Re: [Masque] Forwarded Mode infinite loops
Ian Swett <ianswett@google.com> Tue, 24 October 2023 13:43 UTC
Return-Path: <ianswett@google.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1C42C14CF15 for <masque@ietfa.amsl.com>; Tue, 24 Oct 2023 06:43:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.606
X-Spam-Level:
X-Spam-Status: No, score=-17.606 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fDeT6Ga48d6p for <masque@ietfa.amsl.com>; Tue, 24 Oct 2023 06:43:29 -0700 (PDT)
Received: from mail-wr1-x429.google.com (mail-wr1-x429.google.com [IPv6:2a00:1450:4864:20::429]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9C3DC14CF1E for <masque@ietf.org>; Tue, 24 Oct 2023 06:43:28 -0700 (PDT)
Received: by mail-wr1-x429.google.com with SMTP id ffacd0b85a97d-31427ddd3fbso3113372f8f.0 for <masque@ietf.org>; Tue, 24 Oct 2023 06:43:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1698155006; x=1698759806; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=M9iKZpRGaYKR2YzwzUbG8OINGxmsNoizrcpShXflks4=; b=4RXSS6KrJ/rZ9s5eG9A2R1ALXcX2SIsRVJG4RaiHU2i6I3MDNKnPMjGd7qJXQaf3jO ResJe0gAGIteO5kY1Dve/H9pBNWVhnEjZwkITS/pQxIffFiyl6yD18MuL5xgmAHjfLXR hLlZ+0hOsOLYX0ee6zeI1KAOP08ksu515qDT5BiuW9KXyqIUolIvAZUiETxacGsJBJp8 EtXLpBwDFwAs21vl3RItU+x8At7Zkpks08IXulMLvnWmxTBLeH3jWk6gPFpeEQDX7jCc HiHEY6VKJyNLSC8tW2WuETV7Wv4rGn9HxrNE/ShEKT/9VI1Jgnr5KUyiu683+29QY+Fl 0DiA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698155006; x=1698759806; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=M9iKZpRGaYKR2YzwzUbG8OINGxmsNoizrcpShXflks4=; b=oTdx7LTDjTkJxi4Vmi1wdYGp5PIsR3OuL5/r7bG5jAIC1lNJkgP+cEkD3WFE9/ZzbZ mkwF1bjjkTgKhzBKm0vozSju+dsEmTYOKnf6dkYLhxvfBkF6/GGjxu2nLDo9lX4PWK4I w3hGyeIqKQZ2J4gotLLvOeiakpw0+ZkzAz+kAGNYdOSUEhnHfe6ipbTI7cEnmD8po+BW eQQ+opt08IKXSm2rUhlmHDZy3TMxZcDzMiQrEhdaGAx371IE6nyBSeo+vkjoyxSRCwCY r7R6IZrkffmSCo7zkHSjdDqrmIMiK1V7KdY2KK8YeWRHjtcsAKFstUMlhE/bZs/Gacz0 zYsA==
X-Gm-Message-State: AOJu0YwtV9CWsj8sZ0BX6Gd/evFXdM+pe3NoijUI9puy0f3u2NZeoNAK wYWbtzBT1uG5rxmfNyvUjOy3phitKNdNe43U2k9OXg==
X-Google-Smtp-Source: AGHT+IF6HtuRWyNgW3gUsUJ04TUhCQA2cbhfjTgP8BVgLzDoKsqoESzukRQrGMl7PFQ65ErlNaPcMJvrHgcYIgeHFNQ=
X-Received: by 2002:adf:e943:0:b0:329:6bdc:5a60 with SMTP id m3-20020adfe943000000b003296bdc5a60mr8407356wrn.12.1698155006271; Tue, 24 Oct 2023 06:43:26 -0700 (PDT)
MIME-Version: 1.0
References: <CAM4esxRzTu=njLp7Uk=4AvObxD5j0FG1fQHKtoyDGFWF7q1jdg@mail.gmail.com> <BN8PR15MB3281FF073C549E3A39DD087BB3DBA@BN8PR15MB3281.namprd15.prod.outlook.com> <CAM4esxRKTNdGBpiO5_s33UikPnSG54K1dNKYua6_ca3f4jE2=A@mail.gmail.com> <BN8PR15MB32817A645AB33154DE9ACFFEB3DBA@BN8PR15MB3281.namprd15.prod.outlook.com> <CAM4esxSMEtExuW0WewKCjz3Xc+_pe7czdx_gRcqe7uqZJ8B8Rw@mail.gmail.com> <CAM4esxQf6T7G8TWLcKsF0=cEyvndN2HHK+D4s8EvOF+Z=gXbMQ@mail.gmail.com> <CAM4esxTwkE1wHwFuLDLx8h5qzRtWTFhfQgWgteWPSoTeEuQQuA@mail.gmail.com> <CAPDSy+7cPETw-CEd910AodgV3ADJuFsfDRi3FAxyY=pYVRoc-Q@mail.gmail.com> <CAM4esxShEYAgZ-LhVSPtdaajiAhRx99tj0ef-t+AmJGBiHMOOA@mail.gmail.com> <34F58C3B-7677-4974-8AB9-CDF011EABA1B@apple.com>
In-Reply-To: <34F58C3B-7677-4974-8AB9-CDF011EABA1B@apple.com>
From: Ian Swett <ianswett@google.com>
Date: Tue, 24 Oct 2023 09:43:12 -0400
Message-ID: <CAKcm_gNUriekTx7WdmD4yjrRABecvXLvyqr+wPdfOLYaS1RRww@mail.gmail.com>
To: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>
Cc: Martin Duke <martin.h.duke@gmail.com>, David Schinazi <dschinazi.ietf@gmail.com>, MASQUE <masque@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ed196a06087685bf"
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/KUEoLODDaujvTIjkFlcxekwD8oU>
Subject: Re: [Masque] Forwarded Mode infinite loops
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Oct 2023 13:43:33 -0000
