[Bug 169620] [ng] [pf] ng_l2tp incoming packet bypass pf firewall

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 27 Dec 2021 10:46:03 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=169620

longwitz@incore.de changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |longwitz@incore.de

--- Comment #8 from longwitz@incore.de ---
The patch given in bug 187566 has solved an other problem than the one
discussed in this bug report. We still need the patch

--- ng_l2tp.c.1st       2021-12-19 19:31:10.693840000 +0100
+++ ng_l2tp.c   2021-12-23 14:50:47.334147000 +0100
@@ -755,6 +755,7 @@
        hookpriv_p hpriv = NULL;
        hook_p hook = NULL;
        struct mbuf *m;
+       struct m_tag *mtag;
        u_int16_t tid, sid;
        u_int16_t hdr;
        u_int16_t ns, nr;
@@ -997,6 +998,11 @@
                NG_FREE_M(m);
                ERROUT(0);
        }
+
+       /* Delete an existing ipsec tag */
+       mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL);
+       if (mtag != NULL)
+               m_tag_delete(m, mtag);

        /* Deliver data */
        NG_FWD_NEW_DATA(error, item, hook, m);

The same issue for if_epair.c is solved in FreeBSD V12.3 calling a new statc
function called epair_clear_mbuf(). commit ae23f081...

Andreas

-- 
You are receiving this mail because:
You are the assignee for the bug.