From nobody Tue Sep 03 11:13:37 2024
X-Original-To: net@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wyjfq5bTcz5MpDL
	for <net@mlmmj.nyi.freebsd.org>; Tue, 03 Sep 2024 11:13:39 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Wyjfq4Z3jz4L3Q
	for <net@FreeBSD.org>; Tue,  3 Sep 2024 11:13:39 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1725362019; a=rsa-sha256; cv=none;
	b=gRwZIAzQVK4YVU7RCtX+13gw8OpFybfvwqD1Ix9s1uDAhrXhagStSl5d5IMPexFXlsof6N
	Q4xkw/aQpHkz60j/gwyCbznR4QzHz5tDmwmJ8S2zEKwhawlRYHusSM6MJMb7K7UXmFweGl
	waArErNSedcjpwtcAaiwcZ2ZWRgcY2za7LVLN1aNmwMc6bTmfDxDeTiOJpp48vT3N1kmdi
	0Hp8KIM08bHKolQCtujXOAqOyFnA6ZmSugHh+6sNzqyxuFQoTS8WmKDqQS8ibE6c+tW4vm
	O17nwxI9KB0hozxydmt1P+3kPciY5z7oyR+gfuObaY+kysKjS84B2Aby621FEQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1725362019;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=Ytr0X/dZId1y7f4gn/Nfr5d9ABwtsmfZO9yPPQ8n6Tk=;
	b=I+ECwdjl0vR+/DWiM8P1QAvEtBWfkpus5vaLcmgiNoiO8pxK0npYArW1PbqDMhsPA2TNHy
	ZMMXkq4xn4r9yd585p/Bcjkw8Qrt1NFQ0QZALKViwOdwSl6HzPU1GTZGufIdE8HVFojXvQ
	g0iSH1rFz3noo+xXfucr4cs237Gbju7Eyq1ceuZaUI+dAjuxWaM+4WlQdxfYhQ64UGFNjT
	FOOFqml/z9sQJUU7vOjEaeqQd6923aXtSqWbVMs0iVaSt0J4iHxoKZnQnMgmI57ZljPzHV
	D3VAq3QrBmX+rArSPLAzCKKgXtqAn0HcrmQl/gmyV6sWyEMzxRnO0zx0s8vfiA==
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wyjfq48KKzf3Q
	for <net@FreeBSD.org>; Tue,  3 Sep 2024 11:13:39 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 483BDd7R001103
	for <net@FreeBSD.org>; Tue, 3 Sep 2024 11:13:39 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 483BDdQJ001101
	for net@FreeBSD.org; Tue, 3 Sep 2024 11:13:39 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: net@FreeBSD.org
Subject: [Bug 280036] Data corruption over if_ovpn (OpenVPN DCO) observed
Date: Tue, 03 Sep 2024 11:13:37 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 14.1-RELEASE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: zarychtam@plan-b.pwste.edu.pl
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: net@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-280036-7501-YJRTM4bQtY@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-280036-7501@https.bugs.freebsd.org/bugzilla/>
References: <bug-280036-7501@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-net
List-Help: <mailto:freebsd-net+help@freebsd.org>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Subscribe: <mailto:freebsd-net+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-net+unsubscribe@freebsd.org>
Sender: owner-freebsd-net@FreeBSD.org
MIME-Version: 1.0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280036

--- Comment #10 from Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> ---
While investigating the bug, I found that when ftpd(8) is serving a file fr=
om
the OpenVPN access server itself (from the ZFS filesystem in my case), the =
file
silently (apparently!) gets corrupted on that SERVER! To reproduce, connect
from another machine to the FTP server (running on OpenVPN access server)
offering read access to the file on the ZFS dataset and download the file a=
 few
times, checking if the checksum of the file served remains the same (see the
experiment below). In my case, the checksum of the file on the server chang=
ed
with each file access via ftpd(8), but only if it was served from the OpenV=
PN
access server and was accessed via the OpenVPN tunnel. When the file was
accessed by OpenVPN tunnel but, terminated on another access server (also
running FreeBSD and using OpenVPN DCO module!), everything was fine. Moreov=
er,
the file never got corrupted when the connection was using a Wireguard tunn=
el
terminated on the same machine or the connection was established without any
tunnelling.

1. CLient PC:
[homepc] /tmp% lftp ftp://somehost
lftp somehost:~> set xfer:clobber yes
lftp somehost:~> get file
81362184 bajty przes=C5=82ane w ci=C4=85gu 3 sekund (22.60 MiB/s)
lftp somehost:/> get file
81362184 bajty przes=C5=82ane w ci=C4=85gu 3 sekund (23.17 MiB/s)
lftp somehost:/> get file
81362184 bajty przes=C5=82ane w ci=C4=85gu 3 sekund (23.17 MiB/s)
lftp somehost:/>
(...)

2. FreeBSD OpenVPN access server and ftpd(8) server:
[somehost] ~ftp# stat file ; sha1sum file
0:13:54 2019" 131072 152537 0x800 file
589ca9781368ffd66f35394f3b7bf43ab9d98b33  file
[somehost] ~ftp# stat file ; sha1sum file
11075423362389754006 262491 -rw-rw-r-- 2 root wheel 0 81362184 "sty  1 01:0=
0:00
1970" "lip  8 10:13:54 2019" "sie 31 00:40:13 2024" "lip  8 1
0:13:54 2019" 131072 152537 0x800 file
05ba9b9a60df861887dcc690c1237998c1844180  file
[somehost] ~ftp# stat file ; sha1sum file
11075423362389754006 262491 -rw-rw-r-- 2 root wheel 0 81362184 "sty  1 01:0=
0:00
1970" "lip  8 10:13:54 2019" "sie 31 00:40:13 2024" "lip  8 1
0:13:54 2019" 131072 152537 0x800 file
d259dbd577c17b5ad7da0d1d0fa67f5564a68e72  file
[somehost] ~ftp# zpool scrub zroot
[somehost] ~ftp# zpool status
  pool: zroot
 state: ONLINE
  scan: scrub repaired 0B in 00:02:32 with 0 errors on Tue Sep  3 12:37:03 =
2024
config:

      NAME             STATE     READ WRITE CKSUM
      zroot            ONLINE       0     0     0
        gpt/ssdrootfs  ONLINE       0     0     0

errors: No known data errors
[somehost] ~ftp# stat file ; sha1sum file
11075423362389754006 262491 -rw-rw-r-- 2 root wheel 0 81362184 "sty  1 01:0=
0:00
1970" "lip  8 10:13:54 2019" "sie 31 00:40:13 2024" "lip  8 1
0:13:54 2019" 131072 152537 0x800 file
fdf68d23439f5a269850e71e1807ea8889a8ffd0  file
[somehost] ~ftp# stat file ; sha1sum file
11075423362389754006 262491 -rw-rw-r-- 2 root wheel 0 81362184 "sty  1 01:0=
0:00
1970" "lip  8 10:13:54 2019" "sie 31 00:40:13 2024" "lip  8 1
0:13:54 2019" 131072 152537 0x800 file
7674bcd2cbfdff3c5455e287c609b3364c311914  file

--=20
You are receiving this mail because:
You are the assignee for the bug.=