From owner-freebsd-bugs@FreeBSD.ORG  Mon Feb 24 21:30:53 2014
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 378CA8D1
 for <freebsd-bugs@freebsd.org>; Mon, 24 Feb 2014 21:30:53 +0000 (UTC)
Received: from nm9-vm3.bullet.mail.ne1.yahoo.com
 (nm9-vm3.bullet.mail.ne1.yahoo.com [98.138.91.139])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id D91BF18B7
 for <freebsd-bugs@freebsd.org>; Mon, 24 Feb 2014 21:30:52 +0000 (UTC)
Received: from [98.138.100.117] by nm9.bullet.mail.ne1.yahoo.com with NNFMP;
 24 Feb 2014 21:30:51 -0000
Received: from [98.138.89.199] by tm108.bullet.mail.ne1.yahoo.com with NNFMP;
 24 Feb 2014 21:30:51 -0000
Received: from [127.0.0.1] by omp1057.mail.ne1.yahoo.com with NNFMP;
 24 Feb 2014 21:30:51 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 145327.11420.bm@omp1057.mail.ne1.yahoo.com
Received: (qmail 84940 invoked by uid 60001); 24 Feb 2014 21:30:51 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024;
 t=1393277450; bh=xK1AYNXkN8QBuEkRR2BkIOvZIu9y6JJ47yB09XyRZSA=;
 h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
 b=TcOpvPihvRUPpv83vZipbptzU24p5JaV1oNdsBn5bTR6qpbue+XIcf0SwJR8dGtMKZ7m4axFhE4rmLrlcfPUyqTyWC6ixzrugWp/TIwi/HUSrFlrFFi7ygIFpKI4iV4hYGTWDYIlftJ3uDKC39X7sA+50A8vRdpX3rLbSFyvlGM=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com;
 h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
 b=0S1MiBW/kEOH9xJZATZdz0wsvJo6frgI808hh9LCUNZvaqos8FCkc3Qx+rQIUoiJMvmmpenCyuXPm3WIPer97LD5S1Guh6diakP7acnkawcnNY9+1vgnWzn7S3wQhD04rYjSbQNq+97o3rLy5qI4Kg3tiVPFet1nn/vIvnlm85k=;
X-YMail-OSG: k86Zbz4VM1k07ycanfa_bu6q2wOyXRzV5x_BOKGN6n58GdB
 S8CLhHZ8pC6oB3JvwAKXgTu0nN_uJjgPhZsLO3c01yYrgzSFYW5.uZ1gCU0z
 YLASG18H9OpaIIga8lHAAokYgCjqchaUZesKWTCh4ING46ZQTt5LxGQrm9.c
 f6s3FVLpAAka.BKfvKCGkK6kLAPCY7MUwN59NBL.etTKnIeEeJihqhmNynUH
 w7O86oQlCR06FO.Zyz8HmYxsZXyx2zBMJmCEm3SODbhI2KUecpNtgzMrEeLm
 p1ejAlQK5LDO7ABml10FHGY1ZvphB_14VTMn_rGTMfaWZ6RHvN4fFQTZvU3S
 4s1NN6SBM5mvjZ67nbAYV3kYaJk6CZAC5OmYsmslrUriP1IxOkJQeYF9nlTx
 BHX0RoP1KJSwUQ6.z2hB3rSzCKCdY3aASorRbwgSLeQxvICfyKsna4qYkvpf
 14Vtp3jmoMVMBdyScbu1lYceymM3vDeqcqfydM5iGldntc9wVNQFqWEkPoQh
 7fBDjgKDmdEWg9nl0XunC48iOLcuPa8WhsJzOff58Rh9JuZrPL8y5tXZI8nY
 Gtq1a5JuuUN4_sA--
Received: from [92.205.24.58] by web121001.mail.ne1.yahoo.com via HTTP;
 Mon, 24 Feb 2014 13:30:50 PST
X-Rocket-MIMEInfo: 002.001,
 ClRoZSBwcm9ibGVtIHNlZW1zIHRvIGJlIHRoYXQgTV9TS0lQX0ZJUkVXQUxMIChtYWNybyBvZiBNX1BST1RPMykgaXMgY2xlYXJlZCB0aHJvdWdoIG1fY2xycHJvdG9mbGFncygpLCBpLmUuIG5vdCB0cmFuc2ZlcnJlZCBiZXR3ZWVuIHRoZSBsYXllcnMuCgpUaGlzIGlzIGEgcmV2ZXJzaW9uIG9mIHRoZSAyNTQ1MTkgb24gMTAuMC1TVEFCTEU6CgpJbmRleDogbmV0aW5ldC9pcF92YXIuaAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0BMAEBAQE-
