From owner-freebsd-current@FreeBSD.ORG  Sat Sep 25 00:15:42 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3885416A4CE
	for <freebsd-current@freebsd.org>;
	Sat, 25 Sep 2004 00:15:42 +0000 (GMT)
Received: from beagle2.mehnert.org (beagle2.mehnert.org [212.42.235.57])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EC00A43D49
	for <freebsd-current@freebsd.org>;
	Sat, 25 Sep 2004 00:15:41 +0000 (GMT)
	(envelope-from hannes@mehnert.org)
Received: from localhost (port-212-202-0-243.dynamic.qsc.de [212.202.0.243])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "Hannes Mehnert", Issuer "mehnert root CA" (verified OK))
	by beagle2.mehnert.org (Postfix) with ESMTP
	id 344B29585F; Sat, 25 Sep 2004 02:15:40 +0200 (CEST)
Date: Sat, 25 Sep 2004 02:16:23 +0200
From: Hannes Mehnert <hannes@mehnert.org>
To: Kris Kennaway <kris@obsecurity.org>
Message-ID: <20040925001623.GC5307@mehnert.org>
References: <20040924234332.GB5307@mehnert.org>
	<20040924235247.GA27440@xor.obsecurity.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20040924235247.GA27440@xor.obsecurity.org>
User-Agent: Mutt/1.4.2.1i
cc: freebsd-current@freebsd.org
Subject: Re: 5.3 IPSEC broken
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Sep 2004 00:15:42 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, Sep 24, 2004 at 04:52:48PM -0700, Kris Kennaway wrote:
> On Sat, Sep 25, 2004 at 01:43:32AM +0200, Hannes Mehnert wrote:
> > in 5.3-BETA5 IPSec is broken.
> 
> Please provide more details.

As described in
http://lists.freebsd.org/pipermail/freebsd-current/2004-June/028442.html
http://lists.freebsd.org/pipermail/freebsd-current/2004-August/033554.html
the mbuma commit broke IPSec (ENOBUF) with default MSIZE (256). Setting
it to 512 is a workaround, maybe someone more in FreeBSD kernel hacking
should look at the problem.

Best Regards,

Hannes Mehnert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (FreeBSD)

iD8DBQFBVLjWRcuNlziBjRwRApiFAKC9uXQwNI8rkWuDJObHB9l/ewtHHgCeJ1Xt
GmHuZQfiTLp7pYP2VTDale0=
=w9p7
-----END PGP SIGNATURE-----