CVSROOT: /cvs
Module name: src
Changes by: bl...@cvs.openbsd.org 2017/10/19 05:02:42
Modified files:
sys/net : if_loop.c
sys/sys : mbuf.h
Log message:
There was a possible stack overrun in the network since we had
removed some queueing. lo(4) output called the ip input routines
without a queue. So if a packet looped through the kernel, the
kernel stack filled up.
Use M_LOOP to find recursive calls to looutput(). This flag is set
when a packet goes through the loopback interface. Avoid an
additional queueing if the packet goes to lo(4) only once. As there
may be gif(4), bridge(4), pair(4), ipsec(4), rdomain(4), ... setups
that legitimately pass lo(4) more than once, use the interface input
queue for these cases.
Packets in the queue run through ip forward. There the TTL is
decremented and the packet is finally processed or dropped.
found by markus@; OK mpi@ sashan@
