From owner-freebsd-net@FreeBSD.ORG Mon Oct 20 20:03:24 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0F9DB71D for ; Mon, 20 Oct 2014 20:03:24 +0000 (UTC) Received: from mx1.shrew.net (mx1.shrew.net [38.97.5.131]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D47B71A7 for ; Mon, 20 Oct 2014 20:03:23 +0000 (UTC) Received: from mail.shrew.net (mail.shrew.prv [10.24.10.20]) by mx1.shrew.net (8.14.7/8.14.7) with ESMTP id s9KK2Ina027608 for ; Mon, 20 Oct 2014 15:02:18 -0500 (CDT) (envelope-from mgrooms@shrew.net) Received: from [10.16.32.30] (rrcs-50-84-127-134.sw.biz.rr.com [50.84.127.134]) by mail.shrew.net (Postfix) with ESMTPSA id C983D18ADFE for ; Mon, 20 Oct 2014 15:02:12 -0500 (CDT) Message-ID: <54456A85.9010409@shrew.net> Date: Mon, 20 Oct 2014 15:03:17 -0500 From: Matthew Grooms User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: freebsd-net@freebsd.org Subject: Re: Broken IPsec + enc +pf/ipfw References: <544535C2.9020301@shrew.net> <1413834273.2953625.181228801.6E462532@webmail.messagingengine.com> In-Reply-To: <1413834273.2953625.181228801.6E462532@webmail.messagingengine.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (mx1.shrew.net [10.24.10.10]); Mon, 20 Oct 2014 15:02:18 -0500 (CDT) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Oct 2014 20:03:24 -0000 On 10/20/2014 2:44 PM, Mark Felder wrote: > > On Mon, Oct 20, 2014, at 11:18, Matthew Grooms wrote: >> All, >> >> There appears to be an issue with FreeBSD 10.x when using enc device to >> filter inbound traffic on the receive path. After searching the mailing >> lists, I see two different people reporting the issue ... >> > > Your subject mentions ipfw, but I don't see any mention of it in the > body of your email or the bug report. Is this problem strictly related > to pf? Is ipfw unaffected? The link to the last email thread that I included made mention of ipfw. I am only testing the interaction with pf. I assume all the firewalls hook into pfil in more or less the same fashion, so it doesn't surprise me that both would experience the same dysfunction given the nature of the issue. -Matthew