From owner-svn-src-head@FreeBSD.ORG Tue Jan 20 22:26:09 2009 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9B706106566B; Tue, 20 Jan 2009 22:26:09 +0000 (UTC) (envelope-from mav@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 8B4938FC13; Tue, 20 Jan 2009 22:26:09 +0000 (UTC) (envelope-from mav@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n0KMQ9NB058612; Tue, 20 Jan 2009 22:26:09 GMT (envelope-from mav@svn.freebsd.org) Received: (from mav@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n0KMQ9wI058610; Tue, 20 Jan 2009 22:26:09 GMT (envelope-from mav@svn.freebsd.org) Message-Id: <200901202226.n0KMQ9wI058610@svn.freebsd.org> From: Alexander Motin Date: Tue, 20 Jan 2009 22:26:09 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r187495 - head/sys/netgraph X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jan 2009 22:26:10 -0000 Author: mav Date: Tue Jan 20 22:26:09 2009 New Revision: 187495 URL: http://svn.freebsd.org/changeset/base/187495 Log: Check for infinite recursion possible on some broken PPTP/L2TP/... VPN setups. Mark packets with mbuf_tag on first interface passage and drop on second. PR: ports/129625, ports/125303, MFC after: 2 weeks Modified: head/sys/netgraph/ng_iface.c head/sys/netgraph/ng_iface.h Modified: head/sys/netgraph/ng_iface.c ============================================================================== --- head/sys/netgraph/ng_iface.c Tue Jan 20 22:17:05 2009 (r187494) +++ head/sys/netgraph/ng_iface.c Tue Jan 20 22:26:09 2009 (r187495) @@ -356,6 +356,7 @@ static int ng_iface_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, struct rtentry *rt0) { + struct m_tag *mtag; uint32_t af; int error; @@ -366,6 +367,23 @@ ng_iface_output(struct ifnet *ifp, struc return (ENETDOWN); } + /* Protect from deadly infinite recursion. */ + while ((mtag = m_tag_locate(m, MTAG_NGIF, MTAG_NGIF_CALLED, NULL))) { + if (*(struct ifnet **)(mtag + 1) == ifp) { + log(LOG_NOTICE, "Loop detected on %s\n", ifp->if_xname); + m_freem(m); + return (EDEADLK); + } + } + mtag = m_tag_alloc(MTAG_NGIF, MTAG_NGIF_CALLED, sizeof(struct ifnet *), + M_NOWAIT); + if (mtag == NULL) { + m_freem(m); + return (ENOMEM); + } + *(struct ifnet **)(mtag + 1) = ifp; + m_tag_prepend(m, mtag); + /* BPF writes need to be handled specially. */ if (dst->sa_family == AF_UNSPEC) { bcopy(dst->sa_data, &af, sizeof(af)); Modified: head/sys/netgraph/ng_iface.h ============================================================================== --- head/sys/netgraph/ng_iface.h Tue Jan 20 22:17:05 2009 (r187494) +++ head/sys/netgraph/ng_iface.h Tue Jan 20 22:26:09 2009 (r187495) @@ -72,4 +72,7 @@ enum { NGM_IFACE_GET_IFINDEX, }; +#define MTAG_NGIF NGM_IFACE_COOKIE +#define MTAG_NGIF_CALLED 0 | MTAG_PERSISTENT + #endif /* _NETGRAPH_NG_IFACE_H_ */