From nobody Mon May 20 07:57:42 2024
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VjVKf55mkz5Jdf6;
	Mon, 20 May 2024 07:57:42 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VjVKf42jRz4gy8;
	Mon, 20 May 2024 07:57:42 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1716191862;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=7y/MgFo+4LG56nUH6PihukC4o58jRuYezxtPrJ5fg4w=;
	b=JIaBiocUGainJaJqt813mRzQiu0LFiHiKgQxs1V87OAf5BbxKauZ1twCu7P34vaBjMt+k9
	QFRXgK1VLqJX42PuVCafQRZ+2pX0ati9OeIp0VLVDvcmOX6nE1p0Rig8tKTR4VQF4LNsv/
	dPxZIX4T63lXgOikoNdT7OqZ1b7rZ9bymhl5KfgdGOlnFsU5mqxgwsvkQmnjvX7z2rIoin
	beSSoOqjfe3R+GDhEOLe7to7uvFM/8tbEeuqzwObxW3DL+s7IFBYv+yLXXwPup6RpxVMwF
	2sJMWrkNKSUwGIuNhKV3uWoyDf1qI5nrKOFGg5npiXGJULHlJalLlHHA9rn1LQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1716191862; a=rsa-sha256; cv=none;
	b=hc2BY75zvWZy3bT4pEFOV3xtDmeApLH1SYiHYANhWuHzYbgLQ7SCaokCBY7UX1rqs7vVXl
	X+YduUTRWyADwdKHxEpYeF4ih8Xg69bT6dCfdxnnIU6pPvjs2wYcPWeXK6fByZoXknXH2g
	XzpdNlRmNI656BAE6rU9EiAz6OZpaXjmoQZCAWk9YMKOYUpwXetNLaLNBkxYjHcFCo4iyJ
	R3ySkdp3vclW/TrFXF1up4rLIVvOa9XAey50bS4N+x1YZtkasYGxDfTztwGJFcWuSyjTdt
	sUu6jtJniKjDXKwYh3Vm85nkIKPiqE73zL8zWuaXwzMsyo3HwJm6C4PiQkrn8w==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1716191862;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=7y/MgFo+4LG56nUH6PihukC4o58jRuYezxtPrJ5fg4w=;
	b=MYywbFfZ4lF3m6XdLKw68ynE9lbvQqD1550NmOuIiIYWYSjJmyKsTfemGnS3zpBujfw0W7
	jih0pWJDv84yLCs5ggQcgs/Zj4VaMBkdnVEgXKOVJ6AGYjJw1XmBTcxNvcIJVSUi+7ZL8e
	jCPBXvrY9X8d9hb2KF/UMBCVNzAr3DI7vDhFLoJDX21OA3JTAz55RjjXWUmKjeLqyMdsES
	0K0cVAJFhKBrhZEoVnrdlj7QjR+/yv4v43SCdILqUTKgneFuJ83J936FeC9tIJq18X6LON
	/zzffLYBIC1+FWyjXzNy1RHojFraMzgpw9akxXk4czG3e3S/VHQmUWhz2j2jdw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4VjVKf3WG4zVyn;
	Mon, 20 May 2024 07:57:42 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 44K7vgSm070658;
	Mon, 20 May 2024 07:57:42 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 44K7vgxM070655;
	Mon, 20 May 2024 07:57:42 GMT
	(envelope-from git)
Date: Mon, 20 May 2024 07:57:42 GMT
Message-Id: <202405200757.44K7vgxM070655@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: 18c38eda39bb - stable/14 - if_ovpn: cope with loops
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 18c38eda39bb8162ddce9acc4de4d6e4bbf48ef0
Auto-Submitted: auto-generated

The branch stable/14 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=18c38eda39bb8162ddce9acc4de4d6e4bbf48ef0

commit 18c38eda39bb8162ddce9acc4de4d6e4bbf48ef0
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2024-05-13 10:06:47 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2024-05-20 07:39:52 +0000

    if_ovpn: cope with loops
    
    User misconfiguration may lead to routing loops where we try to send the tunnel
    packet into the tunnel. This eventually leads to stack overflows and panics.
    
    Avoid this using if_tunnel_check_nesting(), which will drop the packet if we're
    looping or we hit three layers of nested tunnels.
    
    MFC after:      1 week
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    
    (cherry picked from commit 59a6666ec91d71f97aaae5195bbfafd9d422db2e)
---
 sys/net/if_ovpn.c                | 9 +++++++++
 tests/sys/net/if_ovpn/if_ovpn.sh | 8 ++++++++
 2 files changed, 17 insertions(+)

diff --git a/sys/net/if_ovpn.c b/sys/net/if_ovpn.c
index 1b5d419fe58b..7af669c69511 100644
--- a/sys/net/if_ovpn.c
+++ b/sys/net/if_ovpn.c
@@ -255,6 +255,7 @@ static const char ovpnname[] = "ovpn";
 static const char ovpngroupname[] = "openvpn";
 
 static MALLOC_DEFINE(M_OVPN, ovpnname, "OpenVPN DCO Interface");
+#define	MTAG_OVPN_LOOP		0x6f76706e /* ovpn */
 
 SYSCTL_DECL(_net_link);
 static SYSCTL_NODE(_net_link, IFT_OTHER, openvpn, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
@@ -1858,6 +1859,14 @@ ovpn_transmit_to_peer(struct ifnet *ifp, struct mbuf *m,
 	if (af != 0)
 		BPF_MTAP2(ifp, &af, sizeof(af), m);
 
+	if (__predict_false(if_tunnel_check_nesting(ifp, m, MTAG_OVPN_LOOP, 3))) {
+		if (_ovpn_lock_trackerp != NULL)
+			OVPN_RUNLOCK(sc);
+		OVPN_COUNTER_ADD(sc, lost_data_pkts_out, 1);
+		m_freem(m);
+		return (ELOOP);
+	}
+
 	len = m->m_pkthdr.len;
 	MPASS(len <= ifp->if_mtu);
 
diff --git a/tests/sys/net/if_ovpn/if_ovpn.sh b/tests/sys/net/if_ovpn/if_ovpn.sh
index bbaffa0bce73..88df430aead6 100644
--- a/tests/sys/net/if_ovpn/if_ovpn.sh
+++ b/tests/sys/net/if_ovpn/if_ovpn.sh
@@ -95,6 +95,10 @@ atf_test_case "4in4" "cleanup"
 
 	echo 'foo' | jexec b nc -u -w 2 192.0.2.1 1194
 	atf_check -s exit:0 -o ignore jexec b ping -c 3 198.51.100.1
+
+	# Test routing loop protection
+	jexec b route add 192.0.2.1 198.51.100.1
+	atf_check -s exit:2 -o ignore jexec b ping -t 1 -c 1 198.51.100.1
 }
 
 4in4_cleanup()
@@ -386,6 +390,10 @@ atf_test_case "6in6" "cleanup"
 
 	atf_check -s exit:0 -o ignore jexec b ping6 -c 3 2001:db8:1::1
 	atf_check -s exit:0 -o ignore jexec b ping6 -c 3 -z 16 2001:db8:1::1
+
+	# Test routing loop protection
+	jexec b route add -6 2001:db8::1 2001:db8:1::1
+	atf_check -s exit:2 -o ignore jexec b ping6 -t 1 -c 3 2001:db8:1::1
 }
 
 6in6_cleanup()