cvs commit: src/sys/net if_gif.c

Robert Watson rwatson at freebsd.org
Mon Apr 5 11:21:13 PDT 2004


On Mon, 5 Apr 2004, Ruslan Ermilov wrote:

> On Wed, Mar 31, 2004 at 09:06:56AM -0500, Robert Watson wrote:
> > 
> > On Wed, 31 Mar 2004, Ruslan Ermilov wrote:
> > 
> > > > > Implemented this in the attached patch.  Note when testing: setting
> > > > > net.link.gif.max_nesting too high (>20 on my system) and triggering
> > > > > the recursion causes the kernel stack exhaustion.
> > > > 
> > > > Why not just do what OpenBSD does and do actual loop detection?  This
> > > > gets rid of the nesting count hack which isn't really what you want to
> > > > measure anyway.
> > > > 
> > > > http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/if_gif.c.diff?r1=1.18&r2=1.19
> > > > 
> > > Good idea.  I will implement it and repost the updated patch here.
> > 
> > While you're at it, we also need loop detection in if_gre.  Make sure to
> > check the IP- and IPv6-layer pieces of these as well.
> > 
> Um, what do you mean, should I _check_ by running, or what?

I was just pointing out that if you're looking for potential looping and
recursion issues in the gif code, make sure you also look at the pieces of
gif in the IP stack (as opposed to the generic network code) -- i.e.,
in_gif.c, ip_gre.c, etc.  In fact, you probably want to grep around and
look for any other consumers of the encapsulation APIs provided by
ip_encap.c.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org      Senior Research Scientist, McAfee Research




More information about the cvs-src mailing list