infinite loop in esp6_ctlinput()?
JINMEI Tatuya / 神明達哉
jinmei at isl.rdc.toshiba.co.jp
Tue Aug 28 08:33:58 PDT 2007
At Tue, 28 Aug 2007 19:49:11 +0800,
blue <susan.lan at zyxel.com.tw> wrote:
> According to the GDB backtrace, I think this is what I am talking about.
>
> Besides, this would result in infinite loop just by looking at the
> codes. However, the author seems knowing the problem, too. The comments
> in esp6_ctlinput() point out:
> /*
> * Although pfctlinput2 will call esp6_ctlinput(), there is
> * no possibility of an infinite loop of function calls,
> * because we don't pass the inner IPv6 header.
> */
>
> I am not sure what the description means. The behavior of
> esp6_ctlinput() is the same in HEAD, too.
This means that variable 'ip6' should be NULL for the second time
esp6_ctlinput() is called in the esp_input.c ("non-FAST" IPSEC)
version. It prevents the function calls from making an infinite loop.
On the other hand, the ipsec_input.c (FAST_IPSEC) version only seems
to check ip6ctlparam * ('d') is NULL, making the infinite sequence of
calls possible.
JINMEI, Tatuya
Communication Platform Lab.
Corporate R&D Center, Toshiba Corp.
jinmei at isl.rdc.toshiba.co.jp
More information about the freebsd-net
mailing list