Date: Sun, 05 Aug 2001 00:23:21 +1000 From: "Chris" <mlnn4@oaks.com.au> To: "freebsd-net" <freebsd-net@FreeBSD.ORG> Subject: Re: kernel upgrade causes truncated IPSEC packets Message-ID: <200108041423.f74ENf306225@aussie.org>
next in thread | raw e-mail | index | archive | help
On Friday, 3 August 2001 Bill Fenner <fenner@research.att.com> wrote: > A 0-length mbuf in the chain is at best useless and perhaps fairly > unexpected (thus the bug in if_tun.c lasting for 6.5 years before > being found). Indeed. And I have to wonder how many other interfaces will have the same problem. IMO getting IPSEC to work well is hard enough as it is (if the feedback I get from from other folks is correct; I was fortunate that I had experience doing Cisco VPN's before I tackled the KAME ones) without having other problems like this in the way. Most folk would just give up if they faced a problem like this the first time they tried to use IPSEC. Goodness knows, -I- almost gave up, and I had the advantage of knowing that there was nothing wrong with my configuration ... I spent many, many hours chasing the problem to the point where I discovered it was in the PPP code. I know that in retrospect that sounds stupid (I should have dumped the PPP async stuff earlier), but since I could actually *see* the packets leaving the machine (blinkenlights on modem) and tcpdump also showed good packets, I simply refused to believe that the problem was inside the machine ... -- Chris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108041423.f74ENf306225>