From owner-freebsd-bugs@FreeBSD.ORG  Fri Jan 24 08:20:01 2014
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 47E88368
 for <freebsd-bugs@smarthost.ysv.freebsd.org>;
 Fri, 24 Jan 2014 08:20:01 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 29A4F1190
 for <freebsd-bugs@smarthost.ysv.freebsd.org>;
 Fri, 24 Jan 2014 08:20:01 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
 by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id s0O8K0Ps095356
 for <freebsd-bugs@freefall.freebsd.org>; Fri, 24 Jan 2014 08:20:00 GMT
 (envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
 by freefall.freebsd.org (8.14.7/8.14.7/Submit) id s0O8K07F095355;
 Fri, 24 Jan 2014 08:20:00 GMT (envelope-from gnats)
Date: Fri, 24 Jan 2014 08:20:00 GMT
Message-Id: <201401240820.s0O8K07F095355@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: "a.v.volobuev@gmail.com" <a.v.volobuev@gmail.com>
Subject: Re: kern/185876: ipfw not matching incoming packets decapsulating
 ipsec. example l2tp/ipsec
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: "a.v.volobuev@gmail.com" <a.v.volobuev@gmail.com>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jan 2014 08:20:01 -0000

The following reply was made to PR kern/185876; it has been noted by GNATS.

From: "a.v.volobuev@gmail.com" <a.v.volobuev@gmail.com>
To: bug-followup@FreeBSD.org, a.v.volobuev@gmail.com
Cc:  
Subject: Re: kern/185876: ipfw not matching incoming packets decapsulating
 ipsec. example l2tp/ipsec
Date: Fri, 24 Jan 2014 14:25:59 +0600

 This is a cryptographically signed message in MIME format.
 
 --------------ms070605050302040606090309
 Content-Type: multipart/alternative;
  boundary="------------080309020405020503050500"
 
 This is a multi-part message in MIME format.
 --------------080309020405020503050500
 Content-Type: text/plain; charset=ISO-8859-1
 Content-Transfer-Encoding: quoted-printable
 
 Also problem with pseudo interface enc(4). For example:
 # sysctl -a | i ipsec | i enc
 net.enc.in.ipsec_filter_mask: 2
 net.enc.in.ipsec_bpf_mask: 2
 net.enc.out.ipsec_filter_mask: 0
 net.enc.out.ipsec_bpf_mask: 0
 # tcpdump -n -i enc0 host 10.10.3.1
 /14:07:09.516262 (authentic,confidential): SPI 0xced105ce: IP
 10.10.3.1.58822 > 188.225.33.52.80: Flags [S], seq 317580935, win 13600,
 options [mss 1360,sackOK,TS val 3559730 ecr 0,nop,wscale 6], length /0
 , but ipfw rule:
 ipfw add 10 nat 1 ip from 10.0.150.3/32 to any in
 not match
 
 --------------080309020405020503050500
 Content-Type: text/html; charset=ISO-8859-1
 Content-Transfer-Encoding: quoted-printable
 
 <html>
   <head>
 
     <meta http-equiv=3D"content-type" content=3D"text/html; charset=3DISO=
 -8859-1">
   </head>
   <body text=3D"#000000" bgcolor=3D"#FFFFFF">
     Also problem with pseudo interface enc(4). For example:<br>
     # sysctl -a | i ipsec | i enc<br>
     net.enc.in.ipsec_filter_mask: 2<br>
     net.enc.in.ipsec_bpf_mask: 2<br>
     net.enc.out.ipsec_filter_mask: 0<br>
     net.enc.out.ipsec_bpf_mask: 0<br>
     # tcpdump -n -i enc0 host 10.10.3.1<br>
     <font color=3D"#003300"><i>14:07:09.516262 (authentic,confidential):
         SPI 0xced105ce: IP 10.10.3.1.58822 &gt; 188.225.33.52.80: Flags
         [S], seq 317580935, win 13600, options [mss 1360,sackOK,TS val
         3559730 ecr 0,nop,wscale 6], length </i>0</font><br>
     , but ipfw rule:<br>
     ipfw add 10 nat 1 ip from 10.0.150.3/32 to any in<br>
     not match<br>
   </body>
 </html>
 
 --------------080309020405020503050500--
 
 --------------ms070605050302040606090309
 Content-Type: application/pkcs7-signature; name="smime.p7s"
 Content-Transfer-Encoding: base64
 Content-Disposition: attachment; filename="smime.p7s"
 Content-Description: Криптографическая подпись S/MIME
 
