upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-03 22:02:58 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

if_ovpn: clear mbuf flags on rx

Browse source 
When we receive a packet and remove the encapsulating layer we should
also clear out protocol flags and any mbuf tags.

If we do not we risk confusing firewalls filtering the tunneled packet.

See also: 	https://redmine.pfsense.org/issues/14682#change-69073
Sponsored by:	Rubicon Communications, LLC ("Netgate")
This commit is contained in:
Kristof Provost 2023-08-22 17:39:02 +02:00
parent 9d6049d5da
commit 949491f2a6
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
sys/net/if_ovpn.c
View file

@ -1548,6 +1548,10 @@ ovpn_finish_rx(struct ovpn_softc *sc, struct mbuf *m,
/* Clear checksum flags in case the real hardware set them. */
m->m_pkthdr.csum_flags = 0;
/* Clear mbuf tags & flags */
m_tag_delete_nonpersistent(m);
m_clrprotoflags(m);
/* Ensure we can read the first byte. */
m = m_pullup(m, 1);
if (m == NULL) {