[Bug 169620] [ng] [pf] ng_l2tp incoming packet bypass pf firewall
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 27 Dec 2021 10:46:03 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=169620 longwitz@incore.de changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |longwitz@incore.de --- Comment #8 from longwitz@incore.de --- The patch given in bug 187566 has solved an other problem than the one discussed in this bug report. We still need the patch --- ng_l2tp.c.1st 2021-12-19 19:31:10.693840000 +0100 +++ ng_l2tp.c 2021-12-23 14:50:47.334147000 +0100 @@ -755,6 +755,7 @@ hookpriv_p hpriv = NULL; hook_p hook = NULL; struct mbuf *m; + struct m_tag *mtag; u_int16_t tid, sid; u_int16_t hdr; u_int16_t ns, nr; @@ -997,6 +998,11 @@ NG_FREE_M(m); ERROUT(0); } + + /* Delete an existing ipsec tag */ + mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); + if (mtag != NULL) + m_tag_delete(m, mtag); /* Deliver data */ NG_FWD_NEW_DATA(error, item, hook, m); The same issue for if_epair.c is solved in FreeBSD V12.3 calling a new statc function called epair_clear_mbuf(). commit ae23f081... Andreas -- You are receiving this mail because: You are the assignee for the bug.