RE: ipfilter bug on tunnel interface?

Sun, 11 Mar 2007 21:20:39 -0800 

I don't think that the tunnel names cause this problem. I tested again with 
following configurations. The pfil module will be pushed automatically during 
system boot-up. But the problem still exists.

Tunnel information:
---------------------------------------------------------
ip.tun172032018032: flags=10008d1<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST,IPv4> 
mtu 1480 index 2
        inet tunnel src 172.32.18.249 tunnel dst 172.32.18.32
        tunnel security settings  esp (aes-cbc/<any-none>)
        tunnel hop limit 60 
        inet 3.3.3.1 --> 4.4.4.1 netmask fffffffc 
ip.tun172032018033: flags=10008d1<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST,IPv4> 
mtu 1480 index 3
        inet tunnel src 172.32.18.249 tunnel dst 172.32.18.33
        tunnel security settings  esp (aes-cbc/<any-none>)
        tunnel hop limit 60 
        inet 3.3.3.2 --> 4.4.4.2 netmask fffffffc 
ip.tun172032018034: flags=10008d1<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST,IPv4> 
mtu 1480 index 4
        inet tunnel src 172.32.18.249 tunnel dst 172.32.18.34
        tunnel security settings  esp (aes-cbc/<any-none>)
        tunnel hop limit 60 
        inet 1.1.1.1 --> 2.2.2.1 netmask fffffffc 
ip.tun172032018035: flags=10008d1<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST,IPv4> 
mtu 1480 index 5
        inet tunnel src 172.32.18.249 tunnel dst 172.32.18.35
        tunnel security settings  esp (aes-cbc/<any-none>)
        tunnel hop limit 60 
        inet 1.1.1.2 --> 2.2.2.2 netmask fffffffc
----------------------------------------------------------

ndd information:
-----------------------------------------------------------
root> ndd /dev/pfil qif_status |grep tun
ip.tun172032018035 0x7006121c 0x7086f620 0x7086f6a4 0x0 3 800 0 5079 7448 0 0 0 
0 2368 0 0
ip.tun172032018034 0x7006139c 0x7086fd78 0x7086fdfc 0x0 2 800 52 11719 13687 0 
0 0 0 5 0 0
ip.tun172032018033 0x7006151c 0x7074a5f0 0x7074a674 0x0 1 800 52 560 600 0 0 0 
0 11 0 0
ip.tun172032018032 0x7006169c 0x7074aa58 0x7074aadc 0x0 0 800 52 559 598 0 0 0 
0 11 0 0
-----------------------------------------------------------


Thanks,
Titan

-----Original Message-----
From: Darren Reed [mailto:[EMAIL PROTECTED] 
Sent: 2007年3月9日 19:07
To: Xu, Chun Gang (Titan)
Cc: [email protected]
Subject: Re: ipfilter bug on tunnel interface?

You need to use the interface name "ip.tun.pfil5",
which automatically pushes the pfil module for you.

Darren

Reply via email to