[Bug 266598] if_ovpn(4) DCO module not supporting correctly IPv6 Traffic Class for tunneled packets

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 266598] if_ovpn(4) DCO module not supporting correctly IPv6 tunneling"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 26 Sep 2022 11:55:58 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266598

--- Comment #13 from commit-hook@FreeBSD.org ---
A commit in branch main references this bug:

URL:
https://cgit.FreeBSD.org/src/commit/?id=76e1c9c671043e08bdd951ae6c768b541fdede19

commit 76e1c9c671043e08bdd951ae6c768b541fdede19
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2022-09-26 09:58:51 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2022-09-26 11:54:20 +0000

    if_ovpn: fix address family check when traffic class bits are set

    When the tunneled (IPv6) traffic had traffic class bits set (but only >=
    16) the packet got lost on the receive side.

    This happened because the address family check in ovpn_get_af() failed
    to mask correctly, so the version check didn't match, causing us to drop
    the packet.

    While here also extend the existing 6-in-6 test case to trigger this
    issue.

    PR:             266598
    Sponsored by:   Rubicon Communications, LLC ("Netgate")

 sys/net/if_ovpn.c                | 2 +-
 tests/sys/net/if_ovpn/if_ovpn.sh | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

-- 
You are receiving this mail because:
You are the assignee for the bug.