Date: Wed, 29 Aug 2007 00:28:47 +0900 From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= <jinmei@isl.rdc.toshiba.co.jp> To: blue <susan.lan@zyxel.com.tw> Cc: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>, freebsd-net@freebsd.org Subject: Re: infinite loop in esp6_ctlinput()? Message-ID: <m1tzqjsmog.wl%jinmei@isl.rdc.toshiba.co.jp> In-Reply-To: <46D40BB7.4060100@zyxel.com.tw> References: <46D38543.4020507@zyxel.com.tw> <m11wdote2t.wl%jinmei@isl.rdc.toshiba.co.jp> <46D3B747.1090903@zyxel.com.tw> <20070828092348.Y87821@maildrop.int.zabbadoz.net> <46D40BB7.4060100@zyxel.com.tw>
next in thread | previous in thread | raw e-mail | index | archive | help
At Tue, 28 Aug 2007 19:49:11 +0800,
blue <susan.lan@zyxel.com.tw> wrote:
> According to the GDB backtrace, I think this is what I am talking about.
>
> Besides, this would result in infinite loop just by looking at the
> codes. However, the author seems knowing the problem, too. The comments
> in esp6_ctlinput() point out:
> /*
> * Although pfctlinput2 will call esp6_ctlinput(), there is
> * no possibility of an infinite loop of function calls,
> * because we don't pass the inner IPv6 header.
> */
>
> I am not sure what the description means. The behavior of
> esp6_ctlinput() is the same in HEAD, too.
This means that variable 'ip6' should be NULL for the second time
esp6_ctlinput() is called in the esp_input.c ("non-FAST" IPSEC)
version. It prevents the function calls from making an infinite loop.
On the other hand, the ipsec_input.c (FAST_IPSEC) version only seems
to check ip6ctlparam * ('d') is NULL, making the infinite sequence of
calls possible.
JINMEI, Tatuya
Communication Platform Lab.
Corporate R&D Center, Toshiba Corp.
jinmei@isl.rdc.toshiba.co.jp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m1tzqjsmog.wl%jinmei>