On 12 May 2017 at 15:29, Alexander Bluhm wrote:
> Hi,
>
> IPsec packets are passed through ip_input() a second time after
> they have been decrypted. That means that all the IP header fields
> are checked twice. Also fragment reassembly is tried twice.
>
> In pf incoming packets in tunnel mode
Hi,
IPsec packets are passed through ip_input() a second time after
they have been decrypted. That means that all the IP header fields
are checked twice. Also fragment reassembly is tried twice.
In pf incoming packets in tunnel mode appear twice on the enc0
interface. Once as IP-in-IP and once
