[Bug 280036] Data corruption over if_ovpn (OpenVPN DCO) observed

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 03 Sep 2024 11:13:37 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280036

--- Comment #10 from Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> ---
While investigating the bug, I found that when ftpd(8) is serving a file from
the OpenVPN access server itself (from the ZFS filesystem in my case), the file
silently (apparently!) gets corrupted on that SERVER! To reproduce, connect
from another machine to the FTP server (running on OpenVPN access server)
offering read access to the file on the ZFS dataset and download the file a few
times, checking if the checksum of the file served remains the same (see the
experiment below). In my case, the checksum of the file on the server changed
with each file access via ftpd(8), but only if it was served from the OpenVPN
access server and was accessed via the OpenVPN tunnel. When the file was
accessed by OpenVPN tunnel but, terminated on another access server (also
running FreeBSD and using OpenVPN DCO module!), everything was fine. Moreover,
the file never got corrupted when the connection was using a Wireguard tunnel
terminated on the same machine or the connection was established without any
tunnelling.

1. CLient PC:
[homepc] /tmp% lftp ftp://somehost
lftp somehost:~> set xfer:clobber yes
lftp somehost:~> get file
81362184 bajty przesłane w ciągu 3 sekund (22.60 MiB/s)
lftp somehost:/> get file
81362184 bajty przesłane w ciągu 3 sekund (23.17 MiB/s)
lftp somehost:/> get file
81362184 bajty przesłane w ciągu 3 sekund (23.17 MiB/s)
lftp somehost:/>
(...)

2. FreeBSD OpenVPN access server and ftpd(8) server:
[somehost] ~ftp# stat file ; sha1sum file
0:13:54 2019" 131072 152537 0x800 file
589ca9781368ffd66f35394f3b7bf43ab9d98b33  file
[somehost] ~ftp# stat file ; sha1sum file
11075423362389754006 262491 -rw-rw-r-- 2 root wheel 0 81362184 "sty  1 01:00:00
1970" "lip  8 10:13:54 2019" "sie 31 00:40:13 2024" "lip  8 1
0:13:54 2019" 131072 152537 0x800 file
05ba9b9a60df861887dcc690c1237998c1844180  file
[somehost] ~ftp# stat file ; sha1sum file
11075423362389754006 262491 -rw-rw-r-- 2 root wheel 0 81362184 "sty  1 01:00:00
1970" "lip  8 10:13:54 2019" "sie 31 00:40:13 2024" "lip  8 1
0:13:54 2019" 131072 152537 0x800 file
d259dbd577c17b5ad7da0d1d0fa67f5564a68e72  file
[somehost] ~ftp# zpool scrub zroot
[somehost] ~ftp# zpool status
  pool: zroot
 state: ONLINE
  scan: scrub repaired 0B in 00:02:32 with 0 errors on Tue Sep  3 12:37:03 2024
config:

      NAME             STATE     READ WRITE CKSUM
      zroot            ONLINE       0     0     0
        gpt/ssdrootfs  ONLINE       0     0     0

errors: No known data errors
[somehost] ~ftp# stat file ; sha1sum file
11075423362389754006 262491 -rw-rw-r-- 2 root wheel 0 81362184 "sty  1 01:00:00
1970" "lip  8 10:13:54 2019" "sie 31 00:40:13 2024" "lip  8 1
0:13:54 2019" 131072 152537 0x800 file
fdf68d23439f5a269850e71e1807ea8889a8ffd0  file
[somehost] ~ftp# stat file ; sha1sum file
11075423362389754006 262491 -rw-rw-r-- 2 root wheel 0 81362184 "sty  1 01:00:00
1970" "lip  8 10:13:54 2019" "sie 31 00:40:13 2024" "lip  8 1
0:13:54 2019" 131072 152537 0x800 file
7674bcd2cbfdff3c5455e287c609b3364c311914  file

-- 
You are receiving this mail because:
You are the assignee for the bug.