On 10/20/2014 3:50 PM, Andrey V. Elsukov wrote:
On 21.10.2014 00:00, Matthew Grooms wrote:
On 10/20/2014 2:47 PM, Andrey V. Elsukov wrote:
On 20.10.2014 20:18, Matthew Grooms wrote:
Lastly, I tried to locate a relevant PR but didn't find anything
concrete. Is this related to the issue? And if so, can it be MFCd?
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=110959
Did you try the patch from last PR? It is small and should be applicable
to stable/10.
As I mentioned, it's not clear to me if the patch was intended to fix
the issue that I am describing. Is that the case? If so, I would be
happy to apply it and report back. These are production firewalls, so
I'd prefer to have some feedback before calculating that risk.
This commit fixes similar problem with ipfw in 11.0-CURRENT. But I think
it won't help you with pf in 10. I guess r266800 is what you need.
From the commit message, it would appear that r266800 is intended to
correct issues related to IPv4-in-IPv6 or IPv6-in-IPv4 configurations.
I'm using the more traditional IPv4-in-IPv4 tunnel mode configuration.
Would a change to if_enc.c only effect the operation of ipfw? Unless I'm
misreading the man page, it only deals with traffic associated with the
IPSec processing path. In theory, I don't see why it would have an
effect on one pfil consumer and not the other.
It looks like the last commit to 10.0-RELEASE is r255926, which is the
last real code change ( r257176 is just a header file include ) before
your commit of 272695 in CURRENT. So besides r272695, the driver in both
10.x and CURRENT are essentially the same, are they not?
Thanks,
-Matthew
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
