From nobody@FreeBSD.org  Sat Aug  5 09:02:42 2006
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AD94216A4DA
	for <freebsd-gnats-submit@FreeBSD.org>; Sat,  5 Aug 2006 09:02:42 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4078143D45
	for <freebsd-gnats-submit@FreeBSD.org>; Sat,  5 Aug 2006 09:02:42 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k7592fUR003991
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 5 Aug 2006 09:02:41 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id k7592fQh003990;
	Sat, 5 Aug 2006 09:02:41 GMT
	(envelope-from nobody)
Message-Id: <200608050902.k7592fQh003990@www.freebsd.org>
Date: Sat, 5 Aug 2006 09:02:41 GMT
From: Alexander Shkurko <read@midland.com.ua>
To: freebsd-gnats-submit@FreeBSD.org
Subject: some packets do not pass through IPSEC tunnel
X-Send-Pr-Version: www-2.3

>Number:         101400
>Category:       kern
>Synopsis:       [ipsec] some packets do not pass through IPSEC tunnel
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Aug 05 09:10:12 GMT 2006
>Closed-Date:    Mon Aug 21 13:05:09 GMT 2006
>Last-Modified:  Mon Aug 21 13:05:09 GMT 2006
>Originator:     Alexander Shkurko
>Release:        FreeBSD 6.1
>Organization:
>Environment:
FreeBSD mail.xxxxx.com.ua 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Wed May 31 15:49:03 UTC 2006     xxxxxxxxx@mail.xxxxx.com.ua:/usr/src/sys/i386/compile/xxxx  i386
>Description:
Problem appear when FreeBSd 5.2.1 was changed to FreeBSD 6.1 (not upgrade, change)
Use IPSEC in tunnel mode.
When ESP packet is fragmented and second part of packet is 24 bytes, packet dropped at remote side of tunnel.If size of second part of fragmented ESP packet is more or less size, packet pass. I test this in defferent servers in different countries with different pairs of servers.  i found that affected with problem: 
FreeBSD 6.1 with FreeBSD 6.1
FreeBSD 6.1 with FreeBSD 5.2.1

but
FreeBSD 5.2.1 with FreeBSD 5.2.1 not affected 

(in al examples configuration of IPSEC tunnel identical. I mean racoon.conf and IPSEC policy in kernel)
If you need some configuration files, i'm ready t&#1086; send it 

And finally i show dump.
when  i do 
ping -s 1424 -S 192.168.xx2.250 192.168.xx1.250
i have 
11:53:49.656190 IP (tos 0x0, ttl  57, id 3208, offset 0, flags [+], proto: ESP (50), length: 1500) mail.xxx1.com.ua > mail.xxx2.com.ua: ESP(spi=0x08933a69,seq=0x57c8), length 1480
11:53:49.658065 IP (tos 0x0, ttl  57, id 3208, offset 1480, flags [none], proto: ESP (50), length: 24) mail.xxx1.com.ua > mail.xxx2.com.ua: esp

Remote side receive ESP packets, but failed to get from it encrypted ICMP packet without any warning, simply dropped it.
>How-To-Repeat:
Run at one side of tunnel:
ping -s 1424 internal_ip_in_other_side_of_tunnel

In my case size of ICMP packet must to be from 1419 to 1426, if less or more - packet pass.
>Fix:

>Release-Note:
>Audit-Trail:

From: =?koi8-r?B?+8vV0svPIOHMxcvTwc7E0g==?= <read@midland.com.ua>
To: <bug-followup@FreeBSD.org>, <read@midland.com.ua>
Cc:  
Subject: Re: kern/101400: [ipsec] some packets do not pass through IPSEC tunnel
Date: Sat, 19 Aug 2006 15:21:54 +0300

 This is a multi-part message in MIME format.
 
 ------_=_NextPart_001_01C6C38A.0EBE7739
 Content-Type: text/plain;
 	charset="koi8-r"
 Content-Transfer-Encoding: quoted-printable
 
 After additional testing it was found out, that packets (not only ESP) =
 the certain size are lost all.
 
 If it is ICMP(as example) packet from 1473 to 1479 bytes we have lost =
 it.
 
 Examle:
 
 ping -s 1473 any_ip_address
 
 =20
 
 And I found that after 1480*x, where x=3D1,3,4,5,6... bytes we have the =
 same problem
 
 1480+1473=9A -=9A=9A 1480+1479=9A=9A=9A=9A=9A=9A=9A=9A=9A first range of =
 payload of ICMP packet
 
 1480*2+1473=9A - 1480*2+1479=9A=9A=9A=9A=9A second range of payload of =
 ICMP packet
 
 .........
 
