Date: Thu, 24 May 2012 18:22:58 +0000 (UTC) From: Gleb Smirnoff <glebius@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r235923 - head/sys/netgraph Message-ID: <201205241822.q4OIMwZU053270@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: glebius Date: Thu May 24 18:22:57 2012 New Revision: 235923 URL: http://svn.freebsd.org/changeset/base/235923 Log: Revert r220768 for ng_ksocket. This node is special and when it is cloning, its constructor method may be called in a context that isn't allowed to sleep. Noticed by: Vadim Goncharov Modified: head/sys/netgraph/ng_ksocket.c head/sys/netgraph/ng_mppc.c Modified: head/sys/netgraph/ng_ksocket.c ============================================================================== --- head/sys/netgraph/ng_ksocket.c Thu May 24 18:19:23 2012 (r235922) +++ head/sys/netgraph/ng_ksocket.c Thu May 24 18:22:57 2012 (r235923) @@ -524,7 +524,9 @@ ng_ksocket_constructor(node_p node) priv_p priv; /* Allocate private structure */ - priv = malloc(sizeof(*priv), M_NETGRAPH_KSOCKET, M_WAITOK | M_ZERO); + priv = malloc(sizeof(*priv), M_NETGRAPH_KSOCKET, M_NOWAIT | M_ZERO); + if (priv == NULL) + return (ENOMEM); LIST_INIT(&priv->embryos); /* cross link them */ Modified: head/sys/netgraph/ng_mppc.c ============================================================================== --- head/sys/netgraph/ng_mppc.c Thu May 24 18:19:23 2012 (r235922) +++ head/sys/netgraph/ng_mppc.c Thu May 24 18:22:57 2012 (r235923) @@ -98,15 +98,6 @@ static MALLOC_DEFINE(M_NETGRAPH_MPPC, "n /* Key length */ #define KEYLEN(b) (((b) & MPPE_128) ? 16 : 8) -/* - * When packets are lost with MPPE, we may have to re-key arbitrarily - * many times to 'catch up' to the new jumped-ahead sequence number. - * Since this can be expensive, we pose a limit on how many re-keyings - * we will do at one time to avoid a possible D.O.S. vulnerability. - * This should instead be a configurable parameter. - */ -#define MPPE_MAX_REKEY 1000 - /* MPPC packet header bits */ #define MPPC_FLAG_FLUSHED 0x8000 /* xmitter reset state */ #define MPPC_FLAG_RESTART 0x4000 /* compress history restart */ @@ -641,20 +632,22 @@ ng_mppc_decompress(node_p node, struct m #endif #ifdef NETGRAPH_MPPC_ENCRYPTION if ((d->cfg.bits & MPPE_BITS) != 0) { - u_int rekey; - - /* How many times are we going to have to re-key? */ - rekey = ((d->cfg.bits & MPPE_STATELESS) != 0) ? - numLost : (numLost / (MPPE_UPDATE_MASK + 1)); - if (rekey > MPPE_MAX_REKEY) { - log(LOG_ERR, "%s: too many (%d) packets" - " dropped, disabling node %p!", - __func__, numLost, node); - priv->recv.cfg.enable = 0; - goto failed; - } - - /* Re-key as necessary to catch up to peer */ + u_int rekey; + + /* How many times are we going to have to re-key? */ + rekey = ((d->cfg.bits & MPPE_STATELESS) != 0) ? + numLost : (numLost / (MPPE_UPDATE_MASK + 1)); + if (rekey > 1000) + log(LOG_ERR, "%s: %d packets dropped, " + "node [%x]\n", __func__, numLost, + node->nd_ID); + + /* + * When packets are lost or re-ordered with MPPE, + * we may have to re-key up to 0xfff times to 'catch + * up' to the new jumped-ahead sequence number. Yep, + * this is heavy, but what else can we do? + */ while (d->cc != cc) { if ((d->cfg.bits & MPPE_STATELESS) != 0 || (d->cc & MPPE_UPDATE_MASK)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201205241822.q4OIMwZU053270>