From d817f2c3f8bbfcacd2a9cb255b66bf7d9d5dedfa Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Mon, 4 Jun 2018 01:49:24 +0100
Subject: [PATCH] linux.c: Detect hall-of-mirrors effect in `nf_conntrack'.

As well as NAT entries, this file contains entries for ordinary
connections, where both address pairs are equal and swapped.  If we find
one of these -- because we failed to find the connection in the main
`tcp' table for some reason -- then we'll pick the other remote address
as an ident daemon to talk to.  The problem is that that other daemon is
us, and we'll end up talking to another instance of ourselves, which
will fall into the same trap.  Until there aren't any file descriptors
left.
---
 linux.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/linux.c b/linux.c
index 8ed0396..ec4fe4e 100644
--- a/linux.c
+++ b/linux.c
@@ -434,6 +434,13 @@ void identify(struct query *q)
 	  !sockeq(q->ao, &s[i^1], &q->s[R]))
 	continue;
 
+      /* As a trap for the unwary, this file contains unhelpful entries which
+       * just mirror the source/destination addresses.  If this is one of
+       * those, we'll be stuck in a cycle talking to ourselves.
+       */
+      if (sockeq(q->ao, &s[i], &s[i^3]))
+	continue;
+
       /* We win.  The remaining address must be the client host.  We should
        * proxy this query.
        */
-- 
2.11.0