On Thu, Jul 25, 2019 at 12:40:22PM +0000, [email protected] wrote:
> # Which results in the following error as can be seen in this screenshot:
> http://gw.nullbyte.se/dump/openbsd/openbsd_65_gre_panic.PNG
>
> >Fix:
> # Make sure the 'tunnel' statement is before the inet/inet6 commands
The inet6 duplicate address detection packet is sent before the
tunnel is set up. We should reject packets during that time window.
While there, count errors and use generic unhandled_af().
ok?
bluhm
Index: net/if_gre.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/net/if_gre.c,v
retrieving revision 1.151
diff -u -p -r1.151 if_gre.c
--- net/if_gre.c 17 Jul 2019 16:46:17 -0000 1.151
+++ net/if_gre.c 25 Jul 2019 19:03:45 -0000
@@ -1930,8 +1930,10 @@ mgre_output(struct ifnet *ifp, struct mb
}
m = gre_l3_encap_dst(&sc->sc_tunnel, addr, m, dest->sa_family);
- if (m == NULL)
+ if (m == NULL) {
+ ifp->if_oerrors++;
return (ENOBUFS);
+ }
m->m_pkthdr.ph_family = dest->sa_family;
@@ -2142,6 +2144,10 @@ gre_encap_dst_ip(const struct gre_tunnel
struct mbuf *m, uint8_t ttl, uint8_t tos)
{
switch (tunnel->t_af) {
+ case AF_UNSPEC:
+ /* packets may arrive before tunnel is set up */
+ m_freem(m);
+ return (NULL);
case AF_INET: {
struct ip *ip;
@@ -2188,8 +2194,7 @@ gre_encap_dst_ip(const struct gre_tunnel
}
#endif /* INET6 */
default:
- panic("%s: unsupported af %d in %p", __func__, tunnel->t_af,
- tunnel);
+ unhandled_af(tunnel->t_af);
}
return (m);
@@ -2215,8 +2220,7 @@ gre_ip_output(const struct gre_tunnel *t
break;
#endif
default:
- panic("%s: unsupported af %d in %p", __func__, tunnel->t_af,
- tunnel);
+ unhandled_af(tunnel->t_af);
}
return (0);
@@ -4286,7 +4290,7 @@ gre_ip_cmp(int af, const union gre_addr
case AF_INET:
return (memcmp(&a->in4, &b->in4, sizeof(a->in4)));
default:
- panic("%s: unsupported af %d\n", __func__, af);
+ unhandled_af(af);
}
return (0);
