Guido van Rooij wrote: > > The problem is that while ESP packets arrive to be processed by > > IPsec just fine thru my ipfw rules, when the packets are de-encrypted > > and re-inserted into the kernel they appear to ipfw to be coming from > > my external interface (the one they arrived on via ESP). tcpdump can't > > find them (decrypted) on the external interface.
I think the bug is that in esp4_input() the "detunneled" packet is placed back onto the IP input queue 'ipintrq' without the 'm->m_pkthdr.rcvif' being updated to point to the gif interface. -Archie __________________________________________________________________________ Archie Cobbs * Packet Design * http://www.packetdesign.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
