Re: infinite loop in esp6_ctlinput()?

Hi,

According to the GDB backtrace, I think this is what I am talking about.

Besides, this would result in infinite loop just by looking at the codes. However, the author seems knowing the problem, too. The comments in esp6_ctlinput() point out:
/*
* Although pfctlinput2 will call esp6_ctlinput(), there is
* no possibility of an infinite loop of function calls,
* because we don't pass the inner IPv6 header.
*/

I am not sure what the description means. The behavior of esp6_ctlinput() is the same in HEAD, too.

Best regards,

Yi-Wen

Bjoern A. Zeeb wrote:

On Tue, 28 Aug 2007, blue wrote:

Hi,

Since our device adopts the IPsec codes from BSD, our device will have infinite loop after receiving ICMP packet too big message.
I am not sure whether BSD itself will have the problem or not (maybe needs further testing). In IPSEC, esp6_ctlinput() still calls pfctlinput2(), which is the root cause of the infinite loop.


you were talking about IPSEC vs. FAST_IPSEC so I guess you are on
RELENG_6 or is that HEAD. Would be helpful to know where exactly
(though I guess looking at the code I could find out).

Is it the problem reported here[1] that you are describing?


/bz


[1] http://lists.freebsd.org/pipermail/freebsd-current/2007-August/076478.html


Best regards,

Yi-Wen

JINMEI Tatuya / ???? wrote:

At Tue, 28 Aug 2007 10:15:31 +0800,
blue <susan.lan@xxxxxxxxxxxx> wrote:


When receiving a "packet too big" ICMP error message, FreeBSD will call the ctlinput() function of the upper protocol. If the preceding packet is an ESP IPv6 packet, then FreeBSD will call esp6_ctlinput(). In esp6_ctlinput(), pfctlinput2() will be executed to traverse all possible upper protocols, and call their registered ctlinput() function. However, that would call esp6_ctlinput() again since ESP is one of the upper protocols! Then an infinite loop occurs!!


From a quick look at the code, there's a slight difference between the
IPSEC (netinet6/esp_input.c) and FAST_IPSEC (netipsec/ipsec_input.c)
implementations. I suspect the loop doesn't occur at least for the
esp_input.c version. Did you actually see the loop for both, or are
you guessing from the code?


After comparing both IPSEC and FAST_IPSEC, the operations are exactly the same. Is it a bug?


If it actually causes an infinite loop, it's a bug, of course.

JINMEI, Tatuya
Communication Platform Lab.
Corporate R&D Center, Toshiba Corp.
jinmei@xxxxxxxxxxxxxxxxxxxxx



_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"



_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: infinite loop in esp6_ctlinput()?
    ... In IPSEC, esp6_ctlinputstill calls pfctlinput2, which is the root cause of the infinite loop. ... If the preceding packet is an ESP IPv6 packet, ... In esp6_ctlinput, pfctlinput2will be executed to traverse all possible upper protocols, and call their registered ctlinputfunction. ...
    (freebsd-net)
  • Re: infinite loop in esp6_ctlinput()?
    ... Since our device adopts the IPsec codes from BSD, our device will have infinite loop after receiving ICMP packet too big message. ...
    (freebsd-net)
  • Re: Random BugCheck in NdisAllocateMemoryWithTag , Need Help in NDIS driver
    ... You could be caught in an infinite loop. ... ESPECIALLY in you see the problem when Ethereal (or any other packet sniffer) is running. ... You must add logic in your receive handlers to detect when you are receiving a packet that you have sent yourself. ...
    (microsoft.public.development.device.drivers)