RE: ipfilter bug on tunnel interface?

To:	<ipfilter@coombs.anu.edu.au>
Subject:	RE: ipfilter bug on tunnel interface?
From:	"Xu, Chun Gang \(Titan\)" <cxu@alcatel-lucent.com>
Date:	Mon, 12 Mar 2007 13:15:55 +0800
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	ipfilter-list@securepoint.com
In-reply-to:	<45F13FEE.3030201@reed.wattle.id.au>
References:	<6D185254B06A254782931A6D23662908A00CF9@CNEXC1U01.bj.lucent.com> <96C5020C866B5948A698DBF0F3208E4F0FADFB@CNEXC1U01.bj.lucent.com> <96C5020C866B5948A698DBF0F3208E4F3157C9@CNEXC1U01.bj.lucent.com> <45F13FEE.3030201@reed.wattle.id.au>
Sender:	owner-ipfilter@coombs.anu.edu.au
Thread-index:	AcdiOznj8epU54zWRfaK3+3cyz8ytwCKPDlA
Thread-topic:	ipfilter bug on tunnel interface?

I don't think that the tunnel names cause this problem. I tested again with 
following configurations. The pfil module will be pushed automatically during 
system boot-up. But the problem still exists.

Tunnel information:
---------------------------------------------------------
ip.tun172032018032: flags=10008d1<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST,IPv4> 
mtu 1480 index 2
        inet tunnel src 172.32.18.249 tunnel dst 172.32.18.32
        tunnel security settings  esp (aes-cbc/<any-none>)
        tunnel hop limit 60 
        inet 3.3.3.1 --> 4.4.4.1 netmask fffffffc 
ip.tun172032018033: flags=10008d1<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST,IPv4> 
mtu 1480 index 3
        inet tunnel src 172.32.18.249 tunnel dst 172.32.18.33
        tunnel security settings  esp (aes-cbc/<any-none>)
        tunnel hop limit 60 
        inet 3.3.3.2 --> 4.4.4.2 netmask fffffffc 
ip.tun172032018034: flags=10008d1<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST,IPv4> 
mtu 1480 index 4
        inet tunnel src 172.32.18.249 tunnel dst 172.32.18.34
        tunnel security settings  esp (aes-cbc/<any-none>)
        tunnel hop limit 60 
        inet 1.1.1.1 --> 2.2.2.1 netmask fffffffc 
ip.tun172032018035: flags=10008d1<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST,IPv4> 
mtu 1480 index 5
        inet tunnel src 172.32.18.249 tunnel dst 172.32.18.35
        tunnel security settings  esp (aes-cbc/<any-none>)
        tunnel hop limit 60 
        inet 1.1.1.2 --> 2.2.2.2 netmask fffffffc
----------------------------------------------------------

ndd information:
-----------------------------------------------------------
root> ndd /dev/pfil qif_status |grep tun
ip.tun172032018035 0x7006121c 0x7086f620 0x7086f6a4 0x0 3 800 0 5079 7448 0 0 0 
0 2368 0 0
ip.tun172032018034 0x7006139c 0x7086fd78 0x7086fdfc 0x0 2 800 52 11719 13687 0 
0 0 0 5 0 0
ip.tun172032018033 0x7006151c 0x7074a5f0 0x7074a674 0x0 1 800 52 560 600 0 0 0 
0 11 0 0
ip.tun172032018032 0x7006169c 0x7074aa58 0x7074aadc 0x0 0 800 52 559 598 0 0 0 
0 11 0 0
-----------------------------------------------------------


Thanks,
Titan

-----Original Message-----
From: Darren Reed [mailto:darrenr@reed.wattle.id.au] 
Sent: 2007年3月9日 19:07
To: Xu, Chun Gang (Titan)
Cc: ipfilter@coombs.anu.edu.au
Subject: Re: ipfilter bug on tunnel interface?

You need to use the interface name "ip.tun.pfil5",
which automatically pushes the pfil module for you.

Darren

<Prev in Thread]	Current Thread	[Next in Thread>
RE: ipfilter bug on tunnel interface?, Xu, Chun Gang \(Titan\) Re: ipfilter bug on tunnel interface?, Darren Reed RE: ipfilter bug on tunnel interface?, Xu, Chun Gang \(Titan\) <=

Previous by Date:	Re: ipfilter v4.1.8 && UDP (OpenVPN), Corey Johnston
Next by Date:	Solaris 10 crashes with ipf 4.1.19, dpkerr
Previous by Thread:	Re: ipfilter bug on tunnel interface?, Darren Reed
Next by Thread:	Kernel Panic !, Rabellino Sergio
Indexes:	[Date] [Thread] [Top] [All Lists]