From owner-freebsd-net@FreeBSD.ORG  Mon Oct 20 19:44:35 2014
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 4D7FDF4
 for <freebsd-net@freebsd.org>; Mon, 20 Oct 2014 19:44:35 +0000 (UTC)
Received: from new1-smtp.messagingengine.com (new1-smtp.messagingengine.com
 [66.111.4.221])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 20278F32
 for <freebsd-net@freebsd.org>; Mon, 20 Oct 2014 19:44:34 +0000 (UTC)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
 by gateway2.nyi.internal (Postfix) with ESMTP id E333C3F8A
 for <freebsd-net@freebsd.org>; Mon, 20 Oct 2014 15:44:33 -0400 (EDT)
Received: from web3 ([10.202.2.213])
 by compute1.internal (MEProxy); Mon, 20 Oct 2014 15:44:33 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
 messagingengine.com; h=message-id:x-sasl-enc:from:to
 :mime-version:content-transfer-encoding:content-type:in-reply-to
 :references:subject:date; s=smtpout; bh=rBUsUuJC9MW24k5fgNnIhklq
 cg4=; b=ZbLXy0mXpi4zi1lA/vNzsrsr5IUhp8Z2dayYOwZAAeq097z3MbMWFuVW
 ZKvucg3s3p7+gfxW0lRD+HVMht9Hi7FgU5dEJbaVtNYTAQ5KcHQOKJzC8RD8Y9LY
 dC3vFQ8+iSpkel4smjbeOm9RtgDviEvY8qiUpPikAVsjD2oRSY4=
Received: by web3.nyi.internal (Postfix, from userid 99)
 id 9CAC011790A; Mon, 20 Oct 2014 15:44:33 -0400 (EDT)
Message-Id: <1413834273.2953625.181228801.6E462532@webmail.messagingengine.com>
X-Sasl-Enc: G5d2CR3qiHzE9FPR0gBfxEp8F2RVGR5rmNxKI4Pt3p/T 1413834273
From: Mark Felder <feld@FreeBSD.org>
To: Matthew Grooms <mgrooms@shrew.net>, freebsd-net@freebsd.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain
X-Mailer: MessagingEngine.com Webmail Interface - ajax-e69fc525
In-Reply-To: <544535C2.9020301@shrew.net>
References: <544535C2.9020301@shrew.net>
Subject: Re: Broken IPsec + enc +pf/ipfw
Date: Mon, 20 Oct 2014 14:44:33 -0500
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Oct 2014 19:44:35 -0000



On Mon, Oct 20, 2014, at 11:18, Matthew Grooms wrote:
> All,
> 
> There appears to be an issue with FreeBSD 10.x when using enc device to 
> filter inbound traffic on the receive path. After searching the mailing 
> lists, I see two different people reporting the issue ...
> 

Your subject mentions ipfw, but I don't see any mention of it in the
body of your email or the bug report. Is this problem strictly related
to pf? Is ipfw unaffected?