kern/185876: ipfw not matching incoming packets decapsulating ipsec. example l2tp/ipsec
Nicolas DEFFAYET
nicolas at deffayet.com
Tue Feb 25 22:57:26 UTC 2014
On Tue, 2014-02-25 at 23:24 +0100, Georgios Amanakis wrote:
> > Index: netipsec/xform_ipip.c
> > ===================================================================
> > --- netipsec/xform_ipip.c (revision 262492)
> > +++ netipsec/xform_ipip.c (working copy)
> > @@ -181,6 +181,7 @@
> > IPIPSTAT_INC(ipips_ipackets);
> >
> > m_copydata(m, 0, 1, &v);
> > + m_clrprotoflags(m);
> >
> > switch (v >> 4) {
> > #ifdef INET
>
>
> That one does not resolve it correctly, i.e. not all ipsec packets are
> captured. Furthermore, the captured packets have both directions, in
> and out (as captured by: allow ip from any to any in, allow ip from
> any to any out)
Did you test with IPsec as transport mode or as tunnel mode ?
--
Nicolas DEFFAYET
More information about the freebsd-bugs
mailing list