Date: Tue, 28 Aug 2007 14:36:58 +0900 From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= <jinmei@isl.rdc.toshiba.co.jp> To: blue <susan.lan@zyxel.com.tw> Cc: freebsd-net@freebsd.org Subject: Re: infinite loop in esp6_ctlinput()? Message-ID: <m11wdote2t.wl%jinmei@isl.rdc.toshiba.co.jp> In-Reply-To: <46D38543.4020507@zyxel.com.tw> References: <46D38543.4020507@zyxel.com.tw>
next in thread | previous in thread | raw e-mail | index | archive | help
At Tue, 28 Aug 2007 10:15:31 +0800, blue <susan.lan@zyxel.com.tw> wrote: > When receiving a "packet too big" ICMP error message, FreeBSD will call=20 > the ctlinput() function of the upper protocol. If the preceding packet=20 > is an ESP IPv6 packet, then FreeBSD will call esp6_ctlinput(). In=20 > esp6_ctlinput(), pfctlinput2() will be executed to traverse all possible = > upper protocols, and call their registered ctlinput() function. However, = > that would call esp6_ctlinput() again since ESP is one of the upper=20 > protocols! Then an infinite loop occurs!! =46rom a quick look at the code, there's a slight difference between the IPSEC (netinet6/esp_input.c) and FAST_IPSEC (netipsec/ipsec_input.c) implementations. I suspect the loop doesn't occur at least for the esp_input.c version. Did you actually see the loop for both, or are you guessing from the code? > After comparing both IPSEC and FAST_IPSEC, the operations are exactly=20 > the same. Is it a bug? If it actually causes an infinite loop, it's a bug, of course. JINMEI, Tatuya Communication Platform Lab. Corporate R&D Center, Toshiba Corp. jinmei@isl.rdc.toshiba.co.jp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m11wdote2t.wl%jinmei>