X-Mailer: YahooMailWebService/0.8.177.636
References: <1393176921.3248.YahooMailNeo@web121006.mail.ne1.yahoo.com>
 <1393197488.20693.YahooMailNeo@web121004.mail.ne1.yahoo.com> 
Message-ID: <1393277450.77946.YahooMailNeo@web121001.mail.ne1.yahoo.com>
Date: Mon, 24 Feb 2014 13:30:50 -0800 (PST)
From: George Amanakis <g_amanakis@yahoo.com>
Subject: Re: kern/185876: ipfw not matching incoming packets decapsulating
 ipsec. example l2tp/ipsec
To: "bug-followup@FreeBSD.org" <bug-followup@FreeBSD.org>,
 "a.v.volobuev@gmail.com" <a.v.volobuev@gmail.com>,
 "andre@freebsd.org" <andre@freebsd.org>,
 "melifaro@FreeBSD.org" <melifaro@FreeBSD.org>,
 "freebsd-bugs@freebsd.org" <freebsd-bugs@freebsd.org>
In-Reply-To: <1393197488.20693.YahooMailNeo@web121004.mail.ne1.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: George Amanakis <g_amanakis@yahoo.com>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Feb 2014 21:30:53 -0000

=0AThe problem seems to be that M_SKIP_FIREWALL (macro of M_PROTO3) is clea=
red through m_clrprotoflags(), i.e. not transferred between the layers.=0A=
=0AThis is a reversion of the 254519 on 10.0-STABLE:=0A=0AIndex: netinet/ip=
_var.h=0A=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0A--- netinet/=
ip_var.h=A0=A0=A0 (revision 262459)=0A+++ netinet/ip_var.h=A0=A0=A0 (workin=
g copy)=0A@@ -163,12 +163,10 @@=0A=A0#define IP_ALLOWBROADCAST=A0=A0=A0 SO_=
BROADCAST=A0=A0=A0 /* 0x20 can send broadcast packets */=0A=A0=0A=A0/*=0A- =
* IPv4 protocol layer specific mbuf flags.=0A+ * mbuf flag used by ip_fastf=
wd=0A=A0 */=0A=A0#define=A0=A0=A0 M_FASTFWD_OURS=A0=A0=A0 =A0=A0=A0 M_PROTO=
1=A0=A0=A0 /* changed dst to local */=0A=A0#define=A0=A0=A0 M_IP_NEXTHOP=A0=
=A0=A0 =A0=A0=A0 M_PROTO2=A0=A0=A0 /* explicit ip nexthop */=0A-#define=A0=
=A0=A0 M_SKIP_FIREWALL=A0=A0=A0 =A0=A0=A0 M_PROTO3=A0=A0=A0 /* skip firewal=
l processing,=0A-=A0=A0=A0 =A0=A0=A0 =A0=A0=A0 =A0=A0=A0 =A0=A0=A0 =A0=A0=
=A0 =A0=A0 keep in sync with IP6 */=0A=A0#define=A0=A0=A0 M_IP_FRAG=A0=A0=
=A0 =A0=A0=A0 M_PROTO4=A0=A0=A0 /* fragment reassembly */=0A=A0=0A=A0#ifdef=
 __NO_STRICT_ALIGNMENT=0AIndex: netinet6/ip6_var.h=0A=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0A--- netinet6/ip6_var.h=A0=A0=A0 (revision =
262459)=0A+++ netinet6/ip6_var.h=A0=A0=A0 (working copy)=0A@@ -293,12 +293,=
7 @@=0A=A0#define=A0=A0=A0 IPV6_FORWARDING=A0=A0=A0 =A0=A0=A0 0x02=A0=A0=A0=
 /* most of IPv6 header exists */=0A=A0#define=A0=A0=A0 IPV6_MINMTU=A0=A0=
