Unfortunately, the problem was introduced by this commit :-) ----------
Author: mav Date: Sat Jan 31 12:48:09 2009 UTC (4 months, 4 weeks ago) Log Message: MFC rev. 187495 Check for infinite recursion possible on some broken PPTP/L2TP/... VPN setups. Mark packets with mbuf_tag on first interface passage and drop on second. PR: ports/129625, ports/125303 ---------- If a packet goes through two or more ng interfaces, "while" loop in the tag checking code can run infinitely. The attached patch should fix this. -- Mikolaj Golub
--- netgraph/ng_iface.c.orig 2009-06-30 21:47:54.000000000 +0300 +++ netgraph/ng_iface.c 2009-06-30 21:49:29.000000000 +0300 @@ -365,7 +365,8 @@ } /* Protect from deadly infinite recursion. */ - while ((mtag = m_tag_locate(m, MTAG_NGIF, MTAG_NGIF_CALLED, NULL))) { + mtag = NULL; + while ((mtag = m_tag_locate(m, MTAG_NGIF, MTAG_NGIF_CALLED, mtag))) { if (*(struct ifnet **)(mtag + 1) == ifp) { log(LOG_NOTICE, "Loop detected on %s\n", ifp->if_xname); m_freem(m);
_______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"