Date: Tue, 28 Aug 2007 19:49:11 +0800 From: blue <susan.lan@zyxel.com.tw> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: freebsd-net@freebsd.org Subject: Re: infinite loop in esp6_ctlinput()? Message-ID: <46D40BB7.4060100@zyxel.com.tw> In-Reply-To: <20070828092348.Y87821@maildrop.int.zabbadoz.net> References: <46D38543.4020507@zyxel.com.tw> <m11wdote2t.wl%jinmei@isl.rdc.toshiba.co.jp> <46D3B747.1090903@zyxel.com.tw> <20070828092348.Y87821@maildrop.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
According to the GDB backtrace, I think this is what I am talking about.
Besides, this would result in infinite loop just by looking at the
codes. However, the author seems knowing the problem, too. The comments
in esp6_ctlinput() point out:
/*
* Although pfctlinput2 will call esp6_ctlinput(), there is
* no possibility of an infinite loop of function calls,
* because we don't pass the inner IPv6 header.
*/
I am not sure what the description means. The behavior of
esp6_ctlinput() is the same in HEAD, too.
Best regards,
Yi-Wen
Bjoern A. Zeeb wrote:
> On Tue, 28 Aug 2007, blue wrote:
>
> Hi,
>
>> Since our device adopts the IPsec codes from BSD, our device will
>> have infinite loop after receiving ICMP packet too big message.
>> I am not sure whether BSD itself will have the problem or not (maybe
>> needs further testing). In IPSEC, esp6_ctlinput() still calls
>> pfctlinput2(), which is the root cause of the infinite loop.
>
>
> you were talking about IPSEC vs. FAST_IPSEC so I guess you are on
> RELENG_6 or is that HEAD. Would be helpful to know where exactly
> (though I guess looking at the code I could find out).
>
> Is it the problem reported here[1] that you are describing?
>
>
> /bz
>
>
> [1]
> http://lists.freebsd.org/pipermail/freebsd-current/2007-August/076478.html
>
>
>> Best regards,
>>
>> Yi-Wen
>>
>> JINMEI Tatuya / ???? wrote:
>>
>>> At Tue, 28 Aug 2007 10:15:31 +0800,
>>> blue <susan.lan@zyxel.com.tw> wrote:
>>>
>>>
>>>> When receiving a "packet too big" ICMP error message, FreeBSD will
>>>> call the ctlinput() function of the upper protocol. If the
>>>> preceding packet is an ESP IPv6 packet, then FreeBSD will call
>>>> esp6_ctlinput(). In esp6_ctlinput(), pfctlinput2() will be executed
>>>> to traverse all possible upper protocols, and call their registered
>>>> ctlinput() function. However, that would call esp6_ctlinput() again
>>>> since ESP is one of the upper protocols! Then an infinite loop
>>>> occurs!!
>>>>
>>>
>>> From a quick look at the code, there's a slight difference between the
>>> IPSEC (netinet6/esp_input.c) and FAST_IPSEC (netipsec/ipsec_input.c)
>>> implementations. I suspect the loop doesn't occur at least for the
>>> esp_input.c version. Did you actually see the loop for both, or are
>>> you guessing from the code?
>>>
>>>
>>>> After comparing both IPSEC and FAST_IPSEC, the operations are
>>>> exactly the same. Is it a bug?
>>>>
>>>
>>> If it actually causes an infinite loop, it's a bug, of course.
>>>
>>> JINMEI, Tatuya
>>> Communication Platform Lab.
>>> Corporate R&D Center, Toshiba Corp.
>>> jinmei@isl.rdc.toshiba.co.jp
>>>
>>>
>>
>> _______________________________________________
>> freebsd-net@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-net
>> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>>
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46D40BB7.4060100>