Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 4 Aug 2003 10:29:45 +0300
From:      Ari Suutari <>
To:        Christian Kratzer <>, Christian Kratzer <>, Luigi Rizzo <>
Subject:   Re: kern/53624: patches for ipfw2 to support ipsec packet filtering
Message-ID:  <>
In-Reply-To: <>
References:  <> <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

On Thursday 10 July 2003 12:12, Christian Kratzer wrote:
> Hi,
> We applied the patch to a RELENG_4 system but can't seem to be able to
> catch packets based on them having ipsec history or not.
> We have "options IPSEC_FILTERGIF" and "options IPFW2" in our kernel config.
> We currently have an ipsec esp tunnel running between two locations without
> any gif tunnels.  IPSEC_FILTERGIF seems to be working fine as packets are
> now being filtered by our ipfw ruleset.
> We can't match any packets based on the ipsec or not ipsec flags in ipfw2.
> I just wanted to ask if somebody knows the obvious before I start digging
> my head in the code.

	I did my quick testing on 5.1-RELEASE system, but I cannot really 
	understand why the change wouldn't work on RELENG_4 also.
	It uses only one call which works on RELENG_4 (otherwise a system
	*without* IPSEC_FILTERGIF wouldn't work as expected).

	I have really tested with KAME ipsec. Are you using FAST_IPSEC ?

		Ari S.

Want to link to this message? Use this URL: <>