 And so on
 
 =20
 
 If packets bigger or smaller=9A of that range - packets pass
 
 When problem exists I have kernel:
 
 diff -u ./GENERIC ./black
 
 --- ./GENERIC=9A=9A Mon May=9A 1 03:15:12 2006
 
 +++ ./black=9A=9A=9A=9A Sat Aug 19 10:51:09 2006
 
 @@ -22,7 +22,7 @@
 
 =9Acpu=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A I486_CPU
 
 =9Acpu=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A I586_CPU
 
 =9Acpu=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A I686_CPU
 
 -ident=9A=9A=9A=9A=9A=9A=9A=9A=9A GENERIC
 
 +ident=9A=9A=9A=9A=9A=9A=9A=9A=9A black
 
 =20
 
 =9A# To statically compile in device wiring instead of =
 /boot/device.hints
 
 =9A#hints=9A=9A=9A=9A=9A=9A=9A=9A =
 "GENERIC.hints"=9A=9A=9A=9A=9A=9A=9A=9A # Default places to look for =
 devices.
 
 @@ -33,7 +33,7 @@
 
 =9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 SCHED_4BSD=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # 4BSD scheduler
 
 =9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 PREEMPTION=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A =9A# Enable kernel thread =
 preemption
 
 =9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 INET=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # =
 InterNETworking
 
 -options=9A=9A=9A=9A=9A=9A=9A =
 INET6=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # IPv6 =
 communications protocols
 
 +#options=9A=9A=9A=9A=9A=9A =
 INET6=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # IPv6 =
 communications protocols
 
 =9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 FFS=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # =
 Berkeley Fast Filesystem
 
 =9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 SOFTUPDATES=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # Enable FFS soft =
 updates support
 
 =9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 UFS_ACL=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # Support for =
 access control lists
 
 @@ -279,3 +279,41 @@
 
 =9Adevice=9A=9A=9A=9A=9A=9A=9A=9A firewire=9A=9A=9A=9A=9A=9A=9A # =
 FireWire bus code
 
 =9Adevice=9A=9A=9A=9A=9A=9A=9A=9A =
 sbp=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # SCSI over FireWire (Requires =
 scbus and da)
 
 =9Adevice=9A=9A=9A=9A=9A=9A=9A=9A =
 fwe=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # Ethernet over FireWire =
 (non-standard!)
 
 +
 
 +#--------------------------------
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A =
 SMP=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A =9A=9A=9A=9A=9A# =
 Symmetric MultiProcessor Kernel
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPFIREWALL
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPFIREWALL_VERBOSE
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPFIREWALL_VERBOSE_LIMIT=3D100
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPFIREWALL_DEFAULT_TO_ACCEPT
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPDIVERT
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A TCP_DROP_SYNFIN
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPFILTER
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPFILTER_LOG
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A DUMMYNET
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A SC_HISTORY_SIZE=3D1000
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A PANIC_REBOOT_WAIT_TIME=3D120
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A SC_DISABLE_REBOOT
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPSEC
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPSEC_ESP
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPSEC_DEBUG
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPFIREWALL_FORWARD
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPFIREWALL_FORWARD_EXTENDED
 
 +
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A HZ=3D1000
 
 +
 
 +# pf otions
 
 +device pf
 
 +device pflog
 
 +device pfsync
 
 +
 
 +#ALTQ
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A ALTQ
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A ALTQ_CBQ=9A=9A=9A=9A=9A=9A=9A # Class =
 Bases Queueing
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A ALTQ_RED=9A=9A=9A=9A=9A=9A=9A # Random =
 Early Detection
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A ALTQ_RIO=9A=9A=9A=9A=9A=9A=9A # RED =
 In/Out
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A ALTQ_HFSC=9A=9A=9A=9A=9A=9A # =
 Hierarchical Packet Scheduler
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A ALTQ_CDNR=9A=9A=9A=9A =9A=9A# Traffic =
 conditioner
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A ALTQ_PRIQ=9A=9A=9A=9A=9A=9A # Priority =
 Queueing
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A ALTQ_NOPCC=9A=9A=9A=9A=9A # Required =
 for SMP build
 
 +
 
 =20
 
 But when I comment some lines from config problem with packets =
 disappear!
 
