From nobody Sun Aug 25 06:49:21 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Ws4D12wgrz5VS7w; Sun, 25 Aug 2024 06:49:21 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Ws4D12RBBz4l3m; Sun, 25 Aug 2024 06:49:21 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724568561; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=jOVrFKFT5OPAZuUHdDSDg+y8rUUt85XhZrecLsJfMnQ=; b=vPsWkNsntBKjQ+TE+L5KtCxNPEXy4egjNw3E8LyMvRoWzwplclnbZARG2QiB2jw1ptQm4f qKGr3WD4XK6FL4KsebKWv7CAUg6FWLauFEbjIqPqJvhq84zoVtyh7oFeNUKPx1RkxFdp3a HLCyu3pugvdAu/gAxze8JJwbzOLC/mTq3n2QIImDUNOTQXrPxsg5apld9u3pPUviq1qv51 OekKtnX3WSkP8lXe9ZGxomepgQfBUWYZgatretrLF1oba7hz2OnD8tUveb0hjcL2Wwyjra LBK5DFQsjhlQbXXwxYtZcwfMu1jn/V6q6/z4rDEHoZMiPS3aKrJZla4MPnORkQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724568561; a=rsa-sha256; cv=none; b=b5DDUTYqUJRSOki5mMTwyIWLw5qKVmIBfxrxdF5jDF1ZSsLg97NOkAXvS1V3YhYT1knUWW 3rO0q0TcBx8rgVnCpf557fAh4u3GwahWFA6mhwIrMYIpuP4uyjvdVG9U9xxj44wJC6SBku ibUxnD/wDEpODI4Dxh2QasfPGTeGUTktrPgSccOhueI1NaQeTjlyOnjFFfOwmRygwY3Xsx MxFbO8730vhLY4EVxf9gYEWH0nOe1U0rWkeEtVNSFNKyB8zCZUU7USlBcmeOYINcOrByuB REKADfBXBUw4t0QcY+DcMDRkJWdOWySg/ltVQj4gWXtP7FJ1GolQJy6hgJ4uEg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724568561; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=jOVrFKFT5OPAZuUHdDSDg+y8rUUt85XhZrecLsJfMnQ=; b=OTbOcJ0iotDyw1nmr3Fvv3P9zL9o5ElR0JPs7ZM001j7WxfCQx4tu/L5o9PbciKUHNlTkk RljhIOcB0kxyG+ZJgdb2l4170mN0Uj/sHKZvBHXcwSXOqtMp9+rUlIYEeAnIUeufxy1+L/ V86gStVK2Oja2LZbfFvMx+VR0M0eHaURjcdGi2XOKTlbss7wgTgD4lgO4PQn+N6vD/7u+K zRBwZtbF0D/joQ6CyjGukxxkNFuKEHF/KYgLaqnvTHmYEtQRqm//01Sj0OHEGHl/KD620k BpEWh7jbJw3/mNJ/f4o9i34U0UHzbdXlxsb26AfdW7sNKcoIR1vuatRMWeThYA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Ws4D11ybtz1RbP; Sun, 25 Aug 2024 06:49:21 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 47P6nLIS043698; Sun, 25 Aug 2024 06:49:21 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 47P6nLTq043695; Sun, 25 Aug 2024 06:49:21 GMT (envelope-from git) Date: Sun, 25 Aug 2024 06:49:21 GMT Message-Id: <202408250649.47P6nLTq043695@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Eugene Grosbein Subject: git: 41efd8eef313 - stable/12 - libalias: fix subtle racy problem in outside-inside forwarding List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: eugen X-Git-Repository: src X-Git-Refname: refs/heads/stable/12 X-Git-Reftype: branch X-Git-Commit: 41efd8eef313448f63125dd96dfa393f5492edbd Auto-Submitted: auto-generated The branch stable/12 has been updated by eugen: URL: https://cgit.FreeBSD.org/src/commit/?id=41efd8eef313448f63125dd96dfa393f5492edbd commit 41efd8eef313448f63125dd96dfa393f5492edbd Author: Eugene Grosbein AuthorDate: 2024-08-19 03:34:37 +0000 Commit: Eugene Grosbein CommitDate: 2024-08-25 06:47:32 +0000 libalias: fix subtle racy problem in outside-inside forwarding sys/netinet/libalias/alias_db.c has internal static function UseLink() that passes a link to CleanupLink() to verify if the link has expired. If so, UseLink() may return NULL. _FindLinkIn()'s usage of UseLink() is not quite correct. Assume there is "redirect_port udp" configured to forward incoming traffic for specific port to some internal address. Such a rule creates partially specified permanent link. After first such incoming packet libalias creates new fully specified temporary LINK_UDP with default timeout of 60 seconds. Also, in case of low traffic libalias may assign "timestamp" for this new temporary link way in the past because LibAliasTime is updated seldom and can keep old value for tens of seconds, and it will be used for the temporary link. It may happen that next incoming packet for redirected port passed to _FindLinkIn() results in a call to UseLink() that returns NULL due to detected expiration. Immediate return of NULL results in broken translation: either a packet is dropped (deny_incoming mode) or delivered to original destination address instead of internal one. Fix it with additional check for NULL to proceed with a search for original partially specified link. In case of UDP, it also recreates temporary fully specified link with a call to ReLink(). Practical examples are "redirect_port udp" rules for unidirectional SYSLOG protocol (port 514) or some low volume VPN encapsulated in UDP. Thanks to Peter Much for initial analysis and first version of a patch. Reported by: Peter Much PR: 269770 (cherry picked from commit 8132e959099f0c533f698d8fbc17386f9144432f) (cherry picked from commit e5b85380836378c9e321a4e6d300591e6faf622a) --- sys/netinet/libalias/alias_db.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/sys/netinet/libalias/alias_db.c b/sys/netinet/libalias/alias_db.c index ed222c4133d4..e38186d2d696 100644 --- a/sys/netinet/libalias/alias_db.c +++ b/sys/netinet/libalias/alias_db.c @@ -870,8 +870,18 @@ _FindLinkIn(struct libalias *la, struct in_addr dst_addr, case 0: LIST_FOREACH(lnk, &grp->full, all.in) { if (lnk->dst_addr.s_addr == dst_addr.s_addr && - lnk->dst_port == dst_port) - return (UseLink(la, lnk)); + lnk->dst_port == dst_port) { + struct alias_link *found; + + found = UseLink(la, lnk); + if (found != NULL) + return (found); + /* link expired */ + grp = StartPointIn(la, alias_addr, alias_port, link_type, 0); + if (grp == NULL) + return (NULL); + break; + } } break; case LINK_UNKNOWN_DEST_PORT: