[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: problem changing target interface with reply-to

On Sat, May 08, 2004 at 10:37:41PM +1000, Christopher Pascoe wrote:
> At http://www.itee.uq.edu.au/~chrisp/OpenBSD/pf.c-noloop.diff is a patch
> that makes pf_route behave like pre PR3736-patch for non-recursive rules
> (one interface change permitted per packet), and like post PR3736-patch
> (drop packet on recursive rules) for recursive rules.
I'll review and test your patch, then add the recursion prevention
through a counter in the mbuf.
> P.S. As an aside, in 3.5 release (at least) the "pass out route-to lo0"
> case is non-recursive, so the rule generated in PF3736 should not have
> caused any stack overflows.  For the loopback interface, we reenqueue the
> packet for lo0 to receive return from pf_test - the packet is received
> later on by the next ipintr() and we are protected from being called again
> before we have returned by splsoftnet().  However, problems did exist with
> "pass in on lo0 fastroute" and would do with route-to on any encapsulation
> interface that didn't perform its own recursivity tests.
Yes, PR3736 wasn't recursion (that would spontanously reboot the
machine), it was an endless loop (the packet gets routed, queued, the
kernel leaves pf, but immediately continues with processing queued
packets, calling pf again, etc.) locking up the kernel.