kern/185876: ipfw not matching incoming packets decapsulating ipsec. example l2tp/ipsec
Georgios Amanakis
gamanakis at gmail.com
Tue Feb 25 22:24:10 UTC 2014
> Index: netipsec/xform_ipip.c
> ===================================================================
> --- netipsec/xform_ipip.c (revision 262492)
> +++ netipsec/xform_ipip.c (working copy)
> @@ -181,6 +181,7 @@
> IPIPSTAT_INC(ipips_ipackets);
>
> m_copydata(m, 0, 1, &v);
> + m_clrprotoflags(m);
>
> switch (v >> 4) {
> #ifdef INET
That one does not resolve it correctly, i.e. not all ipsec packets are
captured. Furthermore, the captured packets have both directions, in and
out (as captured by: allow ip from any to any in, allow ip from any to any
out)
More information about the freebsd-bugs
mailing list