 diff -u ./GENERIC ./black
 
 --- ./GENERIC=9A=9A Mon May=9A 1 03:15:12 2006
 
 +++ ./black=9A=9A=9A=9A Sat Aug 19 10:51:09 2006
 
 @@ -22,7 +22,7 @@
 
 =9Acpu=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A I486_CPU
 
 =9Acpu=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A I586_CPU
 
 =9Acpu=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A I686_CPU
 
 -ident=9A=9A=9A=9A=9A=9A=9A=9A=9A GENERIC
 
 +ident=9A=9A=9A=9A=9A=9A=9A=9A=9A black
 
 =20
 
 =9A# To statically compile in device wiring instead of =
 /boot/device.hints
 
 =9A#hints=9A=9A=9A=9A=9A=9A=9A=9A =
 "GENERIC.hints"=9A=9A=9A=9A=9A=9A=9A=9A # Default places to look for =
 devices.
 
 @@ -33,7 +33,7 @@
 
 =9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 SCHED_4BSD=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # 4BSD scheduler
 
 =9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 PREEMPTION=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # Enable kernel thread =
 preemption
 
 =9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 INET=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # =
 InterNETworking
 
 -options=9A=9A=9A=9A=9A=9A=9A =
 INET6=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # IPv6 =
 communications protocols
 
 +#options=9A=9A=9A=9A=9A=9A =
 INET6=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A =9A=9A=9A=9A# IPv6 =
 communications protocols
 
 =9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 FFS=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # =
 Berkeley Fast Filesystem
 
 =9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 SOFTUPDATES=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # Enable FFS soft =
 updates support
 
 =9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 UFS_ACL=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # Support for =
 access control lists
 
 @@ -279,3 +279,41 @@
 
 =9Adevice=9A=9A=9A=9A=9A=9A=9A=9A firewire=9A=9A=9A=9A=9A=9A=9A # =
 FireWire bus code
 
 =9Adevice=9A=9A=9A=9A=9A=9A=9A=9A =
 sbp=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # SCSI over FireWire (Requires =
 scbus and da)
 
 =9Adevice=9A=9A=9A=9A=9A=9A=9A=9A =
 fwe=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # Ethernet over FireWire =
 (non-standard!)
 
 +
 
 +#--------------------------------
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A =
 SMP=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # =
 Symmetric MultiProcessor Kernel
 
 +#options=9A=9A=9A=9A=9A=9A=9A=9A IPFIREWALL
 
 +#options=9A=9A=9A=9A=9A=9A=9A=9A IPFIREWALL_VERBOSE
 
 +#options=9A=9A=9A=9A=9A=9A=9A=9A IPFIREWALL_VERBOSE_LIMIT=3D100
 
 +#options=9A=9A=9A=9A=9A=9A=9A=9A IPFIREWALL_DEFAULT_TO_ACCEPT
 
 +#options=9A=9A=9A=9A=9A=9A=9A=9A IPDIVERT
 
 +#options=9A=9A=9A=9A=9A=9A=9A=9A TCP_DROP_SYNFIN
 
 +#options=9A=9A=9A=9A=9A=9A=9A=9A IPFILTER
 
 +#options=9A=9A=9A=9A=9A=9A=9A=9A IPFILTER_LOG
 
 +#options=9A=9A=9A=9A=9A=9A=9A=9A DUMMYNET
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A SC_HISTORY_SIZE=3D1000
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A PANIC_REBOOT_WAIT_TIME=3D120
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A SC_DISABLE_REBOOT
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPSEC
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPSEC_ESP
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPSEC_DEBUG
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPFIREWALL_FORWARD
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPFIREWALL_FORWARD_EXTENDED
 
 +
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A HZ=3D1000
 
 +
 
 +# pf otions
 
 +device pf
 
 +device pflog
 
 +device pfsync
 
 +
 
 +#ALTQ
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A ALTQ
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A ALTQ_CBQ=9A=9A=9A=9A=9A=9A=9A # Class =
 Bases Queueing
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A ALTQ_RED=9A=9A=9A=9A=9A=9A=9A # Random =
 Early Detection
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A ALTQ_RIO=9A=9A=9A=9A=9A=9A=9A # RED =
 In/Out
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A ALTQ_HFSC=9A=9A=9A=9A=9A=9A # =
 Hierarchical Packet Scheduler
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A ALTQ_CDNR=9A=9A=9A=9A=9A=9A # Traffic =
 conditioner
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A ALTQ_PRIQ=9A=9A=9A=9A=9A=9A # Priority =
 Queueing
 
