https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248474
--- Comment #13 from Eugene Grosbein <eu...@freebsd.org> --- (In reply to Andrey V. Elsukov from comment #11) IPSec code adds PACKET_TAG_IPSEC_IN_DONE tag to decrypted mbuf then calls pfil hooks. Bad things could happen if mbuf looses PACKET_TAG_IPSEC_IN_DONE due to pfil hook processing: ipsec_in_reject() returns error code 1 (invalid) and packet is dropped increasing ips_in_polvio counter. Switching to IPSEC_LEVEL_USE is bad hack but it helps. -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
