From owner-freebsd-net@FreeBSD.ORG  Tue Aug 28 06:19:38 2007
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0C56E16A417
	for <freebsd-net@freebsd.org>; Tue, 28 Aug 2007 06:19:38 +0000 (UTC)
	(envelope-from jinmei@isl.rdc.toshiba.co.jp)
Received: from shuttle.wide.toshiba.co.jp (shuttle.wide.toshiba.co.jp
	[202.249.10.124])
	by mx1.freebsd.org (Postfix) with ESMTP id CFF5B13C478
	for <freebsd-net@freebsd.org>; Tue, 28 Aug 2007 06:19:37 +0000 (UTC)
	(envelope-from jinmei@isl.rdc.toshiba.co.jp)
Received: from jmb.local (unknown [IPv6:2001:200:0:ff10:217:f2ff:fe40:2857])
	by shuttle.wide.toshiba.co.jp (Postfix) with ESMTP id 5B59173018;
	Tue, 28 Aug 2007 14:37:06 +0900 (JST)
Date: Tue, 28 Aug 2007 14:36:58 +0900
Message-ID: <m11wdote2t.wl%jinmei@isl.rdc.toshiba.co.jp>
From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?=
	<jinmei@isl.rdc.toshiba.co.jp>
To: blue <susan.lan@zyxel.com.tw>
In-Reply-To: <46D38543.4020507@zyxel.com.tw>
References: <46D38543.4020507@zyxel.com.tw>
User-Agent: Wanderlust/2.14.0 (Africa) Emacs/22.0 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
Cc: freebsd-net@freebsd.org
Subject: Re: infinite loop in esp6_ctlinput()?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Aug 2007 06:19:38 -0000

At Tue, 28 Aug 2007 10:15:31 +0800,
blue <susan.lan@zyxel.com.tw> wrote:

> When receiving a "packet too big" ICMP error message, FreeBSD will call=20
> the ctlinput() function of the upper protocol. If the preceding packet=20
> is an ESP  IPv6 packet, then FreeBSD will call esp6_ctlinput(). In=20
> esp6_ctlinput(), pfctlinput2() will be executed to traverse all possible =

> upper protocols, and call their registered ctlinput() function. However, =

> that would call esp6_ctlinput() again since ESP is one of the upper=20
> protocols! Then an infinite loop occurs!!

=46rom a quick look at the code, there's a slight difference between the
IPSEC (netinet6/esp_input.c) and FAST_IPSEC (netipsec/ipsec_input.c)
implementations.  I suspect the loop doesn't occur at least for the
esp_input.c version.  Did you actually see the loop for both, or are
you guessing from the code?

> After comparing both IPSEC and FAST_IPSEC, the operations are exactly=20
> the same. Is it a bug?

If it actually causes an infinite loop, it's a bug, of course.

					JINMEI, Tatuya
					Communication Platform Lab.
					Corporate R&D Center, Toshiba Corp.
					jinmei@isl.rdc.toshiba.co.jp