123045 – [ng_mppc] ng_mppc_decompress - disabling node

Bug 123045 - [ng_mppc] ng_mppc_decompress - disabling node

Summary: [ng_mppc] ng_mppc_decompress - disabling node

Status:	Closed FIXED

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	Unspecified
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	freebsd-net (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2008-04-24 08:10 UTC by Mihail
Modified:	2015-10-03 19:35 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mihail 2008-04-24 08:10:03 UTC

Problem with mpd with mppc encription:
sometimes ng interface was disabled by kernel with message:
ng_mppc_decompress: too many (4094) packets dropped, disabling node 0xHHHHHHHH!
Is exist a method to reconnect node without disabling ?

How-To-Repeat: Sometimes (once in several day)

Comment 1 Mark Linimon freebsd_committer

2008-04-24 08:36:10 UTC

State Changed
From-To: open->feedback

To which port (or part of the base system) does this PR apply?

Comment 2 Ganbold 2008-04-24 09:02:36 UTC

According to ng_mppc.c code in FreeBSD 7.0-STABLE(Tue Apr 22 12:01:33 
ULAT 2008):
...
/*
 * When packets are lost with MPPE, we may have to re-key arbitrarily
 * many times to 'catch up' to the new jumped-ahead sequence number.
 * Since this can be expensive, we pose a limit on how many re-keyings
 * we will do at one time to avoid a possible D.O.S. vulnerability.
 * This should instead be a configurable parameter.
 */
#define MPPE_MAX_REKEY          1000
...
                        /* How many times are we going to have to re-key? */
                        rekey = ((d->cfg.bits & MPPE_STATELESS) != 0) ?
                            numLost : (numLost / (MPPE_UPDATE_MASK + 1));
                        if (rekey > MPPE_MAX_REKEY) {
                                log(LOG_ERR, "%s: too many (%d) packets"
                                    " dropped, disabling node %p!",
                                    __func__, numLost, node);
                                priv->recv.cfg.enable = 0;
                                goto failed;
                        }
...
failed:
                m_freem(m);
                return (EINVAL);
        }
...

One thing you can try is to set MPPE_MAX_REKEY something higher and 
compile ng_mppc and test.
I'm not quite sure whether it is correct way of fixing such problem.

hth,

Ganbold

-- 
Therefore it is necessary to learn how not to be good, and to use this 
knowledge and not use it, according to the necessity of the cause. -- 
Machiavelli

Comment 3 Oleksandr Tymoshenko freebsd_committer

2008-07-08 15:04:28 UTC

Responsible Changed
From-To: freebsd-bugs->gonzo

While I'm on it, take care of second bug with ng_mppc tag

Comment 4 Oleksandr Tymoshenko freebsd_committer

2008-07-08 15:04:57 UTC

Hello, Mihail.

Try following patch. It add new sysctl: net.graph.mppe_max_rekey.  It
reflects maximum range between seq numbers when rekey is perfromed.
Setting it to negative value would disable this check at all.

Index: sys/netgraph/ng_mppc.c
==================================================================
--- sys/netgraph/ng_mppc.c	(revision 180320)
+++ sys/netgraph/ng_mppc.c	(local)
@@ -54,6 +54,7 @@
 #include <sys/mbuf.h>
 #include <sys/malloc.h>
 #include <sys/errno.h>
+#include <sys/sysctl.h>
 #include <sys/syslog.h>
 
 #include <netgraph/ng_message.h>
@@ -97,15 +98,6 @@
 /* Key length */
 #define KEYLEN(b)		(((b) & MPPE_128) ? 16 : 8)
 
-/*
- * When packets are lost with MPPE, we may have to re-key arbitrarily
- * many times to 'catch up' to the new jumped-ahead sequence number.
- * Since this can be expensive, we pose a limit on how many re-keyings
- * we will do at one time to avoid a possible D.O.S. vulnerability.
- * This should instead be a configurable parameter.
- */
-#define MPPE_MAX_REKEY		1000
-
 /* MPPC packet header bits */
 #define MPPC_FLAG_FLUSHED	0x8000		/* xmitter reset state */
 #define MPPC_FLAG_RESTART	0x4000		/* compress history restart */
@@ -152,6 +144,16 @@
 static ng_rcvdata_t	ng_mppc_rcvdata;
 static ng_disconnect_t	ng_mppc_disconnect;
 
+/*
+ * When packets are lost with MPPE, we may have to re-key arbitrarily
+ * many times to 'catch up' to the new jumped-ahead sequence number.
+ * Since this can be expensive, we pose a limit on how many re-keyings
+ * we will do at one time to avoid a possible D.O.S. vulnerability.
+ */
+int mppe_max_rekey = 1000;
+SYSCTL_INT(_net_graph, OID_AUTO, mppe_max_rekey, CTLFLAG_RW, &mppe_max_rekey,
+    0, "Maximum range between seq numbers when rekey is perfromed");
+
 /* Helper functions */
 static int	ng_mppc_compress(node_p node,
 			struct mbuf **datap);
@@ -628,7 +630,7 @@
 			/* How many times are we going to have to re-key? */
 			rekey = ((d->cfg.bits & MPPE_STATELESS) != 0) ?
 			    numLost : (numLost / (MPPE_UPDATE_MASK + 1));
-			if (rekey > MPPE_MAX_REKEY) {
+			if ((mppe_max_rekey > 0) && (rekey > mppe_max_rekey)) {
 				log(LOG_ERR, "%s: too many (%d) packets"
 				    " dropped, disabling node %p!",
 				    __func__, numLost, node);
-- 
gonzo

Comment 5 Oleksandr Tymoshenko freebsd_committer

2010-11-09 00:47:38 UTC

Responsible Changed
From-To: gonzo->freebsd-net

Over to maintainer(s)

Comment 6 Gleb Smirnoff freebsd_committer

2012-01-05 13:33:16 UTC

State Changed
From-To: feedback->closed

Email of submitter is no longer valid.

Comment 7 Eugene Grosbein 2015-10-03 19:35:58 UTC

Just for the record: the problem reported again with the fix in kern/182212 and the fix commited to stable/8 and present in all releases since 9.3 and 10.1