Date: Wed, 9 Apr 2008 07:31:43 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: blue <susan.lan@zyxel.com.tw> Cc: freebsd-net@freebsd.org Subject: Re: [ipsec] Packet Too Big message handling in esp6_ctlinput() Message-ID: <20080409072517.Y66744@maildrop.int.zabbadoz.net> In-Reply-To: <47FC590B.9010608@zyxel.com.tw> References: <47FC590B.9010608@zyxel.com.tw>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 9 Apr 2008, blue wrote: Hi, > In line 814 to line 843 in esp6_ctlinput(), > ... > I don't know why ESP needs to take care of ICMP Packet Too Big message > specially since icmp6_mtudisc_update() will be called in > icmp6_notify_error(), > which will already update the PMTU of the host. I think the codes here could > be removed. I am wondering if the correct solution would be to limit the ICMP6_PACKET_TOO_BIG handling in icmp6_notify_error() to the non-esp cases as I think that we would actually only want to update the hc if there is an SA and it is valid. Looking at the original KAME repo you can see that the code in icmp6_notify_error() was done before esp6_ctlinput(): http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/icmp6.c#rev1.43 and http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/esp_input.c#rev1.35 What has been there since that time seems bogus for ESP, indeed. What do you think? /bz -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT Software is harder than hardware so better get it right the first time.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080409072517.Y66744>