[ipsec] Packet Too Big message handling in esp6_ctlinput()
blue
susan.lan at zyxel.com.tw
Wed Apr 9 05:52:08 UTC 2008
Dear all:
In line 814 to line 843 in esp6_ctlinput(),
if (cmd == PRC_MSGSIZE) {
struct secasvar *sav;
u_int32_t spi;
int valid;
/* check header length before using m_copydata */
if (m->m_pkthdr.len < off + sizeof (struct esp))
return;
m_copydata(m, off + offsetof(struct esp, esp_spi),
sizeof(u_int32_t), (caddr_t) &spi);
/*
* Check to see if we have a valid SA corresponding to
* the address in the ICMP message payload.
*/
sav = KEY_ALLOCSA((union sockaddr_union *)sa,
IPPROTO_ESP, spi);
valid = (sav != NULL);
if (sav)
KEY_FREESAV(&sav);
/* XXX Further validation? */
/*
* Depending on whether the SA is "valid" and
* routing table size (mtudisc_{hi,lo}wat), we will:
* - recalcurate the new MTU and create the
* corresponding routing entry, or
* - ignore the MTU change notification.
*/
icmp6_mtudisc_update(ip6cp, valid);
}
I don't know why ESP needs to take care of ICMP Packet Too Big message
specially since icmp6_mtudisc_update() will be called in
icmp6_notify_error(),
which will already update the PMTU of the host. I think the codes here
could be removed.
BR,
Yi-Wen
More information about the freebsd-net
mailing list