Date: Fri, 25 Oct 2013 16:09:18 GMT From: Olivier Cochard-Labbe <olivier@cochard.me> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/183303: Add a fastforwarding check to the ipsec rc script Message-ID: <201310251609.r9PG9IrW016656@oldred.freebsd.org> Resent-Message-ID: <201310251610.r9PGA2ah047929@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 183303
>Category: bin
>Synopsis: Add a fastforwarding check to the ipsec rc script
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Oct 25 16:10:01 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: Olivier Cochard-Labbe
>Release: 9.2
>Organization:
BSD Router Project
>Environment:
FreeBSD R2 9.2-RELEASE FreeBSD 9.2-RELEASE #6 r255918M: Fri Oct 25 10:00:55 CEST 2013 root@orange.bsdrp.net:/usr/obj/BSDRP.amd64/usr/local/BSDRP/BSDRP/FreeBSD/src/sys/amd64 amd64
>Description:
as noticed in inet(4): fastforwarding is not compatible with ipsec, but there is no error message from the kernel regarding this incompatibility when used together.
Here is a simple chock added on the rc.d/ipsec script regarding this incompatibility
>How-To-Repeat:
>Fix:
Apply this patch
Patch attached with submission follows:
Index: etc/rc.d/ipsec
===================================================================
--- etc/rc.d/ipsec (revision 255918)
+++ etc/rc.d/ipsec (working copy)
@@ -23,6 +23,11 @@
ipsec_prestart()
{
+ if [ `sysctl -n net.inet.ip.fastforwarding` = 1 ]; then
+ warn "ipsec is not compatible with fastforwarding"
+ stop_boot
+ return 1
+ fi
if [ ! -f "$ipsec_file" ]; then
warn "$ipsec_file not readable; ipsec start aborted."
stop_boot
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201310251609.r9PG9IrW016656>