Hey, First off all, thanks for the patch, should we wait for FreeBSD 10.1, use 10.0/stable or patch it our selves?
Or is this going to be issued as Errata patch for FreeBSD 10.0-Release? (which I think it should be) Kind Regards, Robert Sevat > Subject: Re: kern/185876: ipfw not matching incoming packets decapsulating > ipsec. example l2tp/ipsec > From: [email protected] > To: [email protected] > Date: Fri, 28 Feb 2014 23:36:44 +0100 > CC: [email protected]; [email protected]; [email protected]; > [email protected]; [email protected] > > The following patch seem to be the only working workaround for IPsec > transport mode and tunnel mode. Please note the use of M_PROTO7 instead > of M_PROTO5 as that is not used in netinet & netinet6. M_PROTO5 is used > for another purpose and so using it may create a conflict like M_PROTO3. > > --- > Index: netinet/ip_var.h > =================================================================== > --- netinet/ip_var.h (revision 262470) > +++ netinet/ip_var.h (working copy) > @@ -167,7 +167,7 @@ > */ > #define M_FASTFWD_OURS M_PROTO1 /* changed dst to > local */ > #define M_IP_NEXTHOP M_PROTO2 /* explicit ip > nexthop */ > -#define M_SKIP_FIREWALL M_PROTO3 /* skip firewall > processing, > +#define M_SKIP_FIREWALL M_PROTO7 /* skip firewall > processing, > keep in sync with IP6 > */ > #define M_IP_FRAG M_PROTO4 /* fragment > reassembly */ > > Index: netinet6/ip6_var.h > =================================================================== > --- netinet6/ip6_var.h (revision 262470) > +++ netinet6/ip6_var.h (working copy) > @@ -297,7 +297,7 @@ > * IPv6 protocol layer specific mbuf flags. > */ > #define M_IP6_NEXTHOP M_PROTO2 /* explicit ip > nexthop */ > -#define M_SKIP_FIREWALL M_PROTO3 /* skip firewall > processing, > +#define M_SKIP_FIREWALL M_PROTO7 /* skip firewall > processing, > keep in sync with > IPv4 */ > > #ifdef __NO_STRICT_ALIGNMENT > --- > > > -- > [REDACTED] > > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-bugs > To unsubscribe, send any mail to "[email protected]" _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "[email protected]"
