Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 5 Aug 2003 03:41:45 -0700
From:      Luigi Rizzo <luigi@FreeBSD.org>
To:        Ari Suutari <ari.suutari@syncrontech.com>
Cc:        freebsd-ipfw@FreeBSD.org
Subject:   Re: kern/53624: patches for ipfw2 to support ipsec packet filtering
Message-ID:  <20030805034145.B49439@xorpc.icir.org>
In-Reply-To: <200308041029.45598.ari.suutari@syncrontech.com>; from ari.suutari@syncrontech.com on Mon, Aug 04, 2003 at 10:29:45AM +0300
References:  <200307070113.h671DPeG082710@freefall.freebsd.org> <20030706234624.A45394@xorpc.icir.org> <20030710110751.L84774@majakka.cksoft.de> <200308041029.45598.ari.suutari@syncrontech.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Ari,
maybe the problem was with FAST_IPSEC, i seem to remember a related
MFC recently...

[Sam, this is about the 'ipsec' dummynet option which was reported
as not working with RELENG_4...]

	cheers
	luigi

On Mon, Aug 04, 2003 at 10:29:45AM +0300, Ari Suutari wrote:
> Hi,
> 
> On Thursday 10 July 2003 12:12, Christian Kratzer wrote:
> > Hi,
> >
> > We applied the patch to a RELENG_4 system but can't seem to be able to
> > catch packets based on them having ipsec history or not.
> >
> > We have "options IPSEC_FILTERGIF" and "options IPFW2" in our kernel config.
> >
> > We currently have an ipsec esp tunnel running between two locations without
> > any gif tunnels.  IPSEC_FILTERGIF seems to be working fine as packets are
> > now being filtered by our ipfw ruleset.
> >
> > We can't match any packets based on the ipsec or not ipsec flags in ipfw2.
> >
> > I just wanted to ask if somebody knows the obvious before I start digging
> > my head in the code.
> 
> 	I did my quick testing on 5.1-RELEASE system, but I cannot really 
> 	understand why the change wouldn't work on RELENG_4 also.
> 	It uses only one call which works on RELENG_4 (otherwise a system
> 	*without* IPSEC_FILTERGIF wouldn't work as expected).
> 
> 	I have really tested with KAME ipsec. Are you using FAST_IPSEC ?
> 
> 		Ari S.
> 



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20030805034145.B49439>