From: Mark Wooding <mdw@distorted.org.uk>
Date: Mon, 4 Jun 2018 00:49:24 +0000 (+0100)
Subject: linux.c: Detect hall-of-mirrors effect in `nf_conntrack'.
X-Git-Tag: 1.0.5~3
X-Git-Url: https://git.distorted.org.uk/~mdw/yaid/commitdiff_plain/d817f2c3f8bbfcacd2a9cb255b66bf7d9d5dedfa?hp=dd5e35da5f74e9ed3bbfb639c2bab927a12c634f

linux.c: Detect hall-of-mirrors effect in `nf_conntrack'.

As well as NAT entries, this file contains entries for ordinary
connections, where both address pairs are equal and swapped.  If we find
one of these -- because we failed to find the connection in the main
`tcp' table for some reason -- then we'll pick the other remote address
as an ident daemon to talk to.  The problem is that that other daemon is
us, and we'll end up talking to another instance of ourselves, which
will fall into the same trap.  Until there aren't any file descriptors
left.
---

diff --git a/linux.c b/linux.c
index 8ed0396..ec4fe4e 100644
--- a/linux.c
+++ b/linux.c
@@ -434,6 +434,13 @@ void identify(struct query *q)
 	  !sockeq(q->ao, &s[i^1], &q->s[R]))
 	continue;
 
+      /* As a trap for the unwary, this file contains unhelpful entries which
+       * just mirror the source/destination addresses.  If this is one of
+       * those, we'll be stuck in a cycle talking to ourselves.
+       */
+      if (sockeq(q->ao, &s[i], &s[i^3]))
+	continue;
+
       /* We win.  The remaining address must be the client host.  We should
        * proxy this query.
        */