Date: Mon, 5 Apr 2004 14:20:58 -0400 (EDT) From: Robert Watson <rwatson@freebsd.org> To: Ruslan Ermilov <ru@freebsd.org> Cc: cvs-all@freebsd.org Subject: Re: cvs commit: src/sys/net if_gif.c Message-ID: <Pine.NEB.3.96L.1040405141918.97313B-100000@fledge.watson.org> In-Reply-To: <20040405181653.GA1212@ip.net.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 5 Apr 2004, Ruslan Ermilov wrote: > On Wed, Mar 31, 2004 at 09:06:56AM -0500, Robert Watson wrote: > > > > On Wed, 31 Mar 2004, Ruslan Ermilov wrote: > > > > > > > Implemented this in the attached patch. Note when testing: setting > > > > > net.link.gif.max_nesting too high (>20 on my system) and triggering > > > > > the recursion causes the kernel stack exhaustion. > > > > > > > > Why not just do what OpenBSD does and do actual loop detection? This > > > > gets rid of the nesting count hack which isn't really what you want to > > > > measure anyway. > > > > > > > > http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/if_gif.c.diff?r1=1.18&r2=1.19 > > > > > > > Good idea. I will implement it and repost the updated patch here. > > > > While you're at it, we also need loop detection in if_gre. Make sure to > > check the IP- and IPv6-layer pieces of these as well. > > > Um, what do you mean, should I _check_ by running, or what? I was just pointing out that if you're looking for potential looping and recursion issues in the gif code, make sure you also look at the pieces of gif in the IP stack (as opposed to the generic network code) -- i.e., in_gif.c, ip_gre.c, etc. In fact, you probably want to grep around and look for any other consumers of the encapsulation APIs provided by ip_encap.c. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Senior Research Scientist, McAfee Research
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1040405141918.97313B-100000>