Date: Fri, 25 Oct 2013 16:09:18 GMT From: Olivier Cochard-Labbe <olivier@cochard.me> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/183303: Add a fastforwarding check to the ipsec rc script Message-ID: <201310251609.r9PG9IrW016656@oldred.freebsd.org> Resent-Message-ID: <201310251610.r9PGA2ah047929@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 183303 >Category: bin >Synopsis: Add a fastforwarding check to the ipsec rc script >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Oct 25 16:10:01 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Olivier Cochard-Labbe >Release: 9.2 >Organization: BSD Router Project >Environment: FreeBSD R2 9.2-RELEASE FreeBSD 9.2-RELEASE #6 r255918M: Fri Oct 25 10:00:55 CEST 2013 root@orange.bsdrp.net:/usr/obj/BSDRP.amd64/usr/local/BSDRP/BSDRP/FreeBSD/src/sys/amd64 amd64 >Description: as noticed in inet(4): fastforwarding is not compatible with ipsec, but there is no error message from the kernel regarding this incompatibility when used together. Here is a simple chock added on the rc.d/ipsec script regarding this incompatibility >How-To-Repeat: >Fix: Apply this patch Patch attached with submission follows: Index: etc/rc.d/ipsec =================================================================== --- etc/rc.d/ipsec (revision 255918) +++ etc/rc.d/ipsec (working copy) @@ -23,6 +23,11 @@ ipsec_prestart() { + if [ `sysctl -n net.inet.ip.fastforwarding` = 1 ]; then + warn "ipsec is not compatible with fastforwarding" + stop_boot + return 1 + fi if [ ! -f "$ipsec_file" ]; then warn "$ipsec_file not readable; ipsec start aborted." stop_boot >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201310251609.r9PG9IrW016656>