IPsec filtertunnel broken on FreeBSD 10

[Nicolas DEFFAYET]

On Fri, 2014-02-07 at 15:31 +0400, Andrey V. Elsukov wrote: 
> On 07.02.2014 02:21, Nicolas DEFFAYET wrote:

Hello Andrey,

> > The IPsec filtertunnel is broken on FreeBSD 10: incoming packets
> > decapsulated are not going to firewall and to the pseudo interface enc.
> > 
> > This issue affect 10.0-RELEASE and 10.0-STABLE.
> > 9.1-RELEASE and 9.2-RELEASE are not affected.
> > 
> > Of course the systctl show that filtertunnel is enabled:
> > net.inet.ipsec.filtertunnel=1
> > net.inet6.ipsec.filtertunnel=1
> 
> Can you show what values do you have in the
> sysctl net.enc ?

I use default value (value not tunned in boot/loader.conf &
etc/sysctl.conf) 

FreeBSD 9.1-RELEASE
net.enc.in.ipsec_bpf_mask: 1
net.enc.in.ipsec_filter_mask: 1
net.enc.out.ipsec_bpf_mask: 3
net.enc.out.ipsec_filter_mask: 1

FreeBSD 10.0-RELEASE
net.enc.in.ipsec_bpf_mask: 1
net.enc.in.ipsec_filter_mask: 1
net.enc.out.ipsec_bpf_mask: 3
net.enc.out.ipsec_filter_mask: 1

Many thanks for your help

-- 
Nicolas DEFFAYET