linux.c: Detect hall-of-mirrors effect in `nf_conntrack'.

As well as NAT entries, this file contains entries for ordinary
connections, where both address pairs are equal and swapped.  If we find
one of these -- because we failed to find the connection in the main
`tcp' table for some reason -- then we'll pick the other remote address
as an ident daemon to talk to.  The problem is that that other daemon is
us, and we'll end up talking to another instance of ourselves, which
will fall into the same trap.  Until there aren't any file descriptors
left.

diff --git a/linux.c b/linux.c
index 8ed0396e40192bd21b15608136fe3c12e56999d1..ec4fe4e7f0ae5eb5fdc0e0283031c89276d2ff70 100644 (file)
--- a/linux.c
+++ b/linux.c
@@ -434,6 +434,13 @@ void identify(struct query *q)
          !sockeq(q->ao, &s[i^1], &q->s[R]))
        continue;
 
+      /* As a trap for the unwary, this file contains unhelpful entries which
+       * just mirror the source/destination addresses.  If this is one of
+       * those, we'll be stuck in a cycle talking to ourselves.
+       */
+      if (sockeq(q->ao, &s[i], &s[i^3]))
+       continue;
+
       /* We win.  The remaining address must be the client host.  We should
        * proxy this query.
        */