From nobody Wed Jul 27 14:14:40 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4LtG4c4jH2z4Xg9j; Wed, 27 Jul 2022 14:14:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4LtG4c44swz3g73; Wed, 27 Jul 2022 14:14:40 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1658931280; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ru0wKpnON9Y2peqiESE0faS5AJlylwLys2asb3tl/fI=; b=Rs0ZbLKr6wZyLLOLdoPwf2rLIO188lhapSMEOA2Kn9gif/Bk/rADffpTYfRJMjjH9074x9 tDkmDgWOySAnrVE6tpprLvt8MMSKJMCXx4VuTYpda8QL2sW9RNEqtOhyM6Ivy38+6s1+yh C0YXTtz/pU2iNPg/3ipzQm/QRYEHLWV0J+MOORfWNAsjoT4i5x8NsEisHuvdanVe9u2GtK sHBGTlEIWYBfWT+CiQCI1mcwD09Y+GjDyRdtM0BCm+0idNb3UNpmbBPGns3Xq4R+uHPpb2 CEkwHcW1dAyy8eavUHHBVDfVeTC82MZxCfB1HzIsa3tBWOBGsNqZ8rWbCtrrLw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4LtG4c37qVzKNv; Wed, 27 Jul 2022 14:14:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 26REEeU9051906; Wed, 27 Jul 2022 14:14:40 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 26REEe1n051905; Wed, 27 Jul 2022 14:14:40 GMT (envelope-from git) Date: Wed, 27 Jul 2022 14:14:40 GMT Message-Id: <202207271414.26REEe1n051905@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: =?utf-8?Q?Kornel=20Dul=C4=99ba?= Subject: git: 863871d369f8 - main - ipsec: Improve validation of PMTU List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kd X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 863871d369f8deb687aafa26599d93a6ef7c5e41 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1658931280; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ru0wKpnON9Y2peqiESE0faS5AJlylwLys2asb3tl/fI=; b=PF/REGbTbGtN8/woFM/dsXLUeQOl1U9lr8QhjdjCMIOw3KVqfXeQC1SSzv97bu7mHkT5Md 35HsecCHCZK9eix4hDmzzwC2K+qAjNoRGkHcwSdD232Lg2uHd4TcWNQF88mM8fBIvPhA4S Idy0r3QCPl3dJJ78xZAYL2mZbq2ptYuzfUdPuk8UOvMhxBQjbXSXokxcmnnWmIsPTdFkIK 03/XJ/O8HXuaBYDGwChaW+/43/L7kszFf4+kPjUJF7gMtwIAuw5oqRotEVirkUp9cOPsBO Dg6SvXkd2D8lHGRwVGIVRCdjGFThukqkIGe9KyOV0ubP9hE87K88+Gb1xtqsjA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1658931280; a=rsa-sha256; cv=none; b=EgJmM/P545bnTC87hFDPIIs3NasvPLb2ES9GwQP86AJXZ+yhDxq35hO+lFkJsQxOK3hIGH xU0gzPG14BubCRqMzfJ7GUX5yJPXsHbeNNL1/NYRNQJIUVz8fIkbPZGvJtD16J5SphcXqJ FJwjVkeX/2DCHissjaE834sGDg1OZfQEHrvz5AFh0O3mqy8j0Ev4VEH/650Y6g9uq6/fPT AsI64eQZPTSqtlz6HnJDaLrjvlVbG9yio3mPkmUY8arvuB19PXUHjb2NJHJbwjPpkwWSxA sBg1Lf/y8V1nI0b1Hzn3nzK35mMwOYg7+B8q0KpP2MoL13vpl8gnrDeMuzOV7A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by kd: URL: https://cgit.FreeBSD.org/src/commit/?id=863871d369f8deb687aafa26599d93a6ef7c5e41 commit 863871d369f8deb687aafa26599d93a6ef7c5e41 Author: Kornel Dulęba AuthorDate: 2022-07-27 14:12:34 +0000 Commit: Kornel Dulęba CommitDate: 2022-07-27 14:12:34 +0000 ipsec: Improve validation of PMTU Currently there is no upper bound on the PMTU value that is accepted. Update hostcache only if the new pmtu is smaller than the current entry and the link MTU. Approved by: mw(mentor) Sponsored by: Stormshield Obtained from: Semihalf Differential Revision: https://reviews.freebsd.org/D35872 --- sys/netipsec/ipsec_input.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/sys/netipsec/ipsec_input.c b/sys/netipsec/ipsec_input.c index ce8f1f02b8be..268d8a797c35 100644 --- a/sys/netipsec/ipsec_input.c +++ b/sys/netipsec/ipsec_input.c @@ -276,6 +276,7 @@ ipsec4_ctlinput(int code, struct sockaddr *sa, void *v) struct icmp *icp; struct ip *ip = v; uint32_t pmtu, spi; + uint32_t max_pmtu; uint8_t proto; if (code != PRC_MSGSIZE || ip == NULL) @@ -304,7 +305,15 @@ ipsec4_ctlinput(int code, struct sockaddr *sa, void *v) memset(&inc, 0, sizeof(inc)); inc.inc_faddr = satosin(sa)->sin_addr; - tcp_hc_updatemtu(&inc, pmtu); + + /* Update pmtu only if its smaller than the current one. */ + max_pmtu = tcp_hc_getmtu(&inc); + if (max_pmtu == 0) + max_pmtu = tcp_maxmtu(&inc, NULL); + + if (pmtu < max_pmtu) + tcp_hc_updatemtu(&inc, pmtu); + return (0); }