Diffusion FreeBSD src repository 18c38eda39bb

if_ovpn: cope with loops
18c38eda39bb
Actions

Description

if_ovpn: cope with loops

User misconfiguration may lead to routing loops where we try to send the tunnel
packet into the tunnel. This eventually leads to stack overflows and panics.

Avoid this using if_tunnel_check_nesting(), which will drop the packet if we're
looping or we hit three layers of nested tunnels.

MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")

(cherry picked from commit 59a6666ec91d71f97aaae5195bbfafd9d422db2e)

Details

Provenance

kp	Authored on May 13 2024, 10:06 AM

Parents

rGab135e19f70a: tmpfs_destroy_vobject(): clear v_object under the object lock

Branches

Unknown

Tags

Unknown

Event Timeline

kp committed rG18c38eda39bb: if_ovpn: cope with loops (authored by kp).Mon, May 20, 7:39 AM

Changes (2)

Path

Size

sys/

net/

if_ovpn.c

tests/

sys/

net/

if_ovpn/

if_ovpn.sh

rG18c38eda39bb

View Options

sys/net/if_ovpn.c