 +options=9A=9A=9A=9A=9A=9A=9A=9A ALTQ_NOPCC=9A=9A=9A=9A=9A # Required =
 for SMP build
 
 +
 
 
 ------_=_NextPart_001_01C6C38A.0EBE7739
 Content-Type: text/html;
 	charset="koi8-r"
 Content-Transfer-Encoding: quoted-printable
 
 <html xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
 xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
 xmlns=3D"http://www.w3.org/TR/REC-html40">
 
 <head>
 <meta http-equiv=3DContent-Type content=3D"text/html; charset=3Dkoi8-r">
 <meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)">
 <style>
 <!--
  /* Style Definitions */
  p.MsoNormal, li.MsoNormal, div.MsoNormal
 	{margin:0cm;
 	margin-bottom:.0001pt;
 	font-size:12.0pt;
 	font-family:"Times New Roman";}
 a:link, span.MsoHyperlink
 	{color:blue;
 	text-decoration:underline;}
 a:visited, span.MsoHyperlinkFollowed
 	{color:purple;
 	text-decoration:underline;}
 span.EmailStyle17
 	{mso-style-type:personal-compose;
 	font-family:Arial;
 	color:windowtext;}
 @page Section1
 	{size:595.3pt 841.9pt;
 	margin:2.0cm 42.5pt 2.0cm 3.0cm;}
 div.Section1
 	{page:Section1;}
 -->
 </style>
 
