misc/123045: ng_mppc_decompress - disabling node
Ganbold
ganbold at micom.mng.net
Thu Apr 24 08:50:03 UTC 2008
The following reply was made to PR misc/123045; it has been noted by GNATS.
From: Ganbold <ganbold at micom.mng.net>
To: Mihail <msaf1980 at rambler.ru>
Cc: bug-followup at FreeBSD.org, Alexander Motin <mav at mavhome.dp.ua>
Subject: Re: misc/123045: ng_mppc_decompress - disabling node
Date: Thu, 24 Apr 2008 16:02:36 +0800
Mihail wrote:
>> Number: 123045
>> Category: misc
>> Synopsis: ng_mppc_decompress - disabling node
>> Confidential: no
>> Severity: non-critical
>> Priority: medium
>> Responsible: freebsd-bugs
>> State: open
>> Quarter:
>> Keywords:
>> Date-Required:
>> Class: sw-bug
>> Submitter-Id: current-users
>> Arrival-Date: Thu Apr 24 07:10:03 UTC 2008
>> Closed-Date:
>> Last-Modified:
>> Originator: Mihail
>> Release: 6.3
>> Organization:
>> Environment:
>>
> FreeBSD 6.3-RELEASE-p2
>
>> Description:
>>
> Problem with mpd with mppc encription:
> sometimes ng interface was disabled by kernel with message:
> ng_mppc_decompress: too many (4094) packets dropped, disabling node 0xHHHHHHHH!
> Is exist a method to reconnect node without disabling ?
>
According to ng_mppc.c code in FreeBSD 7.0-STABLE(Tue Apr 22 12:01:33
ULAT 2008):
...
/*
* When packets are lost with MPPE, we may have to re-key arbitrarily
* many times to 'catch up' to the new jumped-ahead sequence number.
* Since this can be expensive, we pose a limit on how many re-keyings
* we will do at one time to avoid a possible D.O.S. vulnerability.
* This should instead be a configurable parameter.
*/
#define MPPE_MAX_REKEY 1000
...
/* How many times are we going to have to re-key? */
rekey = ((d->cfg.bits & MPPE_STATELESS) != 0) ?
numLost : (numLost / (MPPE_UPDATE_MASK + 1));
if (rekey > MPPE_MAX_REKEY) {
log(LOG_ERR, "%s: too many (%d) packets"
" dropped, disabling node %p!",
__func__, numLost, node);
priv->recv.cfg.enable = 0;
goto failed;
}
...
failed:
m_freem(m);
return (EINVAL);
}
...
One thing you can try is to set MPPE_MAX_REKEY something higher and
compile ng_mppc and test.
I'm not quite sure whether it is correct way of fixing such problem.
hth,
Ganbold
>> How-To-Repeat:
>>
> Sometimes (once in several day)
>
>> Fix:
>>
>
>
>
>> Release-Note:
>> Audit-Trail:
>> Unformatted:
>>
> _______________________________________________
> freebsd-bugs at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
> To unsubscribe, send any mail to "freebsd-bugs-unsubscribe at freebsd.org"
>
>
>
>
--
Therefore it is necessary to learn how not to be good, and to use this
knowledge and not use it, according to the necessity of the cause. --
Machiavelli
More information about the freebsd-bugs
mailing list