I assume each hop would decrement the TTL? If so, wouldn't this be a loop, but not infinite? Ian On Mon, Oct 23, 2023, 11:01 PM Tommy Pauly <tpauly= 40apple.com@dmarc.ietf.org> wrote: > It was useful for me to draw this out in (unnecessary) detail to show how > this only needs the ingress IP to be shared, not the egress IP. > > To help go through this, let me fill in the example you gave with more > details about IPs and ports — since the forwarding mappings depend on these > “sockets”. > > Let’s start with a case where the addresses aren’t being shared. > > *C *has address 1111::1 > *P1* has ingress address 2222::2, and egress address 3333::3 > *P2* has ingress address 4444::4, and egress address 5555::5 > *P3* has ingress address 6666::6, and egress address 7777::7 > *T* has ingress address 8888::8 > > *C *is set up to receive CID4 on 1111::1 port 10000 from 2222::2 port 443 > *P1 *is set up to receive CID3 on 3333::3 port 20000 from 4444::4 port > 443, and forward it as CID4 to 1111::1 port 10000 from 2222::2 port 443 > *P2 *is set up to receive CID2 on 5555::5 port 30000 from 2222::2 port > 443, and forward it as CID3 to 3333::3 port 20000 from 4444::4 port 443 > *P1 *is set up to receive CID1 on 3333::3 port 40000 from 6666::6 port > 443, and forward it as CID2 to 5555::5 port 30000 from 2222::2 port 443 > *P3 *is set up to receive CID0 on 7777::7 port 50000 from 8888::8 port > 443, and forward it as CID1 to 3333::3 port 40000 from 6666::6 port 443 > *T *sends using CID0 to 7777::7 port 50000 from 8888::8 port 443 > > In this case, since there is no address sharing, if the client tells *P2* to > instead map from (CID2 on 5555::5 port 30000 from 2222::2 port 443) to (CID1 > to 3333::3 port 20000 from 4444::4 port 443), the connection will break, > but there will be no loop, since *P1* won’t allow receiving CID1 on that > socket. > > > Then, let’s explore the case of shared addresses. If we only have P2 and > P3 share an ingress VIP, and P1 reuses sockets on egress, we have the > following: > > *C *has address 1111::1 > *P1* has ingress address 2222::2, and egress address 3333::3 > *P2* has ingress address 4444::4, and egress address 5555::5 > *P3* has ingress address 4444::4, and egress address 7777::7 > *T* has ingress address 8888::8 > > *C *is set up to receive CID4 on 1111::1 port 10000 from 2222::2 port 443 > *P1 *is set up to receive CID3 on 3333::3 port 20000 from 4444::4 port > 443, and forward it as CID4 to 1111::1 port 10000 from 2222::2 port 443 > *P2 *is set up to receive CID2 on 5555::5 port 30000 from 2222::2 port > 443, and forward it as CID3 to 3333::3 port 20000 from 4444::4 port 443 > *P1 *is set up to receive CID1 on 3333::3 port 20000 from 4444::4 port > 443, and forward it as CID2 to 5555::5 port 30000 from 2222::2 port 443 > *P3 *is set up to receive CID0 on 7777::7 port 50000 from 8888::8 port > 443, and forward it as CID1 to 3333::3 port 20000 from 4444::4 port 443 > *T *sends using CID0 to 7777::7 port 50000 from 8888::8 port 443 > > Then, if the client tells *P2* to instead map from (CID2 on 5555::5 port > 30000 from 2222::2 port 443) to (CID1 to 3333::3 port 20000 from 4444::4 > port 443), the loop occurs because there are two mappings for receiving on > *P1 *that differ only in CID. > > Tommy > > On Oct 23, 2023, at 7:08 PM, Martin Duke <martin.h.duke@gmail.com> wrote: > > The reason I put in the point about VIPs is that P1 cannot distinguish > between a packet from P2 and P3 if they share an ingress VIP > > If they're from different IP addresses it's sufficient for P1 to check the > source IP of packets arriving from the target > > Does that answer your question? > > > On Mon, Oct 23, 2023, 18:34 David Schinazi <dschinazi.ietf@gmail.com> > wrote: > >> Hi Martin, >> >> I don't understand how the fact that P2 and P3 share a VIP impacts the >> attack. Thinking about this some