From owner-freebsd-net@FreeBSD.ORG Tue Oct 21 18:39:24 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D1795EE1 for ; Tue, 21 Oct 2014 18:39:24 +0000 (UTC) Received: from mail.1970jan1-epo.ch (mail.1970jan1-epo.ch [IPv6:2a02:2770:13::1a24:0:11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9098465E for ; Tue, 21 Oct 2014 18:39:24 +0000 (UTC) Received: from 1970jan1-epo.ch (c-174-57-248-44.hsd1.pa.comcast.net [174.57.248.44]) by mail.1970jan1-epo.ch (Postfix) with ESMTPSA id B89D054C for ; Tue, 21 Oct 2014 18:39:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=1970jan1-epo.ch; s=1970; t=1413916761; bh=4ISzKqMbJqTi3TgfNx+Pq9BWhQIHLJbBVlJxI6VtZ3g=; h=Date:From:To:Subject:References:In-Reply-To; b=TfFP8zwNz0z5HIvjt4W6buADbe6dpdn5ampMA3otvBLVnhUPIm6pVrgwcPsHG7PNu ZxKbKc4zQ8dwlPkG8EgbbbAvHWmlb2sBk9J8GNJmNhE66DFN+EbyqdKnFrTE4RZtQO EkRXywYX/WiphbWlaUWB/JiEcUcuJ/nagrmBL2+U= Date: Tue, 21 Oct 2014 14:39:19 -0400 From: Kyle Williams To: freebsd-net@freebsd.org Subject: Re: Broken IPsec + enc +pf/ipfw Message-ID: <20141021183919.GD2787@1970jan1-epo.ch> References: <544535C2.9020301@shrew.net> <544566D2.40303@FreeBSD.org> <544569CF.2060905@shrew.net> <54457599.4060102@yandex.ru> <54458001.6000507@shrew.net> <544611F8.9070403@yandex.ru> <20141021160643.GB2787@1970jan1-epo.ch> <54468B43.40602@shrew.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <54468B43.40602@shrew.net> User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Oct 2014 18:39:24 -0000 On Tue Oct 21 11:35:15 2014, Matthew Grooms wrote: >Hey Kyle, > >Thanks for lending a hand. I tested a few myself last night but had no >luck. This morning I received an email off list that pointed to a patch >that was merged to 10 stable. It sounds promising ... > >Log: > Merge r263091: fix mbuf flags clash that lead to failure of operation > of IPSEC and packet filters. > >https://lists.freebsd.org/pipermail/svn-src-stable-10/2014-March/001111.html > >I won't have a chance to try it until after business hours tonight, but >will report back to the list with my results. Alternately, I assume you >also could upgrade to 10.1-RC2 as the MFC for this patch happened back >in March. I may go this route myself and then bump up to RELEASE in a >few weeks when it happens. r263091, r266800, and r272695 together on 10.0-RELENG works for me. I didn't test r263091 by itself. Thanks! -- Kyle Williams (541) 250 0314 Kyle@1970Jan1-epo.ch PGP key: 0xD1E5BADF