From owner-freebsd-net  Mon Feb 10  8:42:21 2003
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8C25037B401; Mon, 10 Feb 2003 08:42:20 -0800 (PST)
Received: from mta3.srv.hcvlny.cv.net (mta3.srv.hcvlny.cv.net [167.206.5.9])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 8014243FA3; Mon, 10 Feb 2003 08:42:16 -0800 (PST)
	(envelope-from agapon@cv-nj.com)
Received: from asv16.srv.hcvlny.cv.net
 (asv16.srv.hcvlny.cv.net [167.206.5.170]) by mta3.srv.hcvlny.cv.net
 (iPlanet Messaging Server 5.2 HotFix 1.05 (built Nov  6 2002))
 with ESMTP id <0HA30025FQDWP4@mta3.srv.hcvlny.cv.net>; Mon,
 10 Feb 2003 11:41:59 -0500 (EST)
Received: from terminus.foundation.invalid
 (ool-4355489e.dyn.optonline.net [67.85.72.158])	by asv16.srv.hcvlny.cv.net
 (8.12.6/8.11.6) with ESMTP id h1AGfgMo002063; Mon,
 10 Feb 2003 11:41:46 -0500 (EST)
Received: from edge.foundation.invalid (edge.foundation.invalid [192.168.1.12])
	by terminus.foundation.invalid (8.12.6/8.12.3) with ESMTP id h1AGg6Eb038193;
 Mon, 10 Feb 2003 11:42:06 -0500 (EST envelope-from agapon@cv-nj.com)
Received: from localhost (localhost.foundation.invalid [127.0.0.1])
	by edge.foundation.invalid (8.12.6/8.12.6) with ESMTP id h1AGg6Wl053495; Mon,
 10 Feb 2003 11:42:06 -0500 (EST envelope-from agapon@cv-nj.com)
Date: Mon, 10 Feb 2003 11:42:06 -0500 (EST)
From: Andriy Gapon <agapon@cv-nj.com>
Subject: ipsec & ipfw: 4.7-release vs -stable
X-X-Sender: avg@edge.foundation.invalid
To: freebsd-stable@freebsd.org, freebsd-net@freebsd.org
Cc: Guido van Rooij <guido@freebsd.org>
Message-id: <20030210114109.G53494@edge.foundation.invalid>
MIME-version: 1.0
Content-type: TEXT/PLAIN; charset=US-ASCII
Content-transfer-encoding: 7BIT
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org


Is there any remedy expected before 4.8 release for the situation with
ipsec & ipfw interaction that was created after 'ip_input.c 1.130.2.40,
MFC: 1.214' ?

The reason I am asking this question with such a big crosspost is that it
seems that all previous discussions on this topic resulted in nothing. And
this change definetely breaks things for those who use ipsec without extra
stuff like gif tunnels. It definetely doesn't look like a kind of change
welcomed in -stable branch, not mentioning a potential security
vulnaribity for those who can not use gif.

I apologize in the case I have missed any latest developments in this
area.

-- 
Andriy Gapon

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message