Date: Mon, 5 Nov 2001 14:54:07 +0300 (MSK) From: Alexey Zakirov <frank@agava.com> To: <freebsd-hackers@freebsd.org> Subject: ipsec processing order Message-ID: <Pine.BSF.4.32.0111051440020.24854-100000@hellbell.domain>
next in thread | raw e-mail | index | archive | help
Hail! I have a complicated ip tunnel setup with ipsec encrypting. It's a netgraph udp tunnel that runs over ipsec in transport mode. On my side I have a natd which make NAT on tunneled ip. This was working fine until ip_input.c version 1.130.2.23. After that processed IPSEC packets have no chances to get back in ipfw so I can't catch them and direct into natd. I've found this change only yersterday because I didn't upgrade my gateway machine for 3 months. Could someone explain me why incoming ipsec packets automatically pass ipfw processing? ip_input.c: +#ifdef IPSEC + if (ipsec_gethist(m, NULL)) + goto pass; +#endif *** WBR, Alexey Zakirov (frank@agava.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.32.0111051440020.24854-100000>