Page MenuHomeFreeBSD
Differential D43065

tcp: always set tcp_tun_port to a correct value
ClosedPublic
Actions

Authored by glebius on Dec 14 2023, 4:28 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Nov 17, 6:30 AM
Unknown Object (File)
Mon, Nov 17, 5:43 AM
Unknown Object (File)
Wed, Nov 12, 11:48 PM
Unknown Object (File)
Thu, Nov 6, 12:26 AM
Unknown Object (File)
Mon, Nov 3, 8:36 PM
Unknown Object (File)
Mon, Nov 3, 8:28 PM
Unknown Object (File)
Mon, Nov 3, 8:28 PM
Unknown Object (File)
Mon, Nov 3, 8:27 PM
View All 78 Files
Subscribers
imp
melifaro

Details

Reviewers
rrs
tuexen
Group Reviewers
transport
Commits
rG7bad06cd0d8b: tcp: always set tcp_tun_port to a correct value
rG943814893bda: tcp: always set tcp_tun_port to a correct value
rG513f2e2e7180: tcp: always set tcp_tun_port to a correct value
Summary

The tcp_tun_port field that is used to pass port value between UDP
and TCP in case of tunneling is a generic field that used to pass
data between network layers. It can be contaminated on entry, e.g.
by a VLAN tag set by a NIC driver. Explicily set it, so that it
is zeroed out in a normal not-tunneled TCP. If it contains garbage,
tcp_twcheck() later can enter wrong block of code and treat the packet
as incorrectly tunneled one. On main and stable/14 that will end up
with sending incorrect responses, but on stable/13 with ipfw(8) and
pcb-matching rules it may end up in a panic.

This is a minimal conservative patch to be merged to stable branches.
Later we may redesign this.

PR: 275169

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 54953
Build 51842: arc lint + arc unit

Revision Contents
Changeset List

PathSize
sys/
netinet/
1 line

Diff 131446

View Options

sys/netinet/tcp_input.c

Loading...