From owner-freebsd-net@FreeBSD.ORG Tue Aug 28 11:49:08 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6137216A417 for ; Tue, 28 Aug 2007 11:49:08 +0000 (UTC) (envelope-from Susan.Lan@zyxel.com.tw) Received: from zyfb01-66.zyxel.com.tw (zyfb01-66.zyxel.com.tw [59.124.183.66]) by mx1.freebsd.org (Postfix) with ESMTP id 095AC13C428 for ; Tue, 28 Aug 2007 11:49:07 +0000 (UTC) (envelope-from Susan.Lan@zyxel.com.tw) Received: from zytwbe01.zyxel.com ([172.23.5.10]) by zyfb01-66.zyxel.com.tw with Microsoft SMTPSVC(6.0.3790.1830); Tue, 28 Aug 2007 19:49:06 +0800 Received: from zytwfe01.ZyXEL.com ([172.23.5.5]) by zytwbe01.zyxel.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 28 Aug 2007 19:49:06 +0800 Received: from [172.23.17.9] ([172.23.17.9]) by zytwfe01.ZyXEL.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 28 Aug 2007 19:49:05 +0800 Message-ID: <46D40BB7.4060100@zyxel.com.tw> Date: Tue, 28 Aug 2007 19:49:11 +0800 From: blue User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Bjoern A. Zeeb" References: <46D38543.4020507@zyxel.com.tw> <46D3B747.1090903@zyxel.com.tw> <20070828092348.Y87821@maildrop.int.zabbadoz.net> In-Reply-To: <20070828092348.Y87821@maildrop.int.zabbadoz.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 28 Aug 2007 11:49:05.0768 (UTC) FILETIME=[6FAB3E80:01C7E969] Cc: freebsd-net@freebsd.org Subject: Re: infinite loop in esp6_ctlinput()? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Aug 2007 11:49:08 -0000 Hi, According to the GDB backtrace, I think this is what I am talking about. Besides, this would result in infinite loop just by looking at the codes. However, the author seems knowing the problem, too. The comments in esp6_ctlinput() point out: /* * Although pfctlinput2 will call esp6_ctlinput(), there is * no possibility of an infinite loop of function calls, * because we don't pass the inner IPv6 header. */ I am not sure what the description means. The behavior of esp6_ctlinput() is the same in HEAD, too. Best regards, Yi-Wen Bjoern A. Zeeb wrote: > On Tue, 28 Aug 2007, blue wrote: > > Hi, > >> Since our device adopts the IPsec codes from BSD, our device will >> have infinite loop after receiving ICMP packet too big message. >> I am not sure whether BSD itself will have the problem or not (maybe >> needs further testing). In IPSEC, esp6_ctlinput() still calls >> pfctlinput2(), which is the root cause of the infinite loop. > > > you were talking about IPSEC vs. FAST_IPSEC so I guess you are on > RELENG_6 or is that HEAD. Would be helpful to know where exactly > (though I guess looking at the code I could find out). > > Is it the problem reported here[1] that you are describing? > > > /bz > > > [1] > http://lists.freebsd.org/pipermail/freebsd-current/2007-August/076478.html > > >> Best regards, >> >> Yi-Wen >> >> JINMEI Tatuya / ???? wrote: >> >>> At Tue, 28 Aug 2007 10:15:31 +0800, >>> blue wrote: >>> >>> >>>> When receiving a "packet too big" ICMP error message, FreeBSD will >>>> call the ctlinput() function of the upper protocol. If the >>>> preceding packet is an ESP IPv6 packet, then FreeBSD will call >>>> esp6_ctlinput(). In esp6_ctlinput(), pfctlinput2() will be executed >>>> to traverse all possible upper protocols, and call their registered >>>> ctlinput() function. However, that would call esp6_ctlinput() again >>>> since ESP is one of the upper protocols! Then an infinite loop >>>> occurs!! >>>> >>> >>> From a quick look at the code, there's a slight difference between the >>> IPSEC (netinet6/esp_input.c) and FAST_IPSEC (netipsec/ipsec_input.c) >>> implementations. I suspect the loop doesn't occur at least for the >>> esp_input.c version. Did you actually see the loop for both, or are >>> you guessing from the code? >>> >>> >>>> After comparing both IPSEC and FAST_IPSEC, the operations are >>>> exactly the same. Is it a bug? >>>> >>> >>> If it actually causes an infinite loop, it's a bug, of course. >>> >>> JINMEI, Tatuya >>> Communication Platform Lab. >>> Corporate R&D Center, Toshiba Corp. >>> jinmei@isl.rdc.toshiba.co.jp >>> >>> >> >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> >