At Tue, 28 Aug 2007 10:15:31 +0800,
blue <[EMAIL PROTECTED]> wrote:
> When receiving a "packet too big" ICMP error message, FreeBSD will call
> the ctlinput() function of the upper protocol. If the preceding packet
> is an ESP IPv6 packet, then FreeBSD will call esp6_ctlinput(). In
> esp6_ctlinput(), pfctlinput2() will be executed to traverse all possible
> upper protocols, and call their registered ctlinput() function. However,
> that would call esp6_ctlinput() again since ESP is one of the upper
> protocols! Then an infinite loop occurs!!
From a quick look at the code, there's a slight difference between the
IPSEC (netinet6/esp_input.c) and FAST_IPSEC (netipsec/ipsec_input.c)
implementations. I suspect the loop doesn't occur at least for the
esp_input.c version. Did you actually see the loop for both, or are
you guessing from the code?
> After comparing both IPSEC and FAST_IPSEC, the operations are exactly
> the same. Is it a bug?
If it actually causes an infinite loop, it's a bug, of course.
JINMEI, Tatuya
Communication Platform Lab.
Corporate R&D Center, Toshiba Corp.
[EMAIL PROTECTED]
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
