Date: Mon, 24 Feb 2014 13:30:50 -0800 (PST) From: George Amanakis <g_amanakis@yahoo.com> To: "bug-followup@FreeBSD.org" <bug-followup@FreeBSD.org>, "a.v.volobuev@gmail.com" <a.v.volobuev@gmail.com>, "andre@freebsd.org" <andre@freebsd.org>, "melifaro@FreeBSD.org" <melifaro@FreeBSD.org>, "freebsd-bugs@freebsd.org" <freebsd-bugs@freebsd.org> Subject: Re: kern/185876: ipfw not matching incoming packets decapsulating ipsec. example l2tp/ipsec Message-ID: <1393277450.77946.YahooMailNeo@web121001.mail.ne1.yahoo.com> In-Reply-To: <1393197488.20693.YahooMailNeo@web121004.mail.ne1.yahoo.com> References: <1393176921.3248.YahooMailNeo@web121006.mail.ne1.yahoo.com> <1393197488.20693.YahooMailNeo@web121004.mail.ne1.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
=0AThe problem seems to be that M_SKIP_FIREWALL (macro of M_PROTO3) is clea= red through m_clrprotoflags(), i.e. not transferred between the layers.=0A= =0AThis is a reversion of the 254519 on 10.0-STABLE:=0A=0AIndex: netinet/ip= _var.h=0A=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0A--- netinet/= ip_var.h=A0=A0=A0 (revision 262459)=0A+++ netinet/ip_var.h=A0=A0=A0 (workin= g copy)=0A@@ -163,12 +163,10 @@=0A=A0#define IP_ALLOWBROADCAST=A0=A0=A0 SO_= BROADCAST=A0=A0=A0 /* 0x20 can send broadcast packets */=0A=A0=0A=A0/*=0A- = * IPv4 protocol layer specific mbuf flags.=0A+ * mbuf flag used by ip_fastf= wd=0A=A0 */=0A=A0#define=A0=A0=A0 M_FASTFWD_OURS=A0=A0=A0 =A0=A0=A0 M_PROTO= 1=A0=A0=A0 /* changed dst to local */=0A=A0#define=A0=A0=A0 M_IP_NEXTHOP=A0= =A0=A0 =A0=A0=A0 M_PROTO2=A0=A0=A0 /* explicit ip nexthop */=0A-#define=A0= =A0=A0 M_SKIP_FIREWALL=A0=A0=A0 =A0=A0=A0 M_PROTO3=A0=A0=A0 /* skip firewal= l processing,=0A-=A0=A0=A0 =A0=A0=A0 =A0=A0=A0 =A0=A0=A0 =A0=A0=A0 =A0=A0= =A0 =A0=A0 keep in sync with IP6 */=0A=A0#define=A0=A0=A0 M_IP_FRAG=A0=A0= =A0 =A0=A0=A0 M_PROTO4=A0=A0=A0 /* fragment reassembly */=0A=A0=0A=A0#ifdef= __NO_STRICT_ALIGNMENT=0AIndex: netinet6/ip6_var.h=0A=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0A--- netinet6/ip6_var.h=A0=A0=A0 (revision = 262459)=0A+++ netinet6/ip6_var.h=A0=A0=A0 (working copy)=0A@@ -293,12 +293,= 7 @@=0A=A0#define=A0=A0=A0 IPV6_FORWARDING=A0=A0=A0 =A0=A0=A0 0x02=A0=A0=A0= /* most of IPv6 header exists */=0A=A0#define=A0=A0=A0 IPV6_MINMTU=A0=A0= =A0 =A0=A0=A0 0x04=A0=A0=A0 /* use minimum MTU (IPV6_USE_MIN_MTU) */=0A=A0= =0A-/*=0A- * IPv6 protocol layer specific mbuf flags.