Bug 235500 - [netgraph] tunnel nesting limit hard coded
Summary: [netgraph] tunnel nesting limit hard coded
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Many People
Assignee: Gleb Smirnoff
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2019-02-04 17:19 UTC by i.bakirov
Modified: 2019-02-15 00:37 UTC (History)
2 users (show)

See Also:


Attachments
suggested patch (2.20 KB, patch)
2019-02-07 03:19 UTC, Gleb Smirnoff
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description i.bakirov 2019-02-04 17:19:52 UTC
After system switch from 11-p8 to 12 nested PPTP & L2TP tunnels based on MPD5 does not work.

Got this error:
kernel: ng0: if_output recursively called too many (2)

After analyzing commits, found that for GIF, GRE and ME interfaces tunnel nesting limit check introduced and limit can be set by sysctl net.link.gif.max_nesting (man if_gif(4)):
https://svnweb.freebsd.org/base?view=revision&revision=336131

For the netgraph based tunnel nesting limit is checked against 1 and this limit can not be set by systcl:
https://svnweb.freebsd.org/base?view=revision&revision=337278
Comment 1 Andrey V. Elsukov freebsd_committer 2019-02-06 17:56:29 UTC
Mentioned changes seems do not change the behavior. The previous limit in the ng_iface node was 1. But I'm not very familiar with this code. Gleb can you take a look?
Comment 2 Andrey V. Elsukov freebsd_committer 2019-02-06 18:15:47 UTC
I think I see what happened. The previous code in the ng_iface did not count number of tags, it only could fail when ifnet pointer was the same. So, it doesn't fully match the behavior that if_tunnel_check_nesting() has.
Comment 3 Gleb Smirnoff freebsd_committer 2019-02-07 03:19:05 UTC
Created attachment 201808 [details]
suggested patch

Hi!

Can you please test this patch and confirm that desired behavior is achieved?
Comment 4 i.bakirov 2019-02-07 08:52:41 UTC
Asked initial problem reporter to check out patch.
Comment 5 i.bakirov 2019-02-08 06:09:21 UTC
Andrey and Gleb thanks for the suggested patch. Patch confirmed by Слава Трофимов to be working!

All credits/thanks to Слава Трофимов and to others participated on this topic discussion: https://www.opennet.ru/openforum/vsluhforumID1/97363.html
Comment 6 commit-hook freebsd_committer 2019-02-08 06:20:02 UTC
A commit references this bug:

Author: glebius
Date: Fri Feb  8 06:19:29 UTC 2019
New revision: 343895
URL: https://svnweb.freebsd.org/changeset/base/343895

Log:
  Allow some nesting of ng_iface(4) interfaces and add a configuration knob.

  PR:		235500
  MFC after:	1 week

Changes:
  head/share/man/man4/ng_iface.4
  head/sys/netgraph/ng_iface.c
Comment 7 commit-hook freebsd_committer 2019-02-15 00:30:18 UTC
A commit references this bug:

Author: glebius
Date: Fri Feb 15 00:29:45 UTC 2019
New revision: 344139
URL: https://svnweb.freebsd.org/changeset/base/344139

Log:
  Merge r343895:
    Allow some nesting of ng_iface(4) interfaces and add a configuration knob.

  PR:		235500

Changes:
_U  stable/12/
  stable/12/share/man/man4/ng_iface.4
  stable/12/sys/netgraph/ng_iface.c