From owner-svn-src-all@FreeBSD.ORG Sat Jan 31 12:48:09 2009 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B246D1065680; Sat, 31 Jan 2009 12:48:09 +0000 (UTC) (envelope-from mav@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 857CC8FC08; Sat, 31 Jan 2009 12:48:09 +0000 (UTC) (envelope-from mav@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n0VCm9SV025086; Sat, 31 Jan 2009 12:48:09 GMT (envelope-from mav@svn.freebsd.org) Received: (from mav@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n0VCm90N025084; Sat, 31 Jan 2009 12:48:09 GMT (envelope-from mav@svn.freebsd.org) Message-Id: <200901311248.n0VCm90N025084@svn.freebsd.org> From: Alexander Motin Date: Sat, 31 Jan 2009 12:48:09 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org X-SVN-Group: stable-7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r187955 - stable/7/sys/netgraph X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 Jan 2009 12:48:10 -0000 Author: mav Date: Sat Jan 31 12:48:09 2009 New Revision: 187955 URL: http://svn.freebsd.org/changeset/base/187955 Log: MFC rev. 187495 Check for infinite recursion possible on some broken PPTP/L2TP/... VPN setups. Mark packets with mbuf_tag on first interface passage and drop on second. PR: ports/129625, ports/125303 Modified: stable/7/sys/netgraph/ng_iface.c stable/7/sys/netgraph/ng_iface.h Modified: stable/7/sys/netgraph/ng_iface.c ============================================================================== --- stable/7/sys/netgraph/ng_iface.c Sat Jan 31 12:44:20 2009 (r187954) +++ stable/7/sys/netgraph/ng_iface.c Sat Jan 31 12:48:09 2009 (r187955) @@ -353,6 +353,7 @@ static int ng_iface_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, struct rtentry *rt0) { + struct m_tag *mtag; uint32_t af; int error; @@ -363,6 +364,23 @@ ng_iface_output(struct ifnet *ifp, struc return (ENETDOWN); } + /* Protect from deadly infinite recursion. */ + while ((mtag = m_tag_locate(m, MTAG_NGIF, MTAG_NGIF_CALLED, NULL))) { + if (*(struct ifnet **)(mtag + 1) == ifp) { + log(LOG_NOTICE, "Loop detected on %s\n", ifp->if_xname); + m_freem(m); + return (EDEADLK); + } + } + mtag = m_tag_alloc(MTAG_NGIF, MTAG_NGIF_CALLED, sizeof(struct ifnet *), + M_NOWAIT); + if (mtag == NULL) { + m_freem(m); + return (ENOMEM); + } + *(struct ifnet **)(mtag + 1) = ifp; + m_tag_prepend(m, mtag); + /* BPF writes need to be handled specially. */ if (dst->sa_family == AF_UNSPEC) { bcopy(dst->sa_data, &af, sizeof(af)); Modified: stable/7/sys/netgraph/ng_iface.h ============================================================================== --- stable/7/sys/netgraph/ng_iface.h Sat Jan 31 12:44:20 2009 (r187954) +++ stable/7/sys/netgraph/ng_iface.h Sat Jan 31 12:48:09 2009 (r187955) @@ -72,4 +72,7 @@ enum { NGM_IFACE_GET_IFINDEX, }; +#define MTAG_NGIF NGM_IFACE_COOKIE +#define MTAG_NGIF_CALLED 0 | MTAG_PERSISTENT + #endif /* _NETGRAPH_NG_IFACE_H_ */