Unfortunately, the problem was introduced by this commit :-)
----------
Author: mav
Date: Sat Jan 31 12:48:09 2009 UTC (4 months, 4 weeks ago)
Log Message:
MFC rev. 187495
Check for infinite recursion possible on some broken PPTP/L2TP/... VPN setups.
Mark packets with mbuf_tag on first interface passage and drop on second.
PR: ports/129625, ports/125303
----------
If a packet goes through two or more ng interfaces, "while" loop in the tag
checking code can run infinitely. The attached patch should fix this.
--
Mikolaj Golub
--- netgraph/ng_iface.c.orig 2009-06-30 21:47:54.000000000 +0300
+++ netgraph/ng_iface.c 2009-06-30 21:49:29.000000000 +0300
@@ -365,7 +365,8 @@
}
/* Protect from deadly infinite recursion. */
- while ((mtag = m_tag_locate(m, MTAG_NGIF, MTAG_NGIF_CALLED, NULL))) {
+ mtag = NULL;
+ while ((mtag = m_tag_locate(m, MTAG_NGIF, MTAG_NGIF_CALLED, mtag))) {
if (*(struct ifnet **)(mtag + 1) == ifp) {
log(LOG_NOTICE, "Loop detected on %s\n", ifp->if_xname);
m_freem(m);
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
