From owner-freebsd-net@FreeBSD.ORG  Tue Apr  1 08:15:33 2003
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id ECEED37B401
	for <freebsd-net@FreeBSD.org>; Tue,  1 Apr 2003 08:15:33 -0800 (PST)
Received: from musique.teaser.net (musique.teaser.net [213.91.2.11])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DAC5B43FA3
	for <freebsd-net@FreeBSD.org>; Tue,  1 Apr 2003 08:15:32 -0800 (PST)
	(envelope-from e-masson@kisoft-services.com)
Received: from notbsdems.interne.kisoft-services.com
	(nantes.kisoft-services.com [193.56.60.243])
	by musique.teaser.net (Postfix) with ESMTP id F323972511
	for <freebsd-net@FreeBSD.org>; Tue,  1 Apr 2003 18:15:30 +0200 (CEST)
Received: by notbsdems.interne.kisoft-services.com (Postfix, from userid 1001)
	id 6BF295A9F8; Tue,  1 Apr 2003 18:15:20 +0200 (CEST)
To: Mailing List FreeBSD Network <freebsd-net@FreeBSD.org>
From: Eric Masson <e-masson@kisoft-services.com>
X-Operating-System: FreeBSD 4.8-RC i386
Date: Tue, 01 Apr 2003 18:15:20 +0200
Message-ID: <86pto6mbxj.fsf@notbsdems.interne.kisoft-services.com>
User-Agent: Gnus/5.090017 (Oort Gnus v0.17) XEmacs/21.4 (Common Lisp,
 berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Subject: options FAST_IPSEC & tunnels
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Apr 2003 16:15:34 -0000

Hello

I'm using IPSEC tunnels to join different gateways over the Internet.

I've made some trials with FAST_IPSEC today (I've received a Soekris
VPN1201) and i'm facing a problem with incoming packets.

The following code snippet from /sys/netinet/ip_input.c permits
detunneled packets to flow without being filtered by ipf/ipfw :

#if defined(IPSEC) && !defined(IPSEC_FILTERGIF)
	/*
	 * Bypass packet filtering for packets from a tunnel (gif).
	 */
	if (ipsec_gethist(m, NULL))
		goto pass;
#endif

Is there any counterpart for FAST_IPSEC (I've dug thru the code, but no
luck atm) ?

Regards.

Eric Masson

-- 
 je me suis créé un tas d'amis virtuels. Pourquoi cette sympathie? le
 flux peut-être magnétique que je dégage, vu que je guéris les brûlures
 par pression de mes mains sur les plaies et cloques. Et c'est vrai.
 -+- DD in <http://www.le-gnu.net> C'est vrai je l'ai lu sur usenet -+-