On 12/16/2002 9:45 PM, Vincent Jardin wrote:
With FreeBSD, there are many ways to create a recursive local encapsulation loop within the IPv4 and IPv6 stack.
...
There is a simple local solution that is used by gif_output() that is not protected by any mutex:
..
if (++called > max_gif_nesting) {There are legitimate reasons for wanting recursive encapsulation, e.g. virtual networks inside virtual networks. (One man's bug is another man's feature...)
log(LOG_NOTICE,
"gif_output: recursively called too many times(%d)\n",
called);
m_freem(m);
error = EIO; /* is there better errno? */
goto end;
}
I am wondering if a more generic solution could be found, however I do not have any idea yet ;-(
Recursive encapsulation itself is actually fine: at some point you'll run out of packet space, and the packet is dropped.
The problem is with *implementing* recursive encapsulation recursively, as this can overflow the kernel stack and cause crashes. The fix that I'd prefer would prevent this stack overflow from happening, without limiting recursive encapsulation.
But I'd settle for any patch that comes with a knob to turn it off.
Lars
--
Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
