing packets like this:
struct udphdr *udph = (data + ip->ihl * 4);
However I was never verifying that the ip header length that I was given was still inside the packet. In the older versions of the kernel this is pulled up as an issue (and honestly I should be checking it anyway)
So I've moved it to this:
__u64 ip_header_length = (ip->ihl * 4);
if (ip_header_length > MAX_PACKET_OFF)
{
return 0;
}
if ((void *)(data + ip_header_length) > data_end)
{
return 0;
}
...
struct udphdr *udph = (data + ip_header_length);
...
Which works on the ubuntu 22.04.2 LTS VM I was testing it on. Im going to do a small release for this. Thanks for finding i!
from wag.
Related Issues (20)
- High Availability HOT 5
- Feature Request: support for port based firewall HOT 27
- [Feature Request] Support `PresharedKey` HOT 5
- NGINX Reverse Proxy for https does not work (no way to configure ip tables rules from wag config file) HOT 6
- Overwrite ips which should be routed in wireguard config HOT 1
- Build Prerequisites v4.1.1-1-gf055b4c HOT 1
- ManagementUI over TLS HOT 2
- Missing password reset for admin users HOT 1
- Missing MFA reset functionality in web interface HOT 1
- Config Generated Wrong DNS HOT 2
- When ports are used, generated wireguard config files are wrong
- Management UI should notify users if wag is out of date
- Possibility to customize MFA Portal HOT 12
- Whether to operate wireguard with routing or natting should be adjustable HOT 4
- Allow internal devices to access wireguard client HOT 6
- Redirect to MFA URL after activating wireguard. HOT 6
- unable to start router: could not attach XDP program: bpf_link not supported HOT 2
- ACL Rule Mfa always has precedence over Allow? HOT 52
- XDP eBPF firewall blocks register_mfa? HOT 18
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wag.