From nobody Wed Sep 21 19:45:18 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4MXpmG6xXFz4dMsM; Wed, 21 Sep 2022 19:45:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4MXpmG6PHYz3h7j; Wed, 21 Sep 2022 19:45:18 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1663789518; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=wwqRzHQ722m8enJ4VseL3kVPpYfHjmoW1+U99/HrLn4=; b=EGNimo580Nk+nSTwiYvUht6VrgVUSTCzXkqS8beyathE+21JGPFUybW7qMHmfM9s4okPoq HiFLsUm3lvQK57QZB/+cJl+vndER7sGfmWqjweZHkCeTUZKnWJwV6zlgEOBH0PfBRK3LHr g+uFhkaMzETWkLwrchvJ6UBQtgi1o383MzqDCL5sSarQXHH3w/15yu0Qoo0hGzXkQek5JK jvYtAePNb/+/STj3ju9Qqf8qiAboVgPIASV8aUTb1qiR3jkdR9nsTsNPUCU/pHXG6P7eXE Kw1rN6dN/X+NL9xrrMc3t96zW0GXwTsGLcfspc5esNhnzPuKggL5BkLk+SIVyg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4MXpmG5R4Vz199q; Wed, 21 Sep 2022 19:45:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 28LJjIcO024570; Wed, 21 Sep 2022 19:45:18 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 28LJjI0C024569; Wed, 21 Sep 2022 19:45:18 GMT (envelope-from git) Date: Wed, 21 Sep 2022 19:45:18 GMT Message-Id: <202209211945.28LJjI0C024569@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 9dfbbc919fd7 - main - if_ovpn: remove incorrect rounding up of packet sizes List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 9dfbbc919fd768cff8079af1e458d2c5d5211690 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1663789518; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=wwqRzHQ722m8enJ4VseL3kVPpYfHjmoW1+U99/HrLn4=; b=KFKnLLri0JQ29l6E95wI5sCLtO7OWYTTrUusANZuzzTg90nlO0SKQHsomcQPiG1VGWbfzh W+1fM7QGzP9IrDi9pHRlRiC9R+7zqi3bVTuZEG17sQ6yjyXNuo6XFcbA+ExT6ipzDy2G0r IlxsDKrYF8S7qXTbu1kif9suAmT+jnxiQqZtWG7CZGlAqx2eEUDxdv87CVD6D1QqelQTLE /WRB9fmBM2HYNj3waGnPl8O8b6O0nXvptL8dr2nvapxlJxzhmUwsNJ+AClDOPybv5BJwpM QEIw6h46Fv7XSmmJccws9d41XRWA+Tn1bdlqPTTfKfvXrhpkyy2PdCBwfkl0vQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1663789518; a=rsa-sha256; cv=none; b=TWIvqZ3cQ4D2CWiP9M9caIMHMR8ScZi0uEgvNgO/qMqWTZwWj2FVS0nUim/N14dTA5EVsJ 4AcF6n+k2dwMc4pD9JKX09VKCPi7UB+WWfEaeKU5K+5Pbm8q2Y2A5fLvo2TaLkyrujxkfo yHa2tMk3IXZKRXDtqKA1WHDSLxKxlye4beWT6yaX9OmvWjLAbbNjpNrPE+maYSVONGdrpf JTbiMrc81HFF+wsSecFO1/8dpYR2+zQLdHRgip+Ftde+mefG4vGmcsaisVOK47UjGK3n27 ml+wbWGYAMTtX6CMqokzs0/YMjzCtmXmJuOFeBj0F2r8n4QDIMAtIe0ET/iLSg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=9dfbbc919fd768cff8079af1e458d2c5d5211690 commit 9dfbbc919fd768cff8079af1e458d2c5d5211690 Author: Kristof Provost AuthorDate: 2022-09-21 10:17:34 +0000 Commit: Kristof Provost CommitDate: 2022-09-21 19:44:59 +0000 if_ovpn: remove incorrect rounding up of packet sizes The ciphers used by OpenVPN (DCO) do not require data to be block-sized. Do not round up to AES_BLOCK_LEN, as this can lead to issues with fragmented packets. Reported by: Gert Doering Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/net/if_ovpn.c | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/sys/net/if_ovpn.c b/sys/net/if_ovpn.c index 9e0829d996ce..e2b8322d6df5 100644 --- a/sys/net/if_ovpn.c +++ b/sys/net/if_ovpn.c @@ -1557,8 +1557,6 @@ ovpn_decrypt_rx_cb(struct cryptop *crp) return (0); } -static uint8_t EMPTY_BUFFER[AES_BLOCK_LEN]; - static int ovpn_get_af(struct mbuf *m) { @@ -1729,7 +1727,7 @@ ovpn_transmit_to_peer(struct ifnet *ifp, struct mbuf *m, struct ovpn_softc *sc; struct cryptop *crp; uint32_t af, seq; - size_t len, real_len, ovpn_hdr_len; + size_t len, ovpn_hdr_len; int tunnel_len; int ret; @@ -1752,19 +1750,12 @@ ovpn_transmit_to_peer(struct ifnet *ifp, struct mbuf *m, if (af != 0) BPF_MTAP2(ifp, &af, sizeof(af), m); - real_len = len = m->m_pkthdr.len; - MPASS(real_len <= ifp->if_mtu); + len = m->m_pkthdr.len; + MPASS(len <= ifp->if_mtu); ovpn_hdr_len = sizeof(struct ovpn_wire_header); if (key->encrypt->cipher == OVPN_CIPHER_ALG_NONE) ovpn_hdr_len -= 16; /* No auth tag. */ - else { - /* Round up the len to a multiple of our block size. */ - len = roundup2(real_len, AES_BLOCK_LEN); - - /* Now extend the mbuf. */ - m_append(m, len - real_len, EMPTY_BUFFER); - } M_PREPEND(m, ovpn_hdr_len, M_NOWAIT); if (m == NULL) {