From nobody Mon May 13 10:11:32 2024
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VdFdK1qrFz5Kfl6;
	Mon, 13 May 2024 10:11:33 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VdFdK1JlGz4hQL;
	Mon, 13 May 2024 10:11:33 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1715595093;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=d1rLutOeGuxEY4SFsvWXYVk/CKw/D5o2XEsEOIpTPDY=;
	b=UXoy8Fyu6MAlXgguSXhhnDNlJuT8LQGvpT96zKHSz//55pyKR+8mW0KZ9dfrAFRxIgcR4E
	nsM8xkMY4xVWzSp754ieQ8CFgLCp2GOhYt94Hy71x1efnBRl+L9bApUaB19HONRx6vuAs7
	jr8nBJQtNaZsclLn/GXR8HPkdHQr45QbWvrveE1FYe5whLh5O6nIicC6nCko/44VokavBC
	2wDOdQA4UGeFSRxiLVtyyEUj6aXGVKospMXEfv+O771h+mSRvu39E7sXQlVhhcafN0hnTP
	6zIPkliLFC0AHJbXd3ARK2mYO3PCePNj9ynhUTEpCreGbCRjhDa4K7WAPb3CYg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1715595093; a=rsa-sha256; cv=none;
	b=U3QgeJYWOU8h1/4LLHPlJGrpZb4dO80x2grdCjxT41zuPXQIcl6MbgEWzdH6+x+5zgF55g
	pEuF8AImo1gPmneoLmkG5SrXcz+8SGxEfBMFedUy4ddGwdrWIOAe8vXKuBiuKtQNhu5B8T
	J5+JvdKA6pUvF33D+BrfyZ2zPoonD4+eWTo954FSNDkdbatTyGebNx117xMZQN0xLkcWqM
	6CYWvJHECngccOTyXoX84IPxr+Wkk5PLY37DWYDkEYWTHghoXULGPJriYcfid7rpVxCnkD
	6gVR/MJ8Z6uPXiawUC5QxBOiwGislkElvfAQLyWYexCEwCNW6L5LbSZd1RAGMg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1715595093;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=d1rLutOeGuxEY4SFsvWXYVk/CKw/D5o2XEsEOIpTPDY=;
	b=NO7fEN9NcPFMhWIKWYZOKQBtzTavW42XQ5OTDJ6FQNA73svdzW9JdiG1/UWj1mM2YoYs0T
	FNsaCdHQJqb6GJneAGf9GrfJtWt4jk6bkeX6uVtsOZZdQC/sJUikQELFgEqAdHANxzz7XV
	ysfO9kqGUfpMrqC8wUZiZy95CBPzIEpnfAd8jrEbShxjXHMFeyDO1WTOK/0fo0XsycjzLM
	kAoAoFJTCV2FGK0q9ucgrLwectS8ES81OsiNFy9Wx53HKffwUlTfmuDfM+pOW1oNdYdSxn
	QshyBQt9GxZ/q/RA+JJ5p50h3JwRcLzbByVSkhgCJg+cQH77skoWO4WHPGzk8g==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4VdFdK0c9Jzk1Z;
	Mon, 13 May 2024 10:11:33 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 44DABWwe068046;
	Mon, 13 May 2024 10:11:32 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 44DABWSI068043;
	Mon, 13 May 2024 10:11:32 GMT
	(envelope-from git)
Date: Mon, 13 May 2024 10:11:32 GMT
Message-Id: <202405131011.44DABWSI068043@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: 59a6666ec91d - main - if_ovpn: cope with loops
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 59a6666ec91d71f97aaae5195bbfafd9d422db2e
Auto-Submitted: auto-generated

The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=59a6666ec91d71f97aaae5195bbfafd9d422db2e

commit 59a6666ec91d71f97aaae5195bbfafd9d422db2e
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2024-05-13 10:06:47 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2024-05-13 10:11:06 +0000

    if_ovpn: cope with loops
    
    User misconfiguration may lead to routing loops where we try to send the tunnel
    packet into the tunnel. This eventually leads to stack overflows and panics.
    
    Avoid this using if_tunnel_check_nesting(), which will drop the packet if we're
    looping or we hit three layers of nested tunnels.
    
    MFC after:      1 week
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sys/net/if_ovpn.c                | 9 +++++++++
 tests/sys/net/if_ovpn/if_ovpn.sh | 8 ++++++++
 2 files changed, 17 insertions(+)

diff --git a/sys/net/if_ovpn.c b/sys/net/if_ovpn.c
index fb9596069101..f6f640a65f61 100644
--- a/sys/net/if_ovpn.c
+++ b/sys/net/if_ovpn.c
@@ -255,6 +255,7 @@ static const char ovpnname[] = "ovpn";
 static const char ovpngroupname[] = "openvpn";
 
 static MALLOC_DEFINE(M_OVPN, ovpnname, "OpenVPN DCO Interface");
+#define	MTAG_OVPN_LOOP		0x6f76706e /* ovpn */
 
 SYSCTL_DECL(_net_link);
 static SYSCTL_NODE(_net_link, IFT_OTHER, openvpn, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
@@ -1854,6 +1855,14 @@ ovpn_transmit_to_peer(struct ifnet *ifp, struct mbuf *m,
 	if (af != 0)
 		BPF_MTAP2(ifp, &af, sizeof(af), m);
 
+	if (__predict_false(if_tunnel_check_nesting(ifp, m, MTAG_OVPN_LOOP, 3))) {
+		if (_ovpn_lock_trackerp != NULL)
+			OVPN_RUNLOCK(sc);
+		OVPN_COUNTER_ADD(sc, lost_data_pkts_out, 1);
+		m_freem(m);
+		return (ELOOP);
+	}
+
 	len = m->m_pkthdr.len;
 	MPASS(len <= ifp->if_mtu);
 
diff --git a/tests/sys/net/if_ovpn/if_ovpn.sh b/tests/sys/net/if_ovpn/if_ovpn.sh
index 0ec2563cf355..22da82312dbc 100644
--- a/tests/sys/net/if_ovpn/if_ovpn.sh
+++ b/tests/sys/net/if_ovpn/if_ovpn.sh
@@ -95,6 +95,10 @@ atf_test_case "4in4" "cleanup"
 
 	echo 'foo' | jexec b nc -u -w 2 192.0.2.1 1194
 	atf_check -s exit:0 -o ignore jexec b ping -c 3 198.51.100.1
+
+	# Test routing loop protection
+	jexec b route add 192.0.2.1 198.51.100.1
+	atf_check -s exit:2 -o ignore jexec b ping -t 1 -c 1 198.51.100.1
 }
 
 4in4_cleanup()
@@ -404,6 +408,10 @@ atf_test_case "6in6" "cleanup"
 
 	atf_check -s exit:0 -o ignore jexec b ping6 -c 3 2001:db8:1::1
 	atf_check -s exit:0 -o ignore jexec b ping6 -c 3 -z 16 2001:db8:1::1
+
+	# Test routing loop protection
+	jexec b route add -6 2001:db8::1 2001:db8:1::1
+	atf_check -s exit:2 -o ignore jexec b ping6 -t 1 -c 3 2001:db8:1::1
 }
 
 6in6_cleanup()