kern/186385: pf don't work as expected in 10.0 with same configuration used on 9.1
Nicolas DEFFAYET
nicolas at deffayet.com
Sun Feb 23 13:40:05 UTC 2014
The following reply was made to PR kern/186385; it has been noted by GNATS.
From: Nicolas DEFFAYET <nicolas at deffayet.com>
To: bug-followup at FreeBSD.org, andre at freebsd.org
Cc:
Subject: Re: kern/186385: pf don't work as expected in 10.0 with same
configuration used on 9.1
Date: Sun, 23 Feb 2014 14:36:01 +0100
Related to:
kern/185876: ipfw not matching incoming packets decapsulating ipsec.
example l2tp/ipsec
kern/186755: ipsec tunnels don't work with pf or ipfw
After very long testing, i have discovered the route cause.
The revision 254519 break the firewall with IPsec.
http://svnweb.freebsd.org/base?view=revision&revision=254519
"Move the global M_SKIP_FIREWALL mbuf flags to a protocol layer specific
flag instead. The flag is only used within the IP and IPv6 layer 3
protocols.
Because some firewall packages treat IPv4 and IPv6 packets the same the
flag should have the same value for both."
It seem that some code doesn't have been updated for allow firewall to
work with IPsec.
--
Nicolas DEFFAYET
More information about the freebsd-bugs
mailing list