From owner-freebsd-net@FreeBSD.ORG Wed Apr 9 05:52:08 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7D86F106564A for ; Wed, 9 Apr 2008 05:52:08 +0000 (UTC) (envelope-from Susan.Lan@zyxel.com.tw) Received: from zyfb01-66.zyxel.com.tw (zyfb01-66.zyxel.com.tw [59.124.183.66]) by mx1.freebsd.org (Postfix) with ESMTP id 282FD8FC19 for ; Wed, 9 Apr 2008 05:52:07 +0000 (UTC) (envelope-from Susan.Lan@zyxel.com.tw) Received: from ZyTWBE03.ZyXEL.com ([172.23.5.49]) by zyfb01-66.zyxel.com.tw with Microsoft SMTPSVC(6.0.3790.1830); Wed, 9 Apr 2008 13:52:06 +0800 Received: from zytwfe01.zyxel.com ([172.23.5.5]) by ZyTWBE03.ZyXEL.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 9 Apr 2008 13:52:06 +0800 Received: from [172.23.17.141] ([172.23.17.141]) by zytwfe01.zyxel.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 9 Apr 2008 13:52:06 +0800 Message-ID: <47FC590B.9010608@zyxel.com.tw> Date: Wed, 09 Apr 2008 13:50:03 +0800 From: blue User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 09 Apr 2008 05:52:06.0265 (UTC) FILETIME=[D7983690:01C89A05] Subject: [ipsec] Packet Too Big message handling in esp6_ctlinput() X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Apr 2008 05:52:08 -0000 Dear all: In line 814 to line 843 in esp6_ctlinput(), if (cmd == PRC_MSGSIZE) { struct secasvar *sav; u_int32_t spi; int valid; /* check header length before using m_copydata */ if (m->m_pkthdr.len < off + sizeof (struct esp)) return; m_copydata(m, off + offsetof(struct esp, esp_spi), sizeof(u_int32_t), (caddr_t) &spi); /* * Check to see if we have a valid SA corresponding to * the address in the ICMP message payload. */ sav = KEY_ALLOCSA((union sockaddr_union *)sa, IPPROTO_ESP, spi); valid = (sav != NULL); if (sav) KEY_FREESAV(&sav); /* XXX Further validation? */ /* * Depending on whether the SA is "valid" and * routing table size (mtudisc_{hi,lo}wat), we will: * - recalcurate the new MTU and create the * corresponding routing entry, or * - ignore the MTU change notification. */ icmp6_mtudisc_update(ip6cp, valid); } I don't know why ESP needs to take care of ICMP Packet Too Big message specially since icmp6_mtudisc_update() will be called in icmp6_notify_error(), which will already update the PMTU of the host. I think the codes here could be removed. BR, Yi-Wen