From 68a8774ee4d6e1e161964462436d10779a2609c2 Mon Sep 17 00:00:00 2001
From: dlg <dlg@openbsd.org>
Date: Sat, 18 Nov 2023 00:23:38 +0000
Subject: [PATCH] ports specified on tunnel destination addresses are invalid.

---
 sys/net/if_vxlan.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/sys/net/if_vxlan.c b/sys/net/if_vxlan.c
index 156d1cba553..42d2347a87e 100644
--- a/sys/net/if_vxlan.c
+++ b/sys/net/if_vxlan.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_vxlan.c,v 1.94 2023/10/27 20:56:48 jan Exp $ */
+/*	$OpenBSD: if_vxlan.c,v 1.95 2023/11/18 00:23:38 dlg Exp $ */
 
 /*
  * Copyright (c) 2021 David Gwynne <dlg@openbsd.org>
@@ -1346,6 +1346,9 @@ vxlan_set_tunnel(struct vxlan_softc *sc, const struct if_laddrreq *req)
 			if (in_nullhost(dst4->sin_addr))
 				return (EINVAL);
 
+			if (dst4->sin_port != htons(0))
+				return (EINVAL);
+
 			/* all good */
 			mode = IN_MULTICAST(dst4->sin_addr.s_addr) ?
 			    VXLAN_TMODE_LEARNING : VXLAN_TMODE_P2P;
@@ -1376,6 +1379,9 @@ vxlan_set_tunnel(struct vxlan_softc *sc, const struct if_laddrreq *req)
 			if (src6->sin6_scope_id != dst6->sin6_scope_id)
 				return (EINVAL);
 
+			if (dst6->sin6_port != htons(0))
+				return (EINVAL);
+
 			/* all good */
 			mode = IN6_IS_ADDR_MULTICAST(&dst6->sin6_addr) ?
 			    VXLAN_TMODE_LEARNING : VXLAN_TMODE_P2P;
-- 
2.20.1