Date: Wed, 29 Mar 2000 23:46:37 +0900 From: Yoshinobu Inoue <shin@nd.net.fujitsu.co.jp> To: louie@TransSys.COM Cc: freebsd-bugs@FreeBSD.ORG Subject: Re: bin/17606 bad IPSEC and traceroute interaction, with fix! Message-ID: <20000329234637E.shin@nd.net.fujitsu.co.jp> In-Reply-To: <200003280500.VAA34714@freefall.freebsd.org> References: <200003280500.VAA34714@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> >Description: > > When the default kernel IPSEC policy (as configured with setkey(8)) > includes all the traffic to a particular host, then attempting a > traceroute to that host fails. The packets being sent are encrypted, > and thus the ICMP time exceeded message cannot be returned. > > This is a follow-up to PR bin/17606 > > >How-To-Repeat: > > As described. > > >Fix: > > Steal the same sort of fix done in traceroute6, and apply to the IPv4 > "standard" traceroute in FreeBSD. Patch could be as attached. > Surprisingly, the ipsec.h file is in sys/netinet6 rather than sys/netinet. I didn't put the fix because I hesitated to touch contrib/traceroute dir. But contrib/traceroute/traceroute.c is already off from vendor branch, so I'll apply your patch. Thanks for it! Yoshinobu Inoue To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000329234637E.shin>