From owner-freebsd-net@FreeBSD.ORG Tue Aug 28 05:48:52 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B1B3316A417 for ; Tue, 28 Aug 2007 05:48:52 +0000 (UTC) (envelope-from Susan.Lan@zyxel.com.tw) Received: from zyfb01-66.zyxel.com.tw (zyfb01-66.zyxel.com.tw [59.124.183.66]) by mx1.freebsd.org (Postfix) with ESMTP id 547FF13C428 for ; Tue, 28 Aug 2007 05:48:51 +0000 (UTC) (envelope-from Susan.Lan@zyxel.com.tw) Received: from zytwbe01.zyxel.com ([172.23.5.10]) by zyfb01-66.zyxel.com.tw with Microsoft SMTPSVC(6.0.3790.1830); Tue, 28 Aug 2007 13:48:50 +0800 Received: from zytwfe01.ZyXEL.com ([172.23.5.5]) by zytwbe01.zyxel.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 28 Aug 2007 13:48:50 +0800 Received: from [172.23.17.9] ([172.23.17.9]) by zytwfe01.ZyXEL.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 28 Aug 2007 13:48:50 +0800 Message-ID: <46D3B747.1090903@zyxel.com.tw> Date: Tue, 28 Aug 2007 13:48:55 +0800 From: blue User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103) X-Accept-Language: en-us, en MIME-Version: 1.0 CC: freebsd-net@freebsd.org References: <46D38543.4020507@zyxel.com.tw> In-Reply-To: X-OriginalArrivalTime: 28 Aug 2007 05:48:50.0655 (UTC) FILETIME=[1C0EBEF0:01C7E937] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: infinite loop in esp6_ctlinput()? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Aug 2007 05:48:52 -0000 Since our device adopts the IPsec codes from BSD, our device will have infinite loop after receiving ICMP packet too big message. I am not sure whether BSD itself will have the problem or not (maybe needs further testing). In IPSEC, esp6_ctlinput() still calls pfctlinput2(), which is the root cause of the infinite loop. Best regards, Yi-Wen JINMEI Tatuya / ???? wrote: >At Tue, 28 Aug 2007 10:15:31 +0800, >blue wrote: > > > >>When receiving a "packet too big" ICMP error message, FreeBSD will call >>the ctlinput() function of the upper protocol. If the preceding packet >>is an ESP IPv6 packet, then FreeBSD will call esp6_ctlinput(). In >>esp6_ctlinput(), pfctlinput2() will be executed to traverse all possible >>upper protocols, and call their registered ctlinput() function. However, >>that would call esp6_ctlinput() again since ESP is one of the upper >>protocols! Then an infinite loop occurs!! >> >> > >From a quick look at the code, there's a slight difference between the >IPSEC (netinet6/esp_input.c) and FAST_IPSEC (netipsec/ipsec_input.c) >implementations. I suspect the loop doesn't occur at least for the >esp_input.c version. Did you actually see the loop for both, or are >you guessing from the code? > > > >>After comparing both IPSEC and FAST_IPSEC, the operations are exactly >>the same. Is it a bug? >> >> > >If it actually causes an infinite loop, it's a bug, of course. > > JINMEI, Tatuya > Communication Platform Lab. > Corporate R&D Center, Toshiba Corp. > jinmei@isl.rdc.toshiba.co.jp > > >