Hi,
With FreeBSD, there are many ways to create a recursive local encapsulation
loop within the IPv4 and IPv6 stack. For example, this problem shows up when :
- Netgraph with pptp is used or Netgraph with an ng_iface over UDP or any
more complex Netgraph topologies...
- gre interfaces
- gif tunnels
- ...
There is a simple local solution that is used by gif_output() that is not
protected by any mutex:
/*
* gif may cause infinite recursion calls when misconfigured.
* We'll prevent this by introducing upper limit.
* XXX: this mechanism may introduce another problem about
* mutual exclusion of the variable CALLED, especially if we
* use kernel thread.
*/
if (++called > max_gif_nesting) {
log(LOG_NOTICE,
"gif_output: recursively called too many times(%d)\n",
called);
m_freem(m);
error = EIO; /* is there better errno? */
goto end;
}
I am wondering if a more generic solution could be found, however I do not
have any idea yet ;-(
I mean, is it possible to protect the kernel against any panic that could
come from a mis-configuration of the routing tables ?
Regards,
Vincent
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
