Date: Tue, 25 Feb 2014 23:24:09 +0100 From: Georgios Amanakis <gamanakis@gmail.com> To: bug-followup@freebsd.org, =?KOI8-U?B?4czFy9PBzsTSIPfPzM/C1cXX?= <a.v.volobuev@gmail.com>, andre@freebsd.org, melifaro@freebsd.org, freebsd-bugs@freebsd.org, Nicolas DEFFAYET <nicolas@deffayet.com> Subject: Re: kern/185876: ipfw not matching incoming packets decapsulating ipsec. example l2tp/ipsec Message-ID: <CACvFP_hUOjNJ69MH7Lj5thvPjCtA_81%2Bj-YbJMFqk6VfQbg2LQ@mail.gmail.com> In-Reply-To: <CACvFP_g4L=pK3ZmZ_kSq=OO%2BaZANA9k--n7Uhi1Tp6ULO0JHdw@mail.gmail.com> References: <CACvFP_g4L=pK3ZmZ_kSq=OO%2BaZANA9k--n7Uhi1Tp6ULO0JHdw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Index: netipsec/xform_ipip.c
> ===================================================================
> --- netipsec/xform_ipip.c (revision 262492)
> +++ netipsec/xform_ipip.c (working copy)
> @@ -181,6 +181,7 @@
> IPIPSTAT_INC(ipips_ipackets);
>
> m_copydata(m, 0, 1, &v);
> + m_clrprotoflags(m);
>
> switch (v >> 4) {
> #ifdef INET
That one does not resolve it correctly, i.e. not all ipsec packets are
captured. Furthermore, the captured packets have both directions, in and
out (as captured by: allow ip from any to any in, allow ip from any to any
out)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CACvFP_hUOjNJ69MH7Lj5thvPjCtA_81%2Bj-YbJMFqk6VfQbg2LQ>