Date: Thu, 18 Dec 2003 08:38:35 -0800 (PST) From: Yar Tikhiy <yar@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/netgraph ng_pppoe.c Message-ID: <200312181638.hBIGcZjn096670@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
yar 2003/12/18 08:38:35 PST
FreeBSD src repository
Modified files:
sys/netgraph ng_pppoe.c
Log:
There are two modes of ng_pppoe operation, standard and
nonstandard. They differ in the values of certain fields in
the PPPoE frame. Previously, ng_pppoe would start in standard
mode, yet switch to nonstandard one upon reception of a single
nonstandard frame. After having done so, ng_pppoe would be unable
to interact with standard PPPoE peers. Thus, a DoS condition
existed that could be triggered by a buggy peer or malicious party.
Since few people have expressed their displeasure WRT this problem,
the default operation of ng_pppoe is left untouched for now. However,
a new value for the sysctl net.graph.nonstandard_pppoe is introduced,
-1, which will force ng_pppoe stay in standard mode regardless of any
bogus frames floating around.
PR: kern/47920
Submitted by: Gleb Smirnoff <glebius <at> cell.sick.ru>
MFC after: 1 week
Revision Changes Path
1.59 +38 -11 src/sys/netgraph/ng_pppoe.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200312181638.hBIGcZjn096670>