Date: Mon, 16 Dec 2002 21:45:08 +0100 From: Vincent Jardin <vjardin@wanadoo.fr> To: freebsd-net@freebsd.org Subject: Recursive encapsulation could panic the Kernel Message-ID: <3DF62DBD0032C2ED@mel-rta6.wanadoo.fr> (added by postmaster@wanadoo.fr)
next in thread | raw e-mail | index | archive | help
Hi,
With FreeBSD, there are many ways to create a recursive local encapsulation
loop within the IPv4 and IPv6 stack. For example, this problem shows up when :
- Netgraph with pptp is used or Netgraph with an ng_iface over UDP or any
more complex Netgraph topologies...
- gre interfaces
- gif tunnels
- ...
There is a simple local solution that is used by gif_output() that is not
protected by any mutex:
/*
* gif may cause infinite recursion calls when misconfigured.
* We'll prevent this by introducing upper limit.
* XXX: this mechanism may introduce another problem about
* mutual exclusion of the variable CALLED, especially if we
* use kernel thread.
*/
if (++called > max_gif_nesting) {
log(LOG_NOTICE,
"gif_output: recursively called too many times(%d)\n",
called);
m_freem(m);
error = EIO; /* is there better errno? */
goto end;
}
I am wondering if a more generic solution could be found, however I do not
have any idea yet ;-(
I mean, is it possible to protect the kernel against any panic that could
come from a mis-configuration of the routing tables ?
Regards,
Vincent
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DF62DBD0032C2ED>