Date: Tue, 19 Nov 2002 10:56:25 -0800 (PST) From: Archie Cobbs <archie@dellroad.org> To: Guido van Rooij <guido@gvr.org> Cc: David Kelly <dkelly@HiWAAY.net>, Scott Ullrich <sullrich@CRE8.COM>, "'Archie Cobbs'" <archie@dellroad.org>, "'greg.panula@dolaninformation.com'" <greg.panula@dolaninformation.com>, FreeBSD-stable@FreeBSD.ORG Subject: Re: IPsec/gif VPN tunnel packets on wrong NIC in ipfw? Message-ID: <200211191856.gAJIuPf6056699@arch20m.dellroad.org> In-Reply-To: <20021119150826.GA42097@gvr.gvr.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Guido van Rooij wrote: > > The problem is that while ESP packets arrive to be processed by > > IPsec just fine thru my ipfw rules, when the packets are de-encrypted > > and re-inserted into the kernel they appear to ipfw to be coming from > > my external interface (the one they arrived on via ESP). tcpdump can't > > find them (decrypted) on the external interface. I think the bug is that in esp4_input() the "detunneled" packet is placed back onto the IP input queue 'ipintrq' without the 'm->m_pkthdr.rcvif' being updated to point to the gif interface. -Archie __________________________________________________________________________ Archie Cobbs * Packet Design * http://www.packetdesign.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200211191856.gAJIuPf6056699>