From owner-freebsd-net@FreeBSD.ORG Tue Jun 30 19:33:20 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3116A106566C; Tue, 30 Jun 2009 19:33:20 +0000 (UTC) (envelope-from to.my.trociny@gmail.com) Received: from mail-fx0-f218.google.com (mail-fx0-f218.google.com [209.85.220.218]) by mx1.freebsd.org (Postfix) with ESMTP id 5ABCD8FC12; Tue, 30 Jun 2009 19:33:19 +0000 (UTC) (envelope-from to.my.trociny@gmail.com) Received: by mail-fx0-f218.google.com with SMTP id 18so346454fxm.43 for ; Tue, 30 Jun 2009 12:33:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:to:cc:subject:references :organization:from:date:in-reply-to:message-id:user-agent :mime-version:content-type; bh=IVPqBOExpOShEIY4xg8f1reXUX4CqWT+aEUt687mVoo=; b=EIsmXkF01/X2zcAYpKUu9allYfix5hMxxQ7mnu2g7YivH5HkKJOTwDo1NRqboNtvhC goMs2+XVM28BhAIVv4jVOyP7JRZTb20C4d/kOXtLeVhJmvmq6TloXJIRzYYhOvek6Jqc HQxU2Jwjnzk0TqNu+3UUidqZGtssGjIg94ZfU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=to:cc:subject:references:organization:from:date:in-reply-to :message-id:user-agent:mime-version:content-type; b=TOFsIGEp74ty1aBCU6ipx3bBvc8oDjJVHrmFhILKbscyZMJXUHd4FWE3jCeLzyf3ve uOkqn4Hg4l/d0J/24bYBPK81sq3+3YNhW4ibA2TByfZxpCtjjGEGZU1Iv7CFkfI8j9Lf EH2JJAzb+ODuNzgEcIdJ4dYnqSb7wRYNB1Vv8= Received: by 10.204.117.17 with SMTP id o17mr8609850bkq.145.1246390398943; Tue, 30 Jun 2009 12:33:18 -0700 (PDT) Received: from localhost ([95.69.166.42]) by mx.google.com with ESMTPS id y15sm591602fkd.17.2009.06.30.12.33.15 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 30 Jun 2009 12:33:16 -0700 (PDT) To: bug-followup@FreeBSD.org References: <200906101720.n5AHK3pr036971@freefall.freebsd.org> Organization: TOA Ukraine From: Mikolaj Golub Date: Tue, 30 Jun 2009 22:33:12 +0300 In-Reply-To: <200906101720.n5AHK3pr036971@freefall.freebsd.org> (Roar Pettersen's message of "Wed\, 10 Jun 2009 17\:20\:03 GMT") Message-ID: <86ocs5zfd3.fsf@kopusha.onet> User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.1 (berkeley-unix) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Cc: freebsd-net@FreeBSD.org, Alexander Motin , Sergei Cherveni Subject: Re: kern/134557: [netgraph] [hang] 7.2 with mpd5.3 hanging up - ng_pptp problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Jun 2009 19:33:20 -0000 --=-=-= Unfortunately, the problem was introduced by this commit :-) ---------- Author: mav Date: Sat Jan 31 12:48:09 2009 UTC (4 months, 4 weeks ago) Log Message: MFC rev. 187495 Check for infinite recursion possible on some broken PPTP/L2TP/... VPN setups. Mark packets with mbuf_tag on first interface passage and drop on second. PR: ports/129625, ports/125303 ---------- If a packet goes through two or more ng interfaces, "while" loop in the tag checking code can run infinitely. The attached patch should fix this. -- Mikolaj Golub --=-=-= Content-Type: text/x-diff Content-Disposition: attachment; filename=ng_iface.c.patch --- netgraph/ng_iface.c.orig 2009-06-30 21:47:54.000000000 +0300 +++ netgraph/ng_iface.c 2009-06-30 21:49:29.000000000 +0300 @@ -365,7 +365,8 @@ } /* Protect from deadly infinite recursion. */ - while ((mtag = m_tag_locate(m, MTAG_NGIF, MTAG_NGIF_CALLED, NULL))) { + mtag = NULL; + while ((mtag = m_tag_locate(m, MTAG_NGIF, MTAG_NGIF_CALLED, mtag))) { if (*(struct ifnet **)(mtag + 1) == ifp) { log(LOG_NOTICE, "Loop detected on %s\n", ifp->if_xname); m_freem(m); --=-=-=--