git: 513f2e2e7180 - main - tcp: always set tcp_tun_port to a correct value
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 19 Dec 2023 19:24:55 UTC
The branch main has been updated by glebius: URL: https://cgit.FreeBSD.org/src/commit/?id=513f2e2e7180202167ca2963d815d2a4c3ac0af9 commit 513f2e2e7180202167ca2963d815d2a4c3ac0af9 Author: Gleb Smirnoff <glebius@FreeBSD.org> AuthorDate: 2023-12-19 19:24:17 +0000 Commit: Gleb Smirnoff <glebius@FreeBSD.org> CommitDate: 2023-12-19 19:24:17 +0000 tcp: always set tcp_tun_port to a correct value The tcp_tun_port field that is used to pass port value between UDP and TCP in case of tunneling is a generic field that used to pass data between network layers. It can be contaminated on entry, e.g. by a VLAN tag set by a NIC driver. Explicily set it, so that it is zeroed out in a normal not-tunneled TCP. If it contains garbage, tcp_twcheck() later can enter wrong block of code and treat the packet as incorrectly tunneled one. On main and stable/14 that will end up with sending incorrect responses, but on stable/13 with ipfw(8) and pcb-matching rules it may end up in a panic. This is a minimal conservative patch to be merged to stable branches. Later we may redesign this. PR: 275169 Reviewed by: tuexen Differential Revision: https://reviews.freebsd.org/D43065 --- sys/netinet/tcp_input.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 05f9a4a9726a..ab8fc4b4a3e4 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -633,6 +633,7 @@ tcp_input_with_port(struct mbuf **mp, int *offp, int proto, uint16_t port) to.to_flags = 0; TCPSTAT_INC(tcps_rcvtotal); + m->m_pkthdr.tcp_tun_port = port; #ifdef INET6 if (isipv6) { ip6 = mtod(m, struct ip6_hdr *);