Date: Tue, 5 Aug 2003 03:41:45 -0700 From: Luigi Rizzo <luigi@FreeBSD.org> To: Ari Suutari <ari.suutari@syncrontech.com> Cc: freebsd-ipfw@FreeBSD.org Subject: Re: kern/53624: patches for ipfw2 to support ipsec packet filtering Message-ID: <20030805034145.B49439@xorpc.icir.org> In-Reply-To: <200308041029.45598.ari.suutari@syncrontech.com>; from ari.suutari@syncrontech.com on Mon, Aug 04, 2003 at 10:29:45AM %2B0300 References: <200307070113.h671DPeG082710@freefall.freebsd.org> <20030706234624.A45394@xorpc.icir.org> <20030710110751.L84774@majakka.cksoft.de> <200308041029.45598.ari.suutari@syncrontech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ari, maybe the problem was with FAST_IPSEC, i seem to remember a related MFC recently... [Sam, this is about the 'ipsec' dummynet option which was reported as not working with RELENG_4...] cheers luigi On Mon, Aug 04, 2003 at 10:29:45AM +0300, Ari Suutari wrote: > Hi, > > On Thursday 10 July 2003 12:12, Christian Kratzer wrote: > > Hi, > > > > We applied the patch to a RELENG_4 system but can't seem to be able to > > catch packets based on them having ipsec history or not. > > > > We have "options IPSEC_FILTERGIF" and "options IPFW2" in our kernel config. > > > > We currently have an ipsec esp tunnel running between two locations without > > any gif tunnels. IPSEC_FILTERGIF seems to be working fine as packets are > > now being filtered by our ipfw ruleset. > > > > We can't match any packets based on the ipsec or not ipsec flags in ipfw2. > > > > I just wanted to ask if somebody knows the obvious before I start digging > > my head in the code. > > I did my quick testing on 5.1-RELEASE system, but I cannot really > understand why the change wouldn't work on RELENG_4 also. > It uses only one call which works on RELENG_4 (otherwise a system > *without* IPSEC_FILTERGIF wouldn't work as expected). > > I have really tested with KAME ipsec. Are you using FAST_IPSEC ? > > Ari S. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030805034145.B49439>