From owner-freebsd-net@FreeBSD.ORG Mon Oct 20 20:00:28 2014 Return-Path: <owner-freebsd-net@FreeBSD.ORG> Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9DF4467B for <freebsd-net@freebsd.org>; Mon, 20 Oct 2014 20:00:28 +0000 (UTC) Received: from mx2.shrew.net (mx2.shrew.net [38.97.5.132]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6F93E101 for <freebsd-net@freebsd.org>; Mon, 20 Oct 2014 20:00:27 +0000 (UTC) Received: from mail.shrew.net (mail.shrew.prv [10.24.10.20]) by mx2.shrew.net (8.14.7/8.14.7) with ESMTP id s9KJxM0R068771 for <freebsd-net@freebsd.org>; Mon, 20 Oct 2014 14:59:22 -0500 (CDT) (envelope-from mgrooms@shrew.net) Received: from [10.16.32.30] (rrcs-50-84-127-134.sw.biz.rr.com [50.84.127.134]) by mail.shrew.net (Postfix) with ESMTPSA id F0D6E18A8BD for <freebsd-net@freebsd.org>; Mon, 20 Oct 2014 14:59:10 -0500 (CDT) Message-ID: <544569CF.2060905@shrew.net> Date: Mon, 20 Oct 2014 15:00:15 -0500 From: Matthew Grooms <mgrooms@shrew.net> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: freebsd-net@freebsd.org Subject: Re: Broken IPsec + enc +pf/ipfw References: <544535C2.9020301@shrew.net> <544566D2.40303@FreeBSD.org> In-Reply-To: <544566D2.40303@FreeBSD.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (mx2.shrew.net [10.24.10.11]); Mon, 20 Oct 2014 14:59:22 -0500 (CDT) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>, <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/> List-Post: <mailto:freebsd-net@freebsd.org> List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>, <mailto:freebsd-net-request@freebsd.org?subject=subscribe> X-List-Received-Date: Mon, 20 Oct 2014 20:00:28 -0000 On 10/20/2014 2:47 PM, Andrey V. Elsukov wrote: > On 20.10.2014 20:18, Matthew Grooms wrote: >> Lastly, I tried to locate a relevant PR but didn't find anything >> concrete. Is this related to the issue? And if so, can it be MFCd? >> >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=110959 > > Did you try the patch from last PR? It is small and should be applicable > to stable/10. > As I mentioned, it's not clear to me if the patch was intended to fix the issue that I am describing. Is that the case? If so, I would be happy to apply it and report back. These are production firewalls, so I'd prefer to have some feedback before calculating that risk. Thanks, -Matthew