The culprit is the "#define M_DECRYPTED M_PROTO3" in "netinet6/in6.h" (that is
regardless of whether or not INET6 has been set). It gets mixed up (netipsec
includes in.h, in.h includes in6.h) and so when the M_DECRYPTED flag is set,
M_SKIP_FIREWALL flag is also set.
It is not related to m_clrprotoflags().
___
freebsd-bugs@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
Another series of testing. In r254519, when the "#define M_SKIP_FIREWALL
M_PROTO3" is replaced with "#define M_SKIP_FIREWALL M_PROTO12" the problem
disappears. It seems to be a bug related to the definition of M_PROTO3.
___
freebsd-bugs@freebsd.org mail
The problem seems to be that M_SKIP_FIREWALL (macro of M_PROTO3) is
cleared through m_clrprotoflags(), i.e. not transferred between the
layers.
This is a reversion of the 254519 on 10.0-STABLE:
Index: netinet/ip_var.h
===
--- netin
The problem seems to be that M_SKIP_FIREWALL (macro of M_PROTO3) is cleared
through m_clrprotoflags(), i.e. not transferred between the layers.
This is a reversion of the 254519 on 10.0-STABLE:
Index: netinet/ip_var.h
===
--- netin
The following reply was made to PR kern/185876; it has been noted by GNATS.
From: George Amanakis
To: "bug-follo...@freebsd.org" ,
"a.v.volob...@gmail.com"
Cc:
Subject: Re: kern/185876: ipfw not matching incoming packets decapsulating
ipsec. example l2tp/ipsec
Date: Th
