diff options
author | mav <mav@FreeBSD.org> | 2009-01-20 22:26:09 +0000 |
---|---|---|
committer | mav <mav@FreeBSD.org> | 2009-01-20 22:26:09 +0000 |
commit | 6191153d9526b39f7145a66956b7e5ecc329ef83 (patch) | |
tree | 7cb1bb23448b9cf474c0ee12f64ee7538de87870 /sys/netgraph/ng_iface.c | |
parent | 3fd09aadc79eb9fe325206d1a974db2562d32578 (diff) | |
download | FreeBSD-src-6191153d9526b39f7145a66956b7e5ecc329ef83.zip FreeBSD-src-6191153d9526b39f7145a66956b7e5ecc329ef83.tar.gz |
Check for infinite recursion possible on some broken PPTP/L2TP/... VPN setups.
Mark packets with mbuf_tag on first interface passage and drop on second.
PR: ports/129625, ports/125303,
MFC after: 2 weeks
Diffstat (limited to 'sys/netgraph/ng_iface.c')
-rw-r--r-- | sys/netgraph/ng_iface.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/sys/netgraph/ng_iface.c b/sys/netgraph/ng_iface.c index 2295004..a22b85a 100644 --- a/sys/netgraph/ng_iface.c +++ b/sys/netgraph/ng_iface.c @@ -356,6 +356,7 @@ static int ng_iface_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, struct rtentry *rt0) { + struct m_tag *mtag; uint32_t af; int error; @@ -366,6 +367,23 @@ ng_iface_output(struct ifnet *ifp, struct mbuf *m, return (ENETDOWN); } + /* Protect from deadly infinite recursion. */ + while ((mtag = m_tag_locate(m, MTAG_NGIF, MTAG_NGIF_CALLED, NULL))) { + if (*(struct ifnet **)(mtag + 1) == ifp) { + log(LOG_NOTICE, "Loop detected on %s\n", ifp->if_xname); + m_freem(m); + return (EDEADLK); + } + } + mtag = m_tag_alloc(MTAG_NGIF, MTAG_NGIF_CALLED, sizeof(struct ifnet *), + M_NOWAIT); + if (mtag == NULL) { + m_freem(m); + return (ENOMEM); + } + *(struct ifnet **)(mtag + 1) = ifp; + m_tag_prepend(m, mtag); + /* BPF writes need to be handled specially. */ if (dst->sa_family == AF_UNSPEC) { bcopy(dst->sa_data, &af, sizeof(af)); |