=A0 =A0=A0=A0 0x04=A0=A0=A0 /* use minimum MTU (IPV6_USE_MIN_MTU) */=0A=A0=
=0A-/*=0A- * IPv6 protocol layer specific mbuf flags.=0A- */=0A-#define=A0=
=A0=A0 M_IP6_NEXTHOP=A0=A0=A0 =A0=A0=A0 M_PROTO2=A0=A0=A0 /* explicit ip ne=
xthop */=0A-#define=A0=A0=A0 M_SKIP_FIREWALL=A0=A0=A0 =A0=A0=A0 M_PROTO3=A0=
=A0=A0 /* skip firewall processing,=0A-=A0=A0=A0 =A0=A0=A0 =A0=A0=A0 =A0=A0=
=A0 =A0=A0=A0 =A0=A0=A0 =A0=A0 keep in sync with IPv4 */=0A+#define=A0=A0=
=A0 M_IP6_NEXTHOP=A0=A0=A0 =A0=A0=A0 M_PROTO7=A0=A0=A0 /* explicit ip nexth=
op */=0A=A0=0A=A0#ifdef __NO_STRICT_ALIGNMENT=0A=A0#define IP6_HDR_ALIGNED_=
P(ip)=A0=A0=A0 1=0AIndex: sys/mbuf.h=0A=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=0A--- sys/mbuf.h=A0=A0=A0 (revision 262459)=0A+++ sys/mbuf.=
h=A0=A0=A0 (working copy)=0A@@ -235,7 +235,7 @@=0A=A0#define=A0=A0=A0 M_PRO=
TO9=A0=A0=A0 0x00100000 /* protocol-specific */=0A=A0#define=A0=A0=A0 M_PRO=
TO10=A0=A0=A0 0x00200000 /* protocol-specific */=0A=A0#define=A0=A0=A0 M_PR=
OTO11=A0=A0=A0 0x00400000 /* protocol-specific */=0A-#define=A0=A0=A0 M_PRO=
TO12=A0=A0=A0 0x00800000 /* protocol-specific */=0A+#define=A0=A0=A0 M_SKIP=
_FIREWALL=A0=A0=A0 0x00800000=0A=A0=0A=A0/*=0A=A0 * Flags to purge when cro=
ssing layers.=0A@@ -242,13 +242,13 @@=0A=A0 */=0A=A0#define=A0=A0=A0 M_PROT=
OFLAGS \=0A=A0=A0=A0=A0 (M_PROTO1|M_PROTO2|M_PROTO3|M_PROTO4|M_PROTO5|M_PRO=
TO6|M_PROTO7|M_PROTO8|\=0A-=A0=A0=A0=A0 M_PROTO9|M_PROTO10|M_PROTO11|M_PROT=
O12)=0A+=A0=A0=A0=A0 M_PROTO9|M_PROTO10|M_PROTO11)=0A=A0=0A=A0/*=0A=A0 * Fl=
ags preserved when copying m_pkthdr.=0A=A0 */=0A=A0#define M_COPYFLAGS \=0A=
-=A0=A0=A0 (M_PKTHDR|M_EOR|M_RDONLY|M_BCAST|M_MCAST|M_VLANTAG|M_PROMISC| \=
=0A+=A0=A0=A0 (M_PKTHDR|M_EOR|M_RDONLY|M_SKIP_FIREWALL|M_BCAST|M_MCAST|M_VL=
ANTAG|M_PROMISC| \=0A=A0=A0=A0=A0=A0 M_PROTOFLAGS)=0A=A0=0A=A0/*=0A@@ -255,=
12 +255,12 @@=0A=A0 * Mbuf flag description for use with printf(9) %b ident=
ifier.=0A=A0 */=0A=A0#define=A0=A0=A0 M_FLAG_BITS \=0A-=A0=A0=A0 "\20\1M_EX=
T\2M_PKTHDR\3M_EOR\4M_RDONLY\5M_BCAST\6M_MCAST" \=0A-=A0=A0=A0 "\7M_PROMISC=
\10M_VLANTAG\11M_FLOWID"=0A+=A0=A0=A0 "\20\1M_EXT\2M_PKTHDR\3M_EOR\4M_RDONL=
Y\5M_SKIP_FIREWALL\6M_BCAST\7M_MCAST" \=0A+=A0=A0=A0 "\8M_PROMISC\10M_VLANT=
AG\11M_FLOWID"=0A=A0#define=A0=A0=A0 M_FLAG_PROTOBITS \=0A=A0=A0=A0=A0 "\15=
M_PROTO1\16M_PROTO2\17M_PROTO3\20M_PROTO4\21M_PROTO5" \=0A=A0=A0=A0=A0 "\22=
M_PROTO6\23M_PROTO7\24M_PROTO8\25M_PROTO9\26M_PROTO10" \=0A-=A0=A0=A0 "\27M=
_PROTO11\30M_PROTO12"=0A+=A0=A0=A0 "\27M_PROTO11"=0A=A0#define=A0=A0=A0 M_F=
LAG_PRINTF (M_FLAG_BITS M_FLAG_PROTOBITS)=0A=A0=0A=A0/*=0A