Date: Mon, 26 Sep 2022 09:55:43 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 266598] if_ovpn(4) DCO module not supporting correctly IPv6 Traffic Class for tunneled packets Message-ID: <bug-266598-227-yErVUwg3bI@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-266598-227@https.bugs.freebsd.org/bugzilla/> References: <bug-266598-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D266598 --- Comment #11 from Kristof Provost <kp@freebsd.org> --- (In reply to Kristof Provost from comment #10) I suspect I found it: diff --git a/sys/net/if_ovpn.c b/sys/net/if_ovpn.c index 286125fb42d5..0577fcee8618 100644 --- a/sys/net/if_ovpn.c +++ b/sys/net/if_ovpn.c @@ -1572,7 +1581,7 @@ ovpn_get_af(struct mbuf *m) return (AF_INET); ip6 =3D mtod(m, struct ip6_hdr *); - if (ip6->ip6_vfc =3D=3D IPV6_VERSION) + if ((ip6->ip6_vfc & IPV6_VERSION_MASK) =3D=3D IPV6_VERSION) return (AF_INET6); return (0); The check for 'what IP version is this packet?' didn't account for the ToS field sharing bits with the IP version field. We didn't see the outgoing pa= cket in tcpdump, because the BPF capture point (for outbound traffic) is conditi= onal on the address family (in part to avoid capturing control packets, in part because the capture point needs to know). On the receive side the packet gets decrypted, but not passed to the IP sta= ck, because we don't know where to send it (i.e. v4 or v6). Small fix for a bigger issue. I'll also extend the FreeBSD if_ovpn tests to include packets with the ToS = bits set. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-266598-227-yErVUwg3bI>