Date: Fri, 24 Sep 2004 22:58:33 -0400 (EDT) From: Robert Watson <rwatson@freebsd.org> To: Hannes Mehnert <hannes@mehnert.org> Cc: Kris Kennaway <kris@obsecurity.org> Subject: Re: 5.3 IPSEC broken Message-ID: <Pine.NEB.3.96L.1040924225732.20796F-100000@fledge.watson.org> In-Reply-To: <20040925001623.GC5307@mehnert.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 25 Sep 2004, Hannes Mehnert wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Fri, Sep 24, 2004 at 04:52:48PM -0700, Kris Kennaway wrote: > > On Sat, Sep 25, 2004 at 01:43:32AM +0200, Hannes Mehnert wrote: > > > in 5.3-BETA5 IPSec is broken. > > > > Please provide more details. > > As described in > http://lists.freebsd.org/pipermail/freebsd-current/2004-June/028442.html > http://lists.freebsd.org/pipermail/freebsd-current/2004-August/033554.html > the mbuma commit broke IPSec (ENOBUF) with default MSIZE (256). Setting > it to 512 is a workaround, maybe someone more in FreeBSD kernel hacking > should look at the problem. I'd like to take a look at this sometime in the next few days. Could you send me an appropriately censored version of your racoon configuration for each endpoint that I can use as a starting point? Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Principal Research Scientist, McAfee Research
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1040924225732.20796F-100000>