Date: Mon, 27 Dec 2021 10:46:03 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 169620] [ng] [pf] ng_l2tp incoming packet bypass pf firewall Message-ID: <bug-169620-227-EkMD6PCnht@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-169620-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=169620 longwitz@incore.de changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |longwitz@incore.de --- Comment #8 from longwitz@incore.de --- The patch given in bug 187566 has solved an other problem than the one discussed in this bug report. We still need the patch --- ng_l2tp.c.1st 2021-12-19 19:31:10.693840000 +0100 +++ ng_l2tp.c 2021-12-23 14:50:47.334147000 +0100 @@ -755,6 +755,7 @@ hookpriv_p hpriv = NULL; hook_p hook = NULL; struct mbuf *m; + struct m_tag *mtag; u_int16_t tid, sid; u_int16_t hdr; u_int16_t ns, nr; @@ -997,6 +998,11 @@ NG_FREE_M(m); ERROUT(0); } + + /* Delete an existing ipsec tag */ + mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); + if (mtag != NULL) + m_tag_delete(m, mtag); /* Deliver data */ NG_FWD_NEW_DATA(error, item, hook, m); The same issue for if_epair.c is solved in FreeBSD V12.3 calling a new statc function called epair_clear_mbuf(). commit ae23f081... Andreas -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-169620-227-EkMD6PCnht>