Broken IPsec + enc +pf/ipfw
Andrey V. Elsukov
bu7cher at yandex.ru
Mon Oct 20 20:52:51 UTC 2014
On 21.10.2014 00:00, Matthew Grooms wrote:
> On 10/20/2014 2:47 PM, Andrey V. Elsukov wrote:
>> On 20.10.2014 20:18, Matthew Grooms wrote:
>>> Lastly, I tried to locate a relevant PR but didn't find anything
>>> concrete. Is this related to the issue? And if so, can it be MFCd?
>>>
>>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=110959
>>
>> Did you try the patch from last PR? It is small and should be applicable
>> to stable/10.
>>
>
> As I mentioned, it's not clear to me if the patch was intended to fix
> the issue that I am describing. Is that the case? If so, I would be
> happy to apply it and report back. These are production firewalls, so
> I'd prefer to have some feedback before calculating that risk.
This commit fixes similar problem with ipfw in 11.0-CURRENT. But I think
it won't help you with pf in 10. I guess r266800 is what you need.
--
WBR, Andrey V. Elsukov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 538 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20141021/9da76b1c/attachment.sig>
More information about the freebsd-net
mailing list