misc/123045: ng_mppc_decompress - disabling node

Ganbold ganbold at micom.mng.net
Thu Apr 24 08:50:03 UTC 2008 

The following reply was made to PR misc/123045; it has been noted by GNATS.

From: Ganbold <ganbold at micom.mng.net>
To: Mihail <msaf1980 at rambler.ru>
Cc: bug-followup at FreeBSD.org, Alexander Motin <mav at mavhome.dp.ua>
Subject: Re: misc/123045: ng_mppc_decompress - disabling node
Date: Thu, 24 Apr 2008 16:02:36 +0800

 Mihail wrote:
 >> Number:         123045
 >> Category:       misc
 >> Synopsis:       ng_mppc_decompress - disabling node
 >> Confidential:   no
 >> Severity:       non-critical
 >> Priority:       medium
 >> Responsible:    freebsd-bugs
 >> State:          open
 >> Quarter:        
 >> Keywords:       
 >> Date-Required:
 >> Class:          sw-bug
 >> Submitter-Id:   current-users
 >> Arrival-Date:   Thu Apr 24 07:10:03 UTC 2008
 >> Closed-Date:
 >> Last-Modified:
 >> Originator:     Mihail
 >> Release:        6.3
 >> Organization:
 >> Environment:
 >>     
 > FreeBSD 6.3-RELEASE-p2
 >   
 >> Description:
 >>     
 > Problem with mpd with mppc encription:
 > sometimes ng interface was disabled by kernel with message:
 > ng_mppc_decompress: too many (4094) packets dropped, disabling node 0xHHHHHHHH!
 > Is exist a method to reconnect node without disabling ?
 >   
 
 According to ng_mppc.c code in FreeBSD 7.0-STABLE(Tue Apr 22 12:01:33 
 ULAT 2008):
 ...
 /*
  * When packets are lost with MPPE, we may have to re-key arbitrarily
  * many times to 'catch up' to the new jumped-ahead sequence number.
  * Since this can be expensive, we pose a limit on how many re-keyings
  * we will do at one time to avoid a possible D.O.S. vulnerability.
  * This should instead be a configurable parameter.
  */
 #define MPPE_MAX_REKEY          1000
 ...
                         /* How many times are we going to have to re-key? */
                         rekey = ((d->cfg.bits & MPPE_STATELESS) != 0) ?
                             numLost : (numLost / (MPPE_UPDATE_MASK + 1));
                         if (rekey > MPPE_MAX_REKEY) {
                                 log(LOG_ERR, "%s: too many (%d) packets"
                                     " dropped, disabling node %p!",
                                     __func__, numLost, node);
                                 priv->recv.cfg.enable = 0;
                                 goto failed;
                         }
 ...
 failed:
                 m_freem(m);
                 return (EINVAL);
         }
 ...
 
 One thing you can try is to set MPPE_MAX_REKEY something higher and 
 compile ng_mppc and test.
 I'm not quite sure whether it is correct way of fixing such problem.
 
 hth,
 
 Ganbold
 
 
 >> How-To-Repeat:
 >>     
 > Sometimes (once in several day)
 >   
 >> Fix:
 >>     
 >
 >
 >   
 >> Release-Note:
 >> Audit-Trail:
 >> Unformatted:
 >>     
 > _______________________________________________
 > freebsd-bugs at freebsd.org mailing list
 > http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
 > To unsubscribe, send any mail to "freebsd-bugs-unsubscribe at freebsd.org"
 >
 >
 >
 >   
 
 
 -- 
 Therefore it is necessary to learn how not to be good, and to use this 
 knowledge and not use it, according to the necessity of the cause. -- 
 Machiavelli

More information about the freebsd-bugs mailing list