git: 76e1c9c67104 - main - if_ovpn: fix address family check when traffic class bits are set
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 26 Sep 2022 11:55:11 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=76e1c9c671043e08bdd951ae6c768b541fdede19
commit 76e1c9c671043e08bdd951ae6c768b541fdede19
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2022-09-26 09:58:51 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2022-09-26 11:54:20 +0000
if_ovpn: fix address family check when traffic class bits are set
When the tunneled (IPv6) traffic had traffic class bits set (but only >=
16) the packet got lost on the receive side.
This happened because the address family check in ovpn_get_af() failed
to mask correctly, so the version check didn't match, causing us to drop
the packet.
While here also extend the existing 6-in-6 test case to trigger this
issue.
PR: 266598
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sys/net/if_ovpn.c | 2 +-
tests/sys/net/if_ovpn/if_ovpn.sh | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/sys/net/if_ovpn.c b/sys/net/if_ovpn.c
index 286125fb42d5..ed0ff178972f 100644
--- a/sys/net/if_ovpn.c
+++ b/sys/net/if_ovpn.c
@@ -1572,7 +1572,7 @@ ovpn_get_af(struct mbuf *m)
return (AF_INET);
ip6 = mtod(m, struct ip6_hdr *);
- if (ip6->ip6_vfc == IPV6_VERSION)
+ if ((ip6->ip6_vfc & IPV6_VERSION_MASK) == IPV6_VERSION)
return (AF_INET6);
return (0);
diff --git a/tests/sys/net/if_ovpn/if_ovpn.sh b/tests/sys/net/if_ovpn/if_ovpn.sh
index 024f2488c951..bc1d3a85c987 100644
--- a/tests/sys/net/if_ovpn/if_ovpn.sh
+++ b/tests/sys/net/if_ovpn/if_ovpn.sh
@@ -383,6 +383,7 @@ atf_test_case "6in6" "cleanup"
sleep 10
atf_check -s exit:0 -o ignore jexec b ping6 -c 3 2001:db8:1::1
+ atf_check -s exit:0 -o ignore jexec b ping6 -c 3 -z 16 2001:db8:1::1
}
6in6_cleanup()