[ipsec] Packet Too Big message handling in esp6_ctlinput()
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Wed Apr 9 07:35:09 UTC 2008
On Wed, 9 Apr 2008, blue wrote:
Hi,
> In line 814 to line 843 in esp6_ctlinput(),
>
...
> I don't know why ESP needs to take care of ICMP Packet Too Big message
> specially since icmp6_mtudisc_update() will be called in
> icmp6_notify_error(),
> which will already update the PMTU of the host. I think the codes here could
> be removed.
I am wondering if the correct solution would be to limit the
ICMP6_PACKET_TOO_BIG handling in icmp6_notify_error() to the non-esp
cases as I think that we would actually only want to update the hc
if there is an SA and it is valid.
Looking at the original KAME repo you can see that the code in
icmp6_notify_error() was done before esp6_ctlinput():
http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/icmp6.c#rev1.43
and
http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/esp_input.c#rev1.35
What has been there since that time seems bogus for ESP, indeed.
What do you think?
/bz
--
Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT
Software is harder than hardware so better get it right the first time.
More information about the freebsd-net
mailing list