RE: ipfilter bug on tunnel interface?

This is a discussion on RE: ipfilter bug on tunnel interface? within the IPFilter forums, part of the System Security and Security Related category; I don't think that the tunnel names cause this problem. I tested again with following configurations. The pfil module ...


Go Back   Usenet Forums > System Security and Security Related > IPFilter

Reload this Page RE: ipfilter bug on tunnel interface?

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 03-12-2007
Xu, Chun Gang \
 
Posts: n/a
Default RE: ipfilter bug on tunnel interface?

I don't think that the tunnel names cause this problem. I tested again with following configurations. The pfil module will be pushed automatically during system boot-up. But the problem still exists.

Tunnel information:
---------------------------------------------------------
ip.tun172032018032: flags=10008d1<UP,POINTOPOINT,RUNNING,NOARP,MULTICA ST,IPv4> mtu 1480 index 2
inet tunnel src 172.32.18.249 tunnel dst 172.32.18.32
tunnel security settings esp (aes-cbc/<any-none>)
tunnel hop limit 60
inet 3.3.3.1 --> 4.4.4.1 netmask fffffffc
ip.tun172032018033: flags=10008d1<UP,POINTOPOINT,RUNNING,NOARP,MULTICA ST,IPv4> mtu 1480 index 3
inet tunnel src 172.32.18.249 tunnel dst 172.32.18.33
tunnel security settings esp (aes-cbc/<any-none>)
tunnel hop limit 60
inet 3.3.3.2 --> 4.4.4.2 netmask fffffffc
ip.tun172032018034: flags=10008d1<UP,POINTOPOINT,RUNNING,NOARP,MULTICA ST,IPv4> mtu 1480 index 4
inet tunnel src 172.32.18.249 tunnel dst 172.32.18.34
tunnel security settings esp (aes-cbc/<any-none>)
tunnel hop limit 60
inet 1.1.1.1 --> 2.2.2.1 netmask fffffffc
ip.tun172032018035: flags=10008d1<UP,POINTOPOINT,RUNNING,NOARP,MULTICA ST,IPv4> mtu 1480 index 5
inet tunnel src 172.32.18.249 tunnel dst 172.32.18.35
tunnel security settings esp (aes-cbc/<any-none>)
tunnel hop limit 60
inet 1.1.1.2 --> 2.2.2.2 netmask fffffffc
----------------------------------------------------------

ndd information:
-----------------------------------------------------------
root> ndd /dev/pfil qif_status |grep tun
ip.tun172032018035 0x7006121c 0x7086f620 0x7086f6a4 0x0 3 800 0 5079 7448 0 0 0 0 2368 0 0
ip.tun172032018034 0x7006139c 0x7086fd78 0x7086fdfc 0x0 2 800 52 11719 13687 0 0 0 0 5 0 0
ip.tun172032018033 0x7006151c 0x7074a5f0 0x7074a674 0x0 1 800 52 560 600 0 0 0 0 11 0 0
ip.tun172032018032 0x7006169c 0x7074aa58 0x7074aadc 0x0 0 800 52 559 598 0 0 0 0 11 0 0
-----------------------------------------------------------


Thanks,
Titan

-----Original Message-----
From: Darren Reed [mailto:darrenr@reed.wattle.id.au]
Sent: 2007Äê3ÔÂ9ÈÕ 19:07
To: Xu, Chun Gang (Titan)
Cc: ipfilter@coombs.anu.edu.au
Subject: Re: ipfilter bug on tunnel interface?

You need to use the interface name "ip.tun.pfil5",
which automatically pushes the pfil module for you.

Darren


Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 04:53 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0