From nobody Tue Aug 22 18:30:36 2023 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RVdFS68Qzz4qFyk; Tue, 22 Aug 2023 18:30:36 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RVdFS5gBnz3SG9; Tue, 22 Aug 2023 18:30:36 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1692729036; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=tigp06aaeQQsYRsx5iDJc3vTvCFr9FjLw1WxI/wmrBI=; b=Hz/DgqVuBRCtICjZzJzOt6tLhRVbFDo949o4KAoEpv7/fmaLCsfrUpTjTs7uoz52AlJGyR VO4sv8pJMW26V8p8stA5AVEJEo61tuQt4QHmnFNCokVaSnYK7j5ZfTBiOFAC8yOKIyIpUQ ozFzz+abWALw3thzj9+gwK/Z5ep+64sR/ouwZbGjytDaVxEVyo3MYjr909EjCjyyrXBn4J 8e7EsLhUxxUp4ksPXUi4FdbKRQJYbYoBTakTPyCIuDrYRSLcUrhNkx4LeUext49CqptZ7t Namj9sTMM3N9bRTVob1DTtLoO0NN2hJ5r8iNC14lg0QnxlMtrRnZNhp7hL7Njw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1692729036; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=tigp06aaeQQsYRsx5iDJc3vTvCFr9FjLw1WxI/wmrBI=; b=C/N8JHQhP28j6OPzfJW2wEE9enmKeVV+aj65aafJzqJDv+xWdOwLYc0cFC9xwDKiAHrd9x 6+hvteOA3uWYG8/5mwTwdcBL0jjsW0bF1DMC27bgq4VLOaA+YInqtK8/yPx/VAWlysetwd +tS1KGd2gneq1rYqH08TUPkNml5PdtT6vj5MFk/erXDMIAcZPogIgeBVQD46ZRKG8VRQJi wu52PO8cd0e/S74kOUCa4afg0uLRxnw+2pNzfiHRcSNmESvIA5444Wb6Vwm9sw14vnyn1n iehB4gDQ5yDb59D4cHVYyhsC6E4uM+gKusZGGfAkkIoYbId2CPV+lECkKMTbxA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1692729036; a=rsa-sha256; cv=none; b=babWuoy7ns22RaThiGFrevLy+2I+uT3g6Cq5705wytmB+uhI34TNNfhwBDm0Tf9JSR8uSV +W0pCHCEEb/dCZqR2eAGHJ43qj/an0sS2bBBKVPFOKbPa2Bzn0cheES/7IpvjccGtgbpNa 7/jLSi+WANwd0/ns80kxLoe3dKeOy5OnJ/phOL6RXtO9cu71A1wbpUsS1mhCVpu3GQzvAa 5e3hVInR98AEPZme4H9JtwETF/feBk5xEGufRtCH5vHBEdeeY2xJTehaKqne9Bja4KCnGl mjkVv8rBxaVDFuDUT20rI4YxVdqMhl4nrsJjrycaEWYhD56rrfxS7tITNAWVVQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RVdFS4mm3zDk; Tue, 22 Aug 2023 18:30:36 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 37MIUaUD027154; Tue, 22 Aug 2023 18:30:36 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 37MIUa2Y027151; Tue, 22 Aug 2023 18:30:36 GMT (envelope-from git) Date: Tue, 22 Aug 2023 18:30:36 GMT Message-Id: <202308221830.37MIUa2Y027151@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 949491f2a639 - main - if_ovpn: clear mbuf flags on rx List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 949491f2a6397f2514f8fcde1c7dc61bd82f201a Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=949491f2a6397f2514f8fcde1c7dc61bd82f201a commit 949491f2a6397f2514f8fcde1c7dc61bd82f201a Author: Kristof Provost AuthorDate: 2023-08-22 15:39:02 +0000 Commit: Kristof Provost CommitDate: 2023-08-22 18:30:11 +0000 if_ovpn: clear mbuf flags on rx When we receive a packet and remove the encapsulating layer we should also clear out protocol flags and any mbuf tags. If we do not we risk confusing firewalls filtering the tunneled packet. See also: https://redmine.pfsense.org/issues/14682#change-69073 Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/net/if_ovpn.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sys/net/if_ovpn.c b/sys/net/if_ovpn.c index a05b06f090e3..1b5d419fe58b 100644 --- a/sys/net/if_ovpn.c +++ b/sys/net/if_ovpn.c @@ -1548,6 +1548,10 @@ ovpn_finish_rx(struct ovpn_softc *sc, struct mbuf *m, /* Clear checksum flags in case the real hardware set them. */ m->m_pkthdr.csum_flags = 0; + /* Clear mbuf tags & flags */ + m_tag_delete_nonpersistent(m); + m_clrprotoflags(m); + /* Ensure we can read the first byte. */ m = m_pullup(m, 1); if (m == NULL) {