more, maybe the issue is that we mean >> different things when we say VIP? In my mind: >> >> * a "VIP" is an (IP address, UDP port) tuple. The V stands for virtual in >> the >> sense that two separate servers can both have the same IP due to >> anycast. >> >> * an "ingress VIP" is the VIP that the client sends packets to. In the >> document >> this is called a "client-facing socket". >> >> * an "egress VIP" is the VIP that the target sends packets to. In the >> document >> this is called a "target-facing socket". >> >> Ingress VIPs are very common in practice. Many CDNs will use anycast and >> have an ingress VIP that represents a fleet of frontends. Egress VIPs >> however, >> don't make any sense to me, because you'd never want anycast on egress >> IPs. >> >> Could you help reframe the P2/P3 shared VIP point in terms of ingress and >> egress VIPs please? >> >> Thanks, >> David >> >> >> On Fri, Oct 20, 2023 at 3:00 PM Martin Duke <martin.h.duke@gmail.com> >> wrote: >> >>> As I continue to think about this, I'm not sure that authentication even >>> solves the problem. The client could authenticate with each client, sure, >>> but to P1, P2 and P3 are essentially targets. Targets, obviously will not >>> do anything special just because this is a connection over MASQUE, so there >>> cannot be a special mechanism for P1 to verify authenticity of packets from >>> the target, unless it has the target-client session keys. >>> >>> On Fri, Oct 20, 2023 at 12:14 PM Martin Duke <martin.h.duke@gmail.com> >>> wrote: >>> >>>> I should add that another way to thwart this attack is to require the >>>> proxy to open a new target-facing socket for every client request. Then the >>>> packet incoming to P1 would be disambiguated by the destination IP/port. >>>> Not opening a new socket is currently allowed in the spec, which IIUC is a >>>> change from CONNECT-UDP. >>>> >>>> So the proxy vulnerability occurs if >>>> (1) P2/P3 share a VIP, >>>> (2) P1 is not load balanced, so that the attacker can directly target >>>> it, and >>>> (3) P1 is not opening unique target-facing sockets for each request, >>>> even though the target IP/port are the same. >>>> >>>> On Fri, Oct 20, 2023 at 11:56 AM Martin Duke <martin.h.duke@gmail.com> >>>> wrote: >>>> >>>>> Forwarded packets from the client SHOULD count. The draft is silent >>>>> about forwarded packets from the target. >>>>> >>>>> But fair enough, the client needs to do just enough to keep it alive. >>>>> >>>>> On Fri, Oct 20, 2023 at 11:15 AM Ben Schwartz <bemasc@meta.com> wrote: >>>>> >>>>>> I'm not sure the client can actually "go away". If the HTTP >>>>>> connection ends, the forwarding sessions will also end, so this can be >>>>>> addressed by setting a QUIC max_idle_timeout. >>>>>> >>>>>> This assumes that forwarded packets don't count toward the idle >>>>>> timeout, which they shouldn't. We might need to say that in the draft. >>>>>> >>>>>> --Ben >>>>>> ------------------------------ >>>>>> *From:* Masque <masque-bounces@ietf.org> on behalf of Martin Duke < >>>>>> martin.h.duke@gmail.com> >>>>>> *Sent:* Friday, October 20, 2023 1:47 PM >>>>>> *To:* Ben Schwartz <bemasc@meta.com> >>>>>> *Cc:* MASQUE <masque@ietf.org> >>>>>> *Subject:* Re: [Masque] Forwarded Mode infinite loops >>>>>> >>>>>> Ben, Replies inline. On Fri, Oct 20, 2023 at 9: 53 AM Ben Schwartz >>>>>> <bemasc@ meta. com> wrote: Loops! This is a fun attack. It seems >>>>>> like there are probably lots of loopy configurations if you have access to >>>>>> two or more proxies. Most of the >>>>>> Ben, >>>>>> >>>>>> Replies inline. >>>>>> >>>>>> On Fri, Oct 20, 2023 at 9:53 AM Ben Schwartz <bemasc@meta.com> wrote: >>>>>> >>>>>> Loops! This is a fun attack. It seems like there are probably lots >>>>>> of loopy configurations if you have access