PF - pf not loading non-persist tables from main ruleset on 8.3-PRERELEASE
Hello list, I installed a box recently and updated it to 8.3-PRERELEASE on 2012/04/11 I'm experiencing this extremely weird behavior where PF refuses to load standard and const table definitions from the main ruleset. - persist tables load just fine - normal and const tables inside anchors load just fine Does anyone else have the same problem ? I'll try to update the kernel again, you never know. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
BURN_BRIDGES & /usr/src/sys/netinet6/ip6_output.c:582: undefined reference to `in6_selectroute_fib'
While attempting to burn bridges... yeah yeah I know, may include some civil infractions ;) On stable/8 i386 Last Changed Rev: 234180 fresh build linking kernel.debug ip6_output.o(.text+0x334f): In function `ip6_output': /usr/src/sys/netinet6/ip6_output.c:582: undefined reference to `in6_selectroute_fib' -- ;s =; ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: BURN_BRIDGES & /usr/src/sys/netinet6/ip6_output.c:582: undefined reference to `in6_selectroute_fib'
On 12. Apr 2012, at 17:10 , Jason Hellenthal wrote: > > While attempting to burn bridges... yeah yeah I know, may include some > civil infractions ;) > > On stable/8 i386 Last Changed Rev: 234180 fresh build > > linking kernel.debug > ip6_output.o(.text+0x334f): In function `ip6_output': > /usr/src/sys/netinet6/ip6_output.c:582: undefined reference to > `in6_selectroute_fib' It's basically a marker to not use this function anywhere new in the stable/ branches. It will change in HEAD soon given the code has now been in for almost two months (in HEAD) without further needs to re-adjustment. I am not sure we ever allowed compiling with BURN_BRIDGES set but I can change the #ifndef to THIS_IS_PART_OF_THE_PUBLIC_STABLE_KPI or something if needed. See the comment above it: http://svnweb.freebsd.org/base/stable/8/sys/netinet6/in6_src.c?annotate=232552#l820 /bz -- Bjoern A. Zeeb You have to have visions! It does not matter how good you are. It matters what good you do! ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
IPSec NAT-T in transport mode
Hello. Does FreeBSD 8.[0-4] support IPSec NAT-T in transport mode? Or it's still in broken state? I need to connect NATed VPN clients through L2TP/IPSec and seeing nothing in mpd5 logs, but growing counters of bad checksums in udp packets. After some research I found an opened kern/146190 with some sort of solving the problem through disabling checksum validation, but it still not work. Every incoming UDP encapsulated ESP packet toggles two counters: udp no checksums (because of 0 value in every incoming packet udp checksum) and udp bad checksums (hmmm..., I thought it shouldn't be happen with a magic patch). So, can anyone tell me is it possible to connect my NATed VPN clients through L2TP/IPSec or it's impossible nowadays? Thanks a lot. Zmiter 12.04.2012 ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: BURN_BRIDGES & /usr/src/sys/netinet6/ip6_output.c:582: undefined reference to `in6_selectroute_fib'
On Thu, Apr 12, 2012 at 06:10:47PM +, Bjoern A. Zeeb wrote: > > On 12. Apr 2012, at 17:10 , Jason Hellenthal wrote: > > > > > While attempting to burn bridges... yeah yeah I know, may include some > > civil infractions ;) > > > > On stable/8 i386 Last Changed Rev: 234180 fresh build > > > > linking kernel.debug > > ip6_output.o(.text+0x334f): In function `ip6_output': > > /usr/src/sys/netinet6/ip6_output.c:582: undefined reference to > > `in6_selectroute_fib' > > It's basically a marker to not use this function anywhere new in the stable/ > branches. It will change in HEAD soon given the code has now been in for > almost two months (in HEAD) without further needs to re-adjustment. I am not > sure we ever allowed compiling with BURN_BRIDGES set but I can change the > #ifndef to THIS_IS_PART_OF_THE_PUBLIC_STABLE_KPI or something if needed. Yeah compiling for me here was just a fundamental test but when I found that I figured I should at least let someone know in case it was useful. Thanks Bjoern > > See the comment above it: > http://svnweb.freebsd.org/base/stable/8/sys/netinet6/in6_src.c?annotate=232552#l820 > > /bz > > -- > Bjoern A. Zeeb You have to have visions! >It does not matter how good you are. It matters what good you do! > -- ;s =; ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Support for IPSec NAT-T in transoprt mode
Hello. Does FreeBSD 8.[0-4] support IPSec NAT-T in transport mode? Or it's still in broken state? I need to connect NATed VPN clients through L2TP/IPSec and seeing nothing in mpd5 logs, but growing counters of bad checksums in udp packets. After some research I found an opened kern/146190 with some sort of solving the problem through disabling checksum validation, but it still not work. Every incoming UDP encapsulated ESP packet toggles two counters: udp no checksums (because of 0 value in every incoming packet udp checksum) and udp bad checksums (hmmm..., I thought it shouldn't be happen with a magic patch). So, can anyone tell me is it possible to connect my NATed VPN clients through L2TP/IPSec or it's impossible nowadays? Thanks a lot. Zmiter 12.04.2012 ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
