----Security_Multipart0(Tue_Dec_28_19_38_59_2004_461)-- Content-Type: Multipart/Mixed; boundary="--Next_Part(Tue_Dec_28_19_38_59_2004_771)--" Content-Transfer-Encoding: 7bit ----Next_Part(Tue_Dec_28_19_38_59_2004_771)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi, Here is a patch to disable the ESP option for ip6fw which does not work properly. ----Next_Part(Tue_Dec_28_19_38_59_2004_771)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="ip6_fw.c.diff" Fix conditions since ip6fw does not handle ESP correctly. Obtained from: FreeBSD (ip6_fw.c:1.2.2.9->1.2.2.10) Index: ip6_fw.c =================================================================== RCS file: /cvs/src/sys/net/ip6fw/ip6_fw.c,v retrieving revision 1.10 diff -d -u -I\$FreeBSD:.*\$ -I\$NetBSD:.*\$ -I\$OpenBSD:.*\$ -I\$DragonFly:.*\$ -I\$Id:.*\$ -I\$hrs:.*\$ -r1.10 ip6_fw.c --- ip6_fw.c 2 Aug 2004 13:22:33 -0000 1.10 +++ ip6_fw.c 28 Dec 2004 09:38:38 -0000 @@ -289,19 +289,17 @@ case IPPROTO_ESP: opts &= ~IPV6_FW_IP6OPT_ESP; nopts &= ~IPV6_FW_IP6OPT_ESP; - break; + goto opts_check; case IPPROTO_NONE: opts &= ~IPV6_FW_IP6OPT_NONXT; nopts &= ~IPV6_FW_IP6OPT_NONXT; goto opts_check; - break; case IPPROTO_DSTOPTS: opts &= ~IPV6_FW_IP6OPT_OPTS; nopts &= ~IPV6_FW_IP6OPT_OPTS; break; default: goto opts_check; - break; } *off += (ip6e->ip6e_len + 1) << 3; break; ----Next_Part(Tue_Dec_28_19_38_59_2004_771)---- ----Security_Multipart0(Tue_Dec_28_19_38_59_2004_461)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBB0TfDTyzT2CeTzy0RAlZuAJ965L62VDcHDk9WVXnrSBNSk6JKEgCeIiRN aUnrxGUcAymH6kc6fiO4qhQ= =ApxB -----END PGP SIGNATURE----- ----Security_Multipart0(Tue_Dec_28_19_38_59_2004_461)----