to two or more proxies. >>>>>> >>>>>> Most of the encryption discussion for forwarded mode has focused on >>>>>> unauthenticated encryption, which wouldn't help here. >>>>>> >>>>>> >>>>>> I have not seen a written proposal in this space, but if the >>>>>> encryption scheme has no authentication properties it doesn't mitigate >>>>>> pretty basic DoS attacks. Perhaps this attack creates a new design >>>>>> requirement for encryption? >>>>>> >>>>>> >>>>>> Changing who chooses the Connection IDs could help, but proxy-chosen >>>>>> CIDs are not necessarily high entropy, so there's no clear guarantee. >>>>>> >>>>>> >>>>>> IIUC your contention is that this arises when P3 and P2 both happen >>>>>> to select CID1 as the virtual connection ID. A well-intentioned client >>>>>> would therefore register CID1 to P1 twice, and P1 would reject it as a >>>>>> duplicate in one of those instances, avoiding a loop. >>>>>> >>>>>> However, a malicious client could note the conflict and just register >>>>>> CID3 to P1 instead, creating the same attack. >>>>>> >>>>>> I do think that if we try to fix this with proxy-chooses, there need >>>>>> to be some minimum size limits to avoid this kind of thing. If CIDs are 64 >>>>>> bits (or even 32!) I feel pretty good about this not being an exploitable >>>>>> attack. >>>>>> >>>>>> >>>>>> Ultimately, I'm not sure this matters. A hostile client can impose >>>>>> pretty much arbitrarily amplified load on the forwarder anyway, e.g. by >>>>>> downloading a large file and forging ACKs to dropped packets so that >>>>>> congestion control ramps up to infinity. Forwarders will need defenses to >>>>>> rate-limit or cap abusive clients. That said, it's probably worth fixing >>>>>> if there's an easy solution. >>>>>> >>>>>> >>>>>> I agree there are other attacks -- in fact, I have other >>>>>> amplification attacks in mind, which will write about another day. >>>>>> >>>>>> What is particularly pernicious about this attack is that a single >>>>>> attacker packet results in infinity packets in the proxy path. This flow >>>>>> can be "rate limited" but the client can go away and this persists forever. >>>>>> >>>>>> Buit >>>>>> >>>>>> >>>>>> >>>>>> --Ben >>>>>> ------------------------------ >>>>>> *From:* Masque <masque-bounces@ietf.org> on behalf of Martin Duke < >>>>>> martin.h.duke@gmail.com> >>>>>> *Sent:* Wednesday, October 18, 2023 5:25 PM >>>>>> *To:* MASQUE <masque@ietf.org> >>>>>> *Subject:* [Masque] Forwarded Mode infinite loops >>>>>> >>>>>> Hello MASQUE, (with no hats on) I was playing with some annoying but >>>>>> manageable amplification attacks on CONNECT-UDP forwarding mode. Those will >>>>>> have to wait for another day, because the current draft has a fatal >>>>>> vulnerability, though one that >>>>>> Hello MASQUE, >>>>>> >>>>>> (with no hats on) >>>>>> >>>>>> I was playing with some annoying but manageable amplification attacks >>>>>> on CONNECT-UDP forwarding mode. Those will have to wait for another day, >>>>>> because the current draft has a fatal vulnerability, though one that we can >>>>>> fix pretty easily. >>>>>> >>>>>> If I've gotten something incorrect, please say so! It wouldn't be the >>>>>> first time. >>>>>> >>>>>> Recall that for forwarded mode, clients notify the proxy of the >>>>>> connection ID they are advertising to the target, and in the same >>>>>> capsule propose a "virtual connection ID" for use on the proxy-client path. >>>>>> (IIUC, this virtual CID is to prevent association of the packets on either >>>>>> end of the proxy). >>>>>> >>>>>> I reiterate that we are talking about the CLIENT connection ID and >>>>>> its virtual counterparts, not the target. >>>>>> >>>>>> Consider the following very stupid topology that a client C could >>>>>> construct to target T via various proxies. Crucially, P2 and P3 are from >>>>>> the same provider and share a VIP.