CASE-804 — The kernel may be blocked by a packet cyclically fastrouted on lo0
A packet filter FILTER-ACL may bypass the kernel IP stack and route a packet directly by specifying a FASTROUTE. If the packet destination is a local IP address, the packet will be routed via interface lo0.
Hence it will be received again immediately. If it matches FILTER-ACL with FASTROUTE again, it will become cycling on lo0. Processing of the packet hangs up a single-processor system and severely degrades performance of a multi-processor system. To reduce probability of such a misconfiguration, a FILTER-ACL with FASTROUTE should be always limited to a specific (non-loopback) interface.