Date: Wed, 09 Apr 2008 13:50:03 +0800 From: blue <susan.lan@zyxel.com.tw> To: freebsd-net@freebsd.org Subject: [ipsec] Packet Too Big message handling in esp6_ctlinput() Message-ID: <47FC590B.9010608@zyxel.com.tw>
next in thread | raw e-mail | index | archive | help
Dear all:
In line 814 to line 843 in esp6_ctlinput(),
if (cmd == PRC_MSGSIZE) {
struct secasvar *sav;
u_int32_t spi;
int valid;
/* check header length before using m_copydata */
if (m->m_pkthdr.len < off + sizeof (struct esp))
return;
m_copydata(m, off + offsetof(struct esp, esp_spi),
sizeof(u_int32_t), (caddr_t) &spi);
/*
* Check to see if we have a valid SA corresponding to
* the address in the ICMP message payload.
*/
sav = KEY_ALLOCSA((union sockaddr_union *)sa,
IPPROTO_ESP, spi);
valid = (sav != NULL);
if (sav)
KEY_FREESAV(&sav);
/* XXX Further validation? */
/*
* Depending on whether the SA is "valid" and
* routing table size (mtudisc_{hi,lo}wat), we will:
* - recalcurate the new MTU and create the
* corresponding routing entry, or
* - ignore the MTU change notification.
*/
icmp6_mtudisc_update(ip6cp, valid);
}
I don't know why ESP needs to take care of ICMP Packet Too Big message
specially since icmp6_mtudisc_update() will be called in
icmp6_notify_error(),
which will already update the PMTU of the host. I think the codes here
could be removed.
BR,
Yi-Wen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47FC590B.9010608>