upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-08 16:22:46 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

if_ovpn: fix address family check when traffic class bits are set

Browse source 
When the tunneled (IPv6) traffic had traffic class bits set (but only >=
16) the packet got lost on the receive side.

This happened because the address family check in ovpn_get_af() failed
to mask correctly, so the version check didn't match, causing us to drop
the packet.

While here also extend the existing 6-in-6 test case to trigger this
issue.

PR:		266598
Sponsored by:	Rubicon Communications, LLC ("Netgate")
This commit is contained in:
Kristof Provost 2022-09-26 11:58:51 +02:00
parent 0fdc247274
commit 76e1c9c671
2 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
sys/net/if_ovpn.c
View file

@ -1572,7 +1572,7 @@ ovpn_get_af(struct mbuf *m)
return (AF_INET);
ip6 = mtod(m, struct ip6_hdr *);
if (ip6->ip6_vfc == IPV6_VERSION)
if ((ip6->ip6_vfc & IPV6_VERSION_MASK) == IPV6_VERSION)
return (AF_INET6);
return (0);

1
tests/sys/net/if_ovpn/if_ovpn.sh
View file

@ -383,6 +383,7 @@ atf_test_case "6in6" "cleanup"
sleep 10
atf_check -s exit:0 -o ignore jexec b ping6 -c 3 2001:db8:1::1
atf_check -s exit:0 -o ignore jexec b ping6 -c 3 -z 16 2001:db8:1::1
}
6in6_cleanup()