IPv6-only flag set on v6 sockets prevents the use of v4-mapped addresses

Nathaniel Filardo nwfilardo at gmail.com
Mon May 22 06:48:04 UTC 2023


Hello wireguard@,

I recently found out that in-Linux wireguard has, since its inception,
set its v6 sockets to v6-only
(https://github.com/torvalds/linux/blob/e7096c131e5161fa3b8e52a650d7719d2857adfd/drivers/net/wireguard/socket.c#L381)
and it keys only off the address family  to decide which socket to use
(https://github.com/torvalds/linux/blob/e7096c131e5161fa3b8e52a650d7719d2857adfd/drivers/net/wireguard/socket.c#L188).
This means that v4-mapped v6 addresses (::ffff:a.b.c.d) can be
registered as peer endpoints, but the kernel very silently won't try
to reach out.  Is that deliberate for some reason that eludes me?  If
it is, could the userspace tooling be educated about v4-mapped
addresses and translate them accordingly before handing them up to the
kernel; if it isn't, could we drop the v6-only flag on the kernel
socket?

Thanks for any input,
--nwf;


More information about the WireGuard mailing list