From owner-freebsd-net Sat Aug 4 7:23:54 2001 Delivered-To: freebsd-net@freebsd.org Received: from aussie.org (hallam.lnk.telstra.net [139.130.54.166]) by hub.freebsd.org (Postfix) with ESMTP id 73B1C37B408 for ; Sat, 4 Aug 2001 07:23:47 -0700 (PDT) (envelope-from mlnn4@oaks.com.au) Received: from dualp2 (dualp2 [203.29.75.73]) by aussie.org (8.11.3/8.11.4) with SMTP id f74ENf306225 for ; Sun, 5 Aug 2001 00:23:41 +1000 (EST) (envelope-from mlnn4@oaks.com.au) Message-Id: <200108041423.f74ENf306225@aussie.org> From: "Chris" To: "freebsd-net" Date: Sun, 05 Aug 2001 00:23:21 +1000 Reply-To: "Chris" X-Mailer: PMMail 98 Standard (2.01.1600) For Windows NT (5.0.2195;2) MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: Re: kernel upgrade causes truncated IPSEC packets Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Friday, 3 August 2001 Bill Fenner wrote: > A 0-length mbuf in the chain is at best useless and perhaps fairly > unexpected (thus the bug in if_tun.c lasting for 6.5 years before > being found). Indeed. And I have to wonder how many other interfaces will have the same problem. IMO getting IPSEC to work well is hard enough as it is (if the feedback I get from from other folks is correct; I was fortunate that I had experience doing Cisco VPN's before I tackled the KAME ones) without having other problems like this in the way. Most folk would just give up if they faced a problem like this the first time they tried to use IPSEC. Goodness knows, -I- almost gave up, and I had the advantage of knowing that there was nothing wrong with my configuration ... I spent many, many hours chasing the problem to the point where I discovered it was in the PPP code. I know that in retrospect that sounds stupid (I should have dumped the PPP async stuff earlier), but since I could actually *see* the packets leaving the machine (blinkenlights on modem) and tcpdump also showed good packets, I simply refused to believe that the problem was inside the machine ... -- Chris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message