Date: Tue, 17 Dec 2002 09:37:34 -0800 From: "Sam Leffler" <sam@errno.com> To: "Vincent Jardin" <vjardin@wanadoo.fr>, <freebsd-net@FreeBSD.ORG> Subject: Re: Recursive encapsulation could panic the Kernel Message-ID: <050301c2a5f2$fc52aae0$52557f42@errno.com> References: <3DF62DBD0032C2ED@mel-rta6.wanadoo.fr> (added by postmaster@wanadoo.fr)
next in thread | previous in thread | raw e-mail | index | archive | help
> With FreeBSD, there are many ways to create a recursive local
encapsulation
> loop within the IPv4 and IPv6 stack. For example, this problem shows up
when :
> - Netgraph with pptp is used or Netgraph with an ng_iface over UDP or
any
> more complex Netgraph topologies...
> - gre interfaces
> - gif tunnels
> - ...
>
> There is a simple local solution that is used by gif_output() that is not
> protected by any mutex:
> /*
> * gif may cause infinite recursion calls when misconfigured.
> * We'll prevent this by introducing upper limit.
> * XXX: this mechanism may introduce another problem about
> * mutual exclusion of the variable CALLED, especially if we
> * use kernel thread.
> */
> if (++called > max_gif_nesting) {
> log(LOG_NOTICE,
> "gif_output: recursively called too many times(%d)\n",
> called);
> m_freem(m);
> error = EIO; /* is there better errno? */
> goto end;
> }
>
> I am wondering if a more generic solution could be found, however I do not
> have any idea yet ;-(
> I mean, is it possible to protect the kernel against any panic that could
> come from a mis-configuration of the routing tables ?
In -current mbufs can be tagged (see m_tag* in sys/mbuf.h); this'll let you
do what you want. I've been slow to MFC them to -stable because there are
some issues with copying packet headers that I want to resolve first.
Sam
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?050301c2a5f2$fc52aae0$52557f42>