From owner-freebsd-net Thu Jan 2 12:29:54 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B954937B401 for ; Thu, 2 Jan 2003 12:29:52 -0800 (PST) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 449C243EC5 for ; Thu, 2 Jan 2003 12:29:52 -0800 (PST) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (IDENT:brdavis@localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.12.3/8.12.3) with ESMTP id h02KTg8r028006; Thu, 2 Jan 2003 12:29:42 -0800 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.12.3/8.12.3/Submit) id h02KTfC3028005; Thu, 2 Jan 2003 12:29:41 -0800 Date: Thu, 2 Jan 2003 12:29:41 -0800 From: Brooks Davis To: Pekka Nikander Cc: freebsd-net@FreeBSD.ORG Subject: Re: IPsec / ipfw interaction in 4.7-STABLE: a proposed change Message-ID: <20030102122941.A27618@Odin.AC.HMC.Edu> References: <3E144753.7020905@nomadiclab.com> <86k7hnz4hp.fsf@notbsdems.nantes.kisoft-services.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="8t9RHnE3ZwKMSgU+" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <86k7hnz4hp.fsf@notbsdems.nantes.kisoft-services.com>; from e-masson@kisoft-services.com on Thu, Jan 02, 2003 at 09:22:26PM +0100 X-Virus-Scanned: by amavisd-milter (http://amavis.org/) on odin.ac.hmc.edu Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --8t9RHnE3ZwKMSgU+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable [Sorry to reply to the wrong message, but I missed this earlier.] On Thu, Jan 02, 2003 at 09:22:26PM +0100, Eric Masson wrote: > >>>>> "Pekka" =3D=3D Pekka Nikander write= s: >=20 > Pekka> Now, as a small step to that direction I made the following > Pekka> small hack to netinet6/esp_input.c It changes the ESP tunneled > Pekka> packets to look like they were coming from the loopback > Pekka> interface. And it works like charm. However, this is not a > Pekka> proper fix, and a better one might be to increment NLOOP and use > Pekka> loif[1] instead of loif[0]. Opinions? loif[] is evil and its use should not be extended. In any case, NLOOP no longer exists in current since loopback interfaces are clonable. If you didn't want to adopt OpenBSD's enc interface, an alternate solution might be to set up an ioctl to allow you to register the interface you want to have these packets come from. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --8t9RHnE3ZwKMSgU+ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+FKE1XY6L6fI4GtQRAryQAKDWd6qp2gftEPCDoq1XjKDSOYrPIQCguWcP snQ9MD3kDF4Uim2forTvTn4= =CgJI -----END PGP SIGNATURE----- --8t9RHnE3ZwKMSgU+-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message