infinite loop in esp6_ctlinput()?

Bjoern A. Zeeb bzeeb-lists at lists.zabbadoz.net
Tue Aug 28 02:26:02 PDT 2007 

On Tue, 28 Aug 2007, blue wrote:

Hi,

> Since our device adopts the IPsec codes from BSD, our device will have 
> infinite loop after receiving ICMP packet too big message.
> I am not sure whether BSD itself  will have the problem or not (maybe needs 
> further testing). In IPSEC, esp6_ctlinput() still calls pfctlinput2(), which 
> is the root cause of the infinite loop.

you were talking about IPSEC vs. FAST_IPSEC so I guess you are on
RELENG_6 or is that HEAD. Would be helpful to know where exactly
(though I guess looking at the code I could find out).

Is it the problem reported here[1] that you are describing?


/bz


[1] http://lists.freebsd.org/pipermail/freebsd-current/2007-August/076478.html

> Best regards,
>
> Yi-Wen
>
> JINMEI Tatuya / ???? wrote:
>
>> At Tue, 28 Aug 2007 10:15:31 +0800,
>> blue <susan.lan at zyxel.com.tw> wrote:
>>
>> 
>>> When receiving a "packet too big" ICMP error message, FreeBSD will call 
>>> the ctlinput() function of the upper protocol. If the preceding packet is 
>>> an ESP  IPv6 packet, then FreeBSD will call esp6_ctlinput(). In 
>>> esp6_ctlinput(), pfctlinput2() will be executed to traverse all possible 
>>> upper protocols, and call their registered ctlinput() function. However, 
>>> that would call esp6_ctlinput() again since ESP is one of the upper 
>>> protocols! Then an infinite loop occurs!!
>>> 
>> 
>> From a quick look at the code, there's a slight difference between the
>> IPSEC (netinet6/esp_input.c) and FAST_IPSEC (netipsec/ipsec_input.c)
>> implementations.  I suspect the loop doesn't occur at least for the
>> esp_input.c version.  Did you actually see the loop for both, or are
>> you guessing from the code?
>>
>> 
>>> After comparing both IPSEC and FAST_IPSEC, the operations are exactly the 
>>> same. Is it a bug?
>>> 
>> 
>> If it actually causes an infinite loop, it's a bug, of course.
>>
>> 					JINMEI, Tatuya
>> 					Communication Platform Lab.
>> 					Corporate R&D Center, Toshiba Corp.
>> 					jinmei at isl.rdc.toshiba.co.jp
>>
>> 
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>

-- 
Bjoern A. Zeeb                                 bzeeb at Zabbadoz dot NeT
Software is harder than hardware  so better get it right the first time.

More information about the freebsd-net mailing list