=0A- */=0A-#define=A0= =A0=A0 M_IP6_NEXTHOP=A0=A0=A0 =A0=A0=A0 M_PROTO2=A0=A0=A0 /* explicit ip ne= xthop */=0A-#define=A0=A0=A0 M_SKIP_FIREWALL=A0=A0=A0 =A0=A0=A0 M_PROTO3=A0= =A0=A0 /* skip firewall processing,=0A-=A0=A0=A0 =A0=A0=A0 =A0=A0=A0 =A0=A0= =A0 =A0=A0=A0 =A0=A0=A0 =A0=A0 keep in sync with IPv4 */=0A+#define=A0=A0= =A0 M_IP6_NEXTHOP=A0=A0=A0 =A0=A0=A0 M_PROTO7=A0=A0=A0 /* explicit ip nexth= op */=0A=A0=0A=A0#ifdef __NO_STRICT_ALIGNMENT=0A=A0#define IP6_HDR_ALIGNED_= P(ip)=A0=A0=A0 1=0AIndex: sys/mbuf.h=0A=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=0A--- sys/mbuf.h=A0=A0=A0 (revision 262459)=0A+++ sys/mbuf.= h=A0=A0=A0 (working copy)=0A@@ -235,7 +235,7 @@=0A=A0#define=A0=A0=A0 M_PRO= TO9=A0=A0=A0 0x00100000 /* protocol-specific */=0A=A0#define=A0=A0=A0 M_PRO= TO10=A0=A0=A0 0x00200000 /* protocol-specific */=0A=A0#define=A0=A0=A0 M_PR= OTO11=A0=A0=A0 0x00400000 /* protocol-specific */=0A-#define=A0=A0=A0 M_PRO= TO12=A0=A0=A0 0x00800000 /* protocol-specific */=0A+#define=A0=A0=A0 M_SKIP= _FIREWALL=A0=A0=A0 0x00800000=0A=A0=0A=A0/*=0A=A0 * Flags to purge when cro= ssing layers.=0A@@ -242,13 +242,13 @@=0A=A0 */=0A=A0#define=A0=A0=A0 M_PROT= OFLAGS \=0A=A0=A0=A0=A0 (M_PROTO1|M_PROTO2|M_PROTO3|M_PROTO4|M_PROTO5|M_PRO= TO6|M_PROTO7|M_PROTO8|\=0A-=A0=A0=A0=A0 M_PROTO9|M_PROTO10|M_PROTO11|M_PROT= O12)=0A+=A0=A0=A0=A0 M_PROTO9|M_PROTO10|M_PROTO11)=0A=A0=0A=A0/*=0A=A0 * Fl= ags preserved when copying m_pkthdr.=0A=A0 */=0A=A0#define M_COPYFLAGS \=0A= -=A0=A0=A0 (M_PKTHDR|M_EOR|M_RDONLY|M_BCAST|M_MCAST|M_VLANTAG|M_PROMISC| \= =0A+=A0=A0=A0 (M_PKTHDR|M_EOR|M_RDONLY|M_SKIP_FIREWALL|M_BCAST|M_MCAST|M_VL= ANTAG|M_PROMISC| \=0A=A0=A0=A0=A0=A0 M_PROTOFLAGS)=0A=A0=0A=A0/*=0A@@ -255,= 12 +255,12 @@=0A=A0 * Mbuf flag description for use with printf(9) %b ident= ifier.=0A=A0 */=0A=A0#define=A0=A0=A0 M_FLAG_BITS \=0A-=A0=A0=A0 "\20\1M_EX= T\2M_PKTHDR\3M_EOR\4M_RDONLY\5M_BCAST\6M_MCAST" \=0A-=A0=A0=A0 "\7M_PROMISC= \10M_VLANTAG\11M_FLOWID"=0A+=A0=A0=A0 "\20\1M_EXT\2M_PKTHDR\3M_EOR\4M_RDONL= Y\5M_SKIP_FIREWALL\6M_BCAST\7M_MCAST" \=0A+=A0=A0=A0 "\8M_PROMISC\10M_VLANT= AG\11M_FLOWID"=0A=A0#define=A0=A0=A0 M_FLAG_PROTOBITS \=0A=A0=A0=A0=A0 "\15= M_PROTO1\16M_PROTO2\17M_PROTO3\20M_PROTO4\21M_PROTO5" \=0A=A0=A0=A0=A0 "\22= M_PROTO6\23M_PROTO7\24M_PROTO8\25M_PROTO9\26M_PROTO10" \=0A-=A0=A0=A0 "\27M= _PROTO11\30M_PROTO12"=0A+=A0=A0=A0 "\27M_PROTO11"=0A=A0#define=A0=A0=A0 M_F= LAG_PRINTF (M_FLAG_BITS M_FLAG_PROTOBITS)=0A=A0=0A=A0/*=0A
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1393277450.77946.YahooMailNeo>