Date: Thu, 19 Dec 2002 09:31:26 -0800 From: Brooks Davis <brooks@one-eyed-alien.net> To: Vincent Jardin <vjardin@wanadoo.fr> Cc: freebsd-net@FreeBSD.ORG, Lars Eggert <larse@ISI.EDU> Subject: Re: Recursive encapsulation could panic the Kernel Message-ID: <20021219093126.B30203@Odin.AC.HMC.Edu> In-Reply-To: <3E018315.5070602@isi.edu>; from larse@ISI.EDU on Thu, Dec 19, 2002 at 09:28:05AM %2B0100 References: <3DF62DBD0032C2ED@mel-rta6.wanadoo.fr> <3E018315.5070602@isi.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
> On 12/16/2002 9:45 PM, Vincent Jardin wrote:
> >
> > With FreeBSD, there are many ways to create a recursive local encapsulation
> > loop within the IPv4 and IPv6 stack.
> ...
> > There is a simple local solution that is used by gif_output() that is not
> > protected by any mutex:
> ..
> > if (++called > max_gif_nesting) {
> > log(LOG_NOTICE,
> > "gif_output: recursively called too many times(%d)\n",
> > called);
> > m_freem(m);
> > error = EIO; /* is there better errno? */
> > goto end;
> > }
> >
> > I am wondering if a more generic solution could be found, however I do not
> > have any idea yet ;-(
Since we now have m_tag support, we could implement the solution OpenBSD
uses which catches actual loops instead of just refusing to nest more then
a certain amount. See sys/net/if_gif.c rev 1.19.
-- Brooks
--
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE+AgJsXY6L6fI4GtQRAml/AJ0Y44wjRBlocuGuH5FSkCvsiydFBACfWGmn
HolDmI5PBToLu2hKEJdd+ns=
=HixY
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021219093126.B30203>