cvs commit: src/sys/netgraph ng_pppoe.c
Yar Tikhiy
yar at FreeBSD.org
Thu Dec 18 08:38:37 PST 2003
yar 2003/12/18 08:38:35 PST
FreeBSD src repository
Modified files:
sys/netgraph ng_pppoe.c
Log:
There are two modes of ng_pppoe operation, standard and
nonstandard. They differ in the values of certain fields in
the PPPoE frame. Previously, ng_pppoe would start in standard
mode, yet switch to nonstandard one upon reception of a single
nonstandard frame. After having done so, ng_pppoe would be unable
to interact with standard PPPoE peers. Thus, a DoS condition
existed that could be triggered by a buggy peer or malicious party.
Since few people have expressed their displeasure WRT this problem,
the default operation of ng_pppoe is left untouched for now. However,
a new value for the sysctl net.graph.nonstandard_pppoe is introduced,
-1, which will force ng_pppoe stay in standard mode regardless of any
bogus frames floating around.
PR: kern/47920
Submitted by: Gleb Smirnoff <glebius <at> cell.sick.ru>
MFC after: 1 week
Revision Changes Path
1.59 +38 -11 src/sys/netgraph/ng_pppoe.c
More information about the cvs-src
mailing list