 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIDlzCC
 A5MwggL2oAMCAQICCQDn42yJUQ9YQDAJBgcqhkjOPQQBMIHDMQswCQYDVQQGEwJSVTEaMBgG
 A1UECBMRU3ZlcmRsb3Zza2F5YU9ibC4xFTATBgNVBAcTDEVrYXRlcmluYnVyZzETMBEGA1UE
 ChMKU29sYXJpcy5WLjEVMBMGA1UECxMMSVQgRGVwYXJtZW50MS4wLAYDVQQDEyVTb2xhcmlz
 LlYuIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSUwIwYJKoZIhvcNAQkBFhZhLnYudm9s
 b2J1ZXZAZ21haWwuY29tMB4XDTEzMDYwNDIwNDUwMFoXDTE0MDYwNDIwNDUwMFowgbQxCzAJ
 BgNVBAYTAlJVMRowGAYDVQQIExFTdmVyZGxvdnNrYXlhT2JsLjETMBEGA1UEChMKU29sYXJp
 cy5WLjEVMBMGA1UECxMMSVQgRGVwYXJtZW50MR8wHQYDVQQDFBZhLnYudm9sb2J1ZXZAZ21h
 aWwuY29tMSUwIwYJKoZIhvcNAQkBFhZhLnYudm9sb2J1ZXZAZ21haWwuY29tMRUwEwYDVQQH
 EwxFa2F0ZXJpbmJ1cmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANheLWqKf9TkPaXU
 NAj8rMjEmO22BBcaajTr4sTRnCS2pFGoCNcXy0ndkJRN/A+8olgYEeek4GcjJoDd8MfzIcN/
 uhjApevc8Tzj5BSj+GPDtQ2s9+1VjR9lo/TyoBa60tnD6ciRIb3cgk6C+nrJLbIkWPSAo3Rn
 Caze0LL0KAIzAgMBAAGjgZkwgZYwCQYDVR0TBAIwADAdBgNVHQ4EFgQU/7IGI3MTVNLcnWK9
 nDbJ47W9xokwHwYDVR0jBBgwFoAUuZsUohloQPGGaxcO7ooNvFiA9l8wDgYDVR0PAQH/BAQD
 AgWgMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMEMCEGA1UdEQQaMBiBFmEudi52b2xvYnVldkBn
 bWFpbC5jb20wCQYHKoZIzj0EAQOBiwAwgYcCQSBcjSh5h+6/EGVpvtxZNZSgD8s9rgwRo/9I
 n/o20wh/0fAfYYUUYqDRJsXAtdjQNYlXcBrEuJLdiJ5rnbB06KE6AkIAhTZoTpbuBZLIEU4z
 /flnW573pYV0yJKxvUFqea08eeSjO35tUSF0O1Mnu/sDH3MdE/Jkc6B9sDErM4svTYTrwhcx
 ggQTMIIEDwIBATCB0TCBwzELMAkGA1UEBhMCUlUxGjAYBgNVBAgTEVN2ZXJkbG92c2theWFP
 YmwuMRUwEwYDVQQHEwxFa2F0ZXJpbmJ1cmcxEzARBgNVBAoTClNvbGFyaXMuVi4xFTATBgNV
 BAsTDElUIERlcGFybWVudDEuMCwGA1UEAxMlU29sYXJpcy5WLiBSb290IENlcnRpZmljYXRl
 IEF1dGhvcml0eTElMCMGCSqGSIb3DQEJARYWYS52LnZvbG9idWV2QGdtYWlsLmNvbQIJAOfj
 bIlRD1hAMAkGBSsOAwIaBQCgggKXMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZI
 hvcNAQkFMQ8XDTE0MDEyNDA4MjU1OVowIwYJKoZIhvcNAQkEMRYEFHGZg1OO7OPiScRbdTu8
 Yn6iB+WZMGwGCSqGSIb3DQEJDzFfMF0wCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBAjAKBggq
 hkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZI
 hvcNAwICASgwgeIGCSsGAQQBgjcQBDGB1DCB0TCBwzELMAkGA1UEBhMCUlUxGjAYBgNVBAgT
 EVN2ZXJkbG92c2theWFPYmwuMRUwEwYDVQQHEwxFa2F0ZXJpbmJ1cmcxEzARBgNVBAoTClNv
 bGFyaXMuVi4xFTATBgNVBAsTDElUIERlcGFybWVudDEuMCwGA1UEAxMlU29sYXJpcy5WLiBS
 b290IENlcnRpZmljYXRlIEF1dGhvcml0eTElMCMGCSqGSIb3DQEJARYWYS52LnZvbG9idWV2
 QGdtYWlsLmNvbQIJAOfjbIlRD1hAMIHkBgsqhkiG9w0BCRACCzGB1KCB0TCBwzELMAkGA1UE
 BhMCUlUxGjAYBgNVBAgTEVN2ZXJkbG92c2theWFPYmwuMRUwEwYDVQQHEwxFa2F0ZXJpbmJ1
 cmcxEzARBgNVBAoTClNvbGFyaXMuVi4xFTATBgNVBAsTDElUIERlcGFybWVudDEuMCwGA1UE
 AxMlU29sYXJpcy5WLiBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eTElMCMGCSqGSIb3DQEJ
 ARYWYS52LnZvbG9idWV2QGdtYWlsLmNvbQIJAOfjbIlRD1hAMA0GCSqGSIb3DQEBAQUABIGA
 j5cqxjhHPU5SG1S4Nacg2zXwK6+KzBaS6Iv3cMkBv31eRbr26XfZlpJVJZs+hTWwINO5q0Qv
 aMM9Q3rExkio6gO2l1bu9pwH4wLiX66v3uRC1xyzRkkC/F5l3oypwZ/gei2GSPjV3sIvHAHW
 Y9A4SPXab0LMUWGyz7hJZHQo/wkAAAAAAAA=
 --------------ms070605050302040606090309--