From owner-freebsd-net@FreeBSD.ORG Wed Apr 9 07:35:09 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 190FF1065677 for ; Wed, 9 Apr 2008 07:35:09 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id C679B8FC1B for ; Wed, 9 Apr 2008 07:35:08 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 799A441C7A7; Wed, 9 Apr 2008 09:35:06 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id GGI1RUqFeiFU; Wed, 9 Apr 2008 09:35:05 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id 9C10541C7AC; Wed, 9 Apr 2008 09:35:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 8695F44487F; Wed, 9 Apr 2008 07:31:43 +0000 (UTC) Date: Wed, 9 Apr 2008 07:31:43 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: blue In-Reply-To: <47FC590B.9010608@zyxel.com.tw> Message-ID: <20080409072517.Y66744@maildrop.int.zabbadoz.net> References: <47FC590B.9010608@zyxel.com.tw> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-net@freebsd.org Subject: Re: [ipsec] Packet Too Big message handling in esp6_ctlinput() X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Apr 2008 07:35:09 -0000 On Wed, 9 Apr 2008, blue wrote: Hi, > In line 814 to line 843 in esp6_ctlinput(), > ... > I don't know why ESP needs to take care of ICMP Packet Too Big message > specially since icmp6_mtudisc_update() will be called in > icmp6_notify_error(), > which will already update the PMTU of the host. I think the codes here could > be removed. I am wondering if the correct solution would be to limit the ICMP6_PACKET_TOO_BIG handling in icmp6_notify_error() to the non-esp cases as I think that we would actually only want to update the hc if there is an SA and it is valid. Looking at the original KAME repo you can see that the code in icmp6_notify_error() was done before esp6_ctlinput(): http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/icmp6.c#rev1.43 and http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/esp_input.c#rev1.35 What has been there since that time seems bogus for ESP, indeed. What do you think? /bz -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT Software is harder than hardware so better get it right the first time.