diff options
Diffstat (limited to 'en_US.ISO8859-1/books/developers-handbook/ipv6/chapter.xml')
-rw-r--r-- | en_US.ISO8859-1/books/developers-handbook/ipv6/chapter.xml | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/en_US.ISO8859-1/books/developers-handbook/ipv6/chapter.xml b/en_US.ISO8859-1/books/developers-handbook/ipv6/chapter.xml index 568cc8ba35..6a51621e89 100644 --- a/en_US.ISO8859-1/books/developers-handbook/ipv6/chapter.xml +++ b/en_US.ISO8859-1/books/developers-handbook/ipv6/chapter.xml @@ -822,16 +822,16 @@ fe80:2::%ep0/64 link#2 UC ep0</screen> packet processing code in the way BSD IPv4 code is implemented, kernel stack may overflow due to long function call chain. sys/netinet6 code is carefully designed to - avoid kernel stack overflow. Because of this, sys/netinet6 + avoid kernel stack overflow, so sys/netinet6 code defines its own protocol switch structure, as "struct ip6protosw" (see <filename>netinet6/ip6protosw.h</filename>). There is no such update to IPv4 part (sys/netinet) for compatibility, but small change is added to its pr_input() prototype. So - "struct ipprotosw" is also defined. Because of this, if you + "struct ipprotosw" is also defined. As a result, if you receive IPsec-over-IPv4 packet with massive number of IPsec headers, kernel stack may blow up. IPsec-over-IPv6 is okay. - (Off-course, for those all IPsec headers to be processed, + (Of-course, for those all IPsec headers to be processed, each such IPsec header must pass each IPsec check. So an anonymous attacker will not be able to do such an attack.)</para> |