From owner-freebsd-security Mon Feb 10 11:24:14 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 424B637B401 for ; Mon, 10 Feb 2003 11:24:11 -0800 (PST) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 584A843FAF for ; Mon, 10 Feb 2003 11:24:08 -0800 (PST) (envelope-from nectar@celabo.org) Received: from opus.celabo.org (opus.celabo.org [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id D141C38; Mon, 10 Feb 2003 13:24:07 -0600 (CST) Received: by opus.celabo.org (Postfix, from userid 1001) id 4AE845866; Mon, 10 Feb 2003 13:22:07 -0600 (CST) Date: Mon, 10 Feb 2003 13:22:07 -0600 From: "Jacques A. Vidrine" To: Andriy Gapon Cc: freebsd-security@freebsd.org Subject: Re: ipsec & ipfw: 4.7-release vs -stable Message-ID: <20030210192207.GC5292@opus.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Andriy Gapon , freebsd-security@freebsd.org References: <20030210114213.P53494@edge.foundation.invalid> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030210114213.P53494@edge.foundation.invalid> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.1i-ja.1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Feb 10, 2003 at 11:43:04AM -0500, Andriy Gapon wrote: > > Is there any remedy expected before 4.8 release for the situation with > ipsec & ipfw interaction that was created after 'ip_input.c 1.130.2.40, > MFC: 1.214' ? > > The reason I am asking this question with such a big crosspost is that it > seems that all previous discussions on this topic resulted in nothing. And > this change definetely breaks things for those who use ipsec without extra > stuff like gif tunnels. It definetely doesn't look like a kind of change > welcomed in -stable branch, not mentioning a potential security > vulnaribity for those who can not use gif. > > I apologize in the case I have missed any latest developments in this > area. Hello Andriy, What is the problem you are having, exactly? What is the `potential security vulnaribity'? Cheers, -- Jacques A. Vidrine http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message