From owner-svn-src-stable-11@freebsd.org Fri Apr 21 16:45:44 2017 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D2538D484D3; Fri, 21 Apr 2017 16:45:44 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8AB0A1B79; Fri, 21 Apr 2017 16:45:44 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v3LGjhGZ090607; Fri, 21 Apr 2017 16:45:43 GMT (envelope-from ae@FreeBSD.org) Received: (from ae@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v3LGjhEt090606; Fri, 21 Apr 2017 16:45:43 GMT (envelope-from ae@FreeBSD.org) Message-Id: <201704211645.v3LGjhEt090606@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ae set sender to ae@FreeBSD.org using -f From: "Andrey V. Elsukov" Date: Fri, 21 Apr 2017 16:45:43 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r317258 - stable/11/sys/kern X-SVN-Group: stable-11 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Apr 2017 16:45:44 -0000 Author: ae Date: Fri Apr 21 16:45:43 2017 New Revision: 317258 URL: https://svnweb.freebsd.org/changeset/base/317258 Log: MFC r316770: Clear h/w csum flags on mbuf handled by UDP. When checksums of received IP and UDP header already checked, UDP uses sbappendaddr_locked() to pass received data to the socket. sbappendaddr_locked() uses given mbuf as is, and if NIC supports checksum offloading, mbuf contains csum_data and csum_flags that were calculated for already stripped headers. Some NICs support only limited checksums offloading and do not use CSUM_PSEUDO_HDR flag, and csum_data contains some value that UDP/TCP should use for pseudo header checksum calculation. When L2TP is used for tunneling with mpd5, ng_ksocket receives mbuf with filled csum_flags and csum_data, that were calculated for outer headers. When L2TP header is stripped, a packet that was tunneled goes to the IP layer and due to presence of csum_flags (without CSUM_PSEUDO_HDR) and csum_data, the UDP/TCP checksum check fails for this packet. Reported by: Irina Liakh Tested by: Irina Liakh MFC r316822,316823: Rework r316770 to make it protocol independent and general, like we do for streaming sockets. And do more cleanup in the sbappendaddr_locked_internal() to prevent leak information from existing mbuf to the one, that will be possible created later by netgraph. Suggested by: glebius Tested by: Irina Liakh Modified: stable/11/sys/kern/uipc_sockbuf.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/kern/uipc_sockbuf.c ============================================================================== --- stable/11/sys/kern/uipc_sockbuf.c Fri Apr 21 15:59:58 2017 (r317257) +++ stable/11/sys/kern/uipc_sockbuf.c Fri Apr 21 16:45:43 2017 (r317258) @@ -794,8 +794,20 @@ sbappendaddr_locked_internal(struct sock return (0); m->m_len = asa->sa_len; bcopy(asa, mtod(m, caddr_t), asa->sa_len); - if (m0) + if (m0) { m_clrprotoflags(m0); + m_tag_delete_chain(m0, NULL); + /* + * Clear some persistent info from pkthdr. + * We don't use m_demote(), because some netgraph consumers + * expect M_PKTHDR presence. + */ + m0->m_pkthdr.rcvif = NULL; + m0->m_pkthdr.flowid = 0; + m0->m_pkthdr.csum_flags = 0; + m0->m_pkthdr.fibnum = 0; + m0->m_pkthdr.rsstype = 0; + } if (ctrl_last) ctrl_last->m_next = m0; /* concatenate data to control */ else