* This wrinkle eliminates some really >>>>>> simple mitigations for what I'm about to describe. >>>>>> >>>>>> C -> P1 -> P2 -> P1 -> P3 -> T >>>>>> >>>>>> An otherwise well-intentioned client would advertise client >>>>>> Connection ID CID0 to T, and via REGISTER_CLIENT_CID capsules might set up >>>>>> the rest like so: >>>>>> >>>>>> Nodes C P1 P2 P1 P3 T >>>>>> CID on wire CID4 CID3 CID2 CID1 CID0 >>>>>> >>>>>> So far, so good. A packet that leaves T will be destined for CID0. >>>>>> The destination CID will be rewritten in turn, arriving at C with CID4. >>>>>> >>>>>> However, a malicious client can register CIDs with the proxies as >>>>>> follows: >>>>>> Nodes C P1 P2 P1 P3 T >>>>>> CID on wire CID4 CID3 / CID1 CID2 CID1 CID0 >>>>>> >>>>>> The only change is that P2 is "incorrectly" configured by the client >>>>>> to rewrite incoming CID2 as CID1. As far as P2 is concerned, everything is >>>>>> seems legit unless it is sharing enormous amounts of CID state with its >>>>>> partner P3. Everything else is unchanged. >>>>>> >>>>>> Thus, a packet leaving T with CID0 will be rewritten to CID1 and >>>>>> routed to P1; P1 will then route it to P2 with CID2. Then that gets routed >>>>>> back to P1 with CID1, and the P1-P2-P1 loop continues to infinity. The >>>>>> attacker can put as many proxy hops as it likes in that chain. >>>>>> >>>>>> There are a few pretty simple things that can break this doom loop. >>>>>> - Do encryption at each MASQUE hop, as previously proposed. This >>>>>> verifies the previous hop of the packet and drops those where the CID does >>>>>> not have the correct origin. >>>>>> - Have the proxy provide the virtual CID instead of the client. >>>>>> Client control is the root of these problems. >>>>>> - Eliminate virtual client CIDs and just take the L on linkability in >>>>>> that case >>>>>> >>>>>> Martin >>>>>> >>>>>> * Interestingly, this attack requires at least one proxy in the path >>>>>> (P1 in this case) to not be load balanced or have an easily manipulated >>>>>> load balancer, so that two QUIC connection attempts can with high >>>>>> probability go to the same device. >>>>>> >>>>>> -- >>> Masque mailing list >>> Masque@ietf.org >>> https://www.ietf.org/mailman/listinfo/masque >>> >> -- > Masque mailing list > Masque@ietf.org > https://www.ietf.org/mailman/listinfo/masque > > > -- > Masque mailing list > Masque@ietf.org > https://www.ietf.org/mailman/listinfo/masque >
- [Masque] Forwarded Mode infinite loops Martin Duke
- Re: [Masque] Forwarded Mode infinite loops Ben Schwartz
- Re: [Masque] Forwarded Mode infinite loops Eric Rosenberg
- Re: [Masque] Forwarded Mode infinite loops Ben Schwartz
- Re: [Masque] Forwarded Mode infinite loops Eric Rosenberg
- Re: [Masque] Forwarded Mode infinite loops Martin Duke
- Re: [Masque] Forwarded Mode infinite loops Martin Duke
- Re: [Masque] Forwarded Mode infinite loops Ben Schwartz
- Re: [Masque] Forwarded Mode infinite loops Martin Duke
- Re: [Masque] Forwarded Mode infinite loops Ben Schwartz
- Re: [Masque] Forwarded Mode infinite loops Martin Duke
- Re: [Masque] Forwarded Mode infinite loops Martin Duke
- Re: [Masque] Forwarded Mode infinite loops David Schinazi
- Re: [Masque] Forwarded Mode infinite loops Martin Duke
- Re: [Masque] Forwarded Mode infinite loops Tommy Pauly
- Re: [Masque] Forwarded Mode infinite loops Ian Swett
- Re: [Masque] Forwarded Mode infinite loops Martin Duke
- Re: [Masque] Forwarded Mode infinite loops Tommy Pauly
- Re: [Masque] Forwarded Mode infinite loops David Schinazi
- Re: [Masque] Forwarded Mode infinite loops Martin Duke
- Re: [Masque] Forwarded Mode infinite loops Alex Chernyakhovsky
- Re: [Masque] Forwarded Mode infinite loops Martin Duke