Date: Tue, 28 Aug 2007 09:25:49 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: blue <susan.lan@zyxel.com.tw> Cc: freebsd-net@freebsd.org Subject: Re: infinite loop in esp6_ctlinput()? Message-ID: <20070828092348.Y87821@maildrop.int.zabbadoz.net> In-Reply-To: <46D3B747.1090903@zyxel.com.tw> References: <46D38543.4020507@zyxel.com.tw> <m11wdote2t.wl%jinmei@isl.rdc.toshiba.co.jp> <46D3B747.1090903@zyxel.com.tw>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 28 Aug 2007, blue wrote: Hi, > Since our device adopts the IPsec codes from BSD, our device will have > infinite loop after receiving ICMP packet too big message. > I am not sure whether BSD itself will have the problem or not (maybe needs > further testing). In IPSEC, esp6_ctlinput() still calls pfctlinput2(), which > is the root cause of the infinite loop. you were talking about IPSEC vs. FAST_IPSEC so I guess you are on RELENG_6 or is that HEAD. Would be helpful to know where exactly (though I guess looking at the code I could find out). Is it the problem reported here[1] that you are describing? /bz [1] http://lists.freebsd.org/pipermail/freebsd-current/2007-August/076478.html > Best regards, > > Yi-Wen > > JINMEI Tatuya / ???? wrote: > >> At Tue, 28 Aug 2007 10:15:31 +0800, >> blue <susan.lan@zyxel.com.tw> wrote: >> >> >>> When receiving a "packet too big" ICMP error message, FreeBSD will call >>> the ctlinput() function of the upper protocol. If the preceding packet is >>> an ESP IPv6 packet, then FreeBSD will call esp6_ctlinput(). In >>> esp6_ctlinput(), pfctlinput2() will be executed to traverse all possible >>> upper protocols, and call their registered ctlinput() function. However, >>> that would call esp6_ctlinput() again since ESP is one of the upper >>> protocols! Then an infinite loop occurs!! >>> >> >> From a quick look at the code, there's a slight difference between the >> IPSEC (netinet6/esp_input.c) and FAST_IPSEC (netipsec/ipsec_input.c) >> implementations. I suspect the loop doesn't occur at least for the >> esp_input.c version. Did you actually see the loop for both, or are >> you guessing from the code? >> >> >>> After comparing both IPSEC and FAST_IPSEC, the operations are exactly the >>> same. Is it a bug? >>> >> >> If it actually causes an infinite loop, it's a bug, of course. >> >> JINMEI, Tatuya >> Communication Platform Lab. >> Corporate R&D Center, Toshiba Corp. >> jinmei@isl.rdc.toshiba.co.jp >> >> > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT Software is harder than hardware so better get it right the first time.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070828092348.Y87821>