 </head>
 
 <body lang=3DRU link=3Dblue vlink=3Dpurple>
 
 <div class=3DSection1>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>After additional testing it was found out, =
 that
 packets (not only ESP) the certain size are lost =
 all.<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>If it is ICMP(as example) packet from 1473 to =
 1479
 bytes we have lost it.<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>Examle:<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>ping &#8211;s 1473 =
 any_ip_address<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>And I found that after =
 1480*x</span></font><font
 size=3D2 face=3DArial><span lang=3DUK =
 style=3D'font-size:10.0pt;font-family:Arial'>, </span></font><font
 size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:10.0pt;font-family:Arial'>where
 x=3D1</span></font><font size=3D2 face=3DArial><span lang=3DUK =
 style=3D'font-size:10.0pt;
 font-family:Arial'>,3,4,5,6&#8230;</span></font><font size=3D2 =
 face=3DArial><span
 lang=3DEN-US style=3D'font-size:10.0pt;font-family:Arial'> bytes we have =
 the same
 problem<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>1480+1473=9A -=9A=9A =
 1480+1479=9A=9A=9A=9A=9A=9A=9A=9A=9A first range of
 payload of ICMP packet<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>1480*2+1473=9A - 1480*2+1479=9A=9A=9A=9A=9A =
 second range of
 payload of ICMP packet<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>&#8230;&#8230;&#8230;<o:p></o:p></span></font><=
 /p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>And so on<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>If packets bigger or smaller=9A of that range =
 - packets
 pass<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>When problem exists I have =
 kernel:<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>diff -u ./GENERIC =
 ./black<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>--- ./GENERIC=9A=9A Mon May=9A 1 03:15:12 =
 2006<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+++ ./black=9A=9A=9A=9A Sat Aug 19 10:51:09 =
 2006<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>@@ -22,7 +22,7 @@<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>=9Acpu=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A =
 I486_CPU<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>=9Acpu=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A =
 I586_CPU<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>=9Acpu=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A =
 I686_CPU<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>-ident=9A=9A=9A=9A=9A=9A=9A=9A=9A =
 GENERIC<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+ident=9A=9A=9A=9A=9A=9A=9A=9A=9A =
 black<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>=9A# To statically compile in device wiring =
 instead of
 /boot/device.hints<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>=9A#hints=9A=9A=9A=9A=9A=9A=9A=9A =
 &quot;GENERIC.hints&quot;=9A=9A=9A=9A=9A=9A=9A=9A #
 Default places to look for devices.<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>@@ -33,7 +33,7 @@<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>=9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 SCHED_4BSD=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # 4BSD
 scheduler<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>=9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 PREEMPTION=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A =9A# Enable
 kernel thread preemption<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>=9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 INET=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A #
 InterNETworking<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>-options=9A=9A=9A=9A=9A=9A=9A =
 INET6=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # IPv6
 communications protocols<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+#options=9A=9A=9A=9A=9A=9A =
 INET6=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # IPv6
 communications protocols<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>=9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 FFS=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # =
 Berkeley
 Fast Filesystem<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>=9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 SOFTUPDATES=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # Enable FFS
 soft updates support<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>=9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 UFS_ACL=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # Support for
 access control lists<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>@@ -279,3 +279,41 =
 @@<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>=9Adevice=9A=9A=9A=9A=9A=9A=9A=9A =
 firewire=9A=9A=9A=9A=9A=9A=9A # FireWire bus =
 code<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>=9Adevice=9A=9A=9A=9A=9A=9A=9A=9A =
 sbp=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # SCSI over FireWire
 (Requires scbus and da)<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>=9Adevice=9A=9A=9A=9A=9A=9A=9A=9A =
 fwe=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # Ethernet over
 FireWire (non-standard!)<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+#--------------------------------<o:p></o:p></=
 span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 SMP=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A =9A=9A=9A=9A=9A# =
 Symmetric
 MultiProcessor Kernel<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 IPFIREWALL<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 IPFIREWALL_VERBOSE<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 IPFIREWALL_VERBOSE_LIMIT=3D100<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 IPFIREWALL_DEFAULT_TO_ACCEPT<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 IPDIVERT<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 TCP_DROP_SYNFIN<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DDE =
 style=3D'font-size:10.0pt;
 font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 IPFILTER<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DDE =
 style=3D'font-size:10.0pt;
 font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 IPFILTER_LOG<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DDE =
 style=3D'font-size:10.0pt;
 font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 DUMMYNET<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 SC_HISTORY_SIZE=3D1000<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 PANIC_REBOOT_WAIT_TIME=3D120<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 SC_DISABLE_REBOOT<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 IPSEC<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 IPSEC_ESP<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 IPSEC_DEBUG<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 IPFIREWALL_FORWARD<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 IPFIREWALL_FORWARD_EXTENDED<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 HZ=3D1000<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+# pf otions<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+device pf<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+device pflog<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+device pfsync<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+#ALTQ<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 ALTQ<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 ALTQ_CBQ=9A=9A=9A=9A=9A=9A=9A # Class Bases
 Queueing<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 ALTQ_RED=9A=9A=9A=9A=9A=9A=9A # Random Early
 Detection<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 ALTQ_RIO=9A=9A=9A=9A=9A=9A=9A # RED In/Out<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 ALTQ_HFSC=9A=9A=9A=9A=9A=9A # Hierarchical
 Packet Scheduler<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 ALTQ_CDNR=9A=9A=9A=9A =9A=9A# Traffic
 conditioner<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 ALTQ_PRIQ=9A=9A=9A=9A=9A=9A # Priority =
 Queueing<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 ALTQ_NOPCC=9A=9A=9A=9A=9A # Required for SMP
 build<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>But when I comment some lines from config =
 problem
 with packets disappear!<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>diff -u ./GENERIC =
 ./black<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>--- ./GENERIC=9A=9A Mon May=9A 1 03:15:12 =
 2006<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+++ ./black=9A=9A=9A=9A Sat Aug 19 10:51:09 =
 2006<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>@@ -22,7 +22,7 @@<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>=9Acpu=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A =
 I486_CPU<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>=9Acpu=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A =
 I586_CPU<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>=9Acpu=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A =
 I686_CPU<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>-ident=9A=9A=9A=9A=9A=9A=9A=9A=9A =
 GENERIC<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+ident=9A=9A=9A=9A=9A=9A=9A=9A=9A =
 black<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>=9A# To statically compile in device wiring =
 instead of
 /boot/device.hints<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>=9A#hints=9A=9A=9A=9A=9A=9A=9A=9A =
 &quot;GENERIC.hints&quot;=9A=9A=9A=9A=9A=9A=9A=9A #
 Default places to look for devices.<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>@@ -33,7 +33,7 @@<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>=9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 SCHED_4BSD=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # 4BSD
 scheduler<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>=9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 PREEMPTION=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # Enable
 kernel thread preemption<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>=9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 INET=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A #
 InterNETworking<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>-options=9A=9A=9A=9A=9A=9A=9A =
 INET6=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # IPv6
 communications protocols<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+#options=9A=9A=9A=9A=9A=9A =
 INET6=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A =9A=9A=9A=9A# IPv6
 communications protocols<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>=9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 FFS=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # =
 Berkeley
 Fast Filesystem<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>=9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 SOFTUPDATES=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # Enable FFS
 soft updates support<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>=9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 UFS_ACL=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # Support for
 access control lists<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>@@ -279,3 +279,41 =
 @@<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>=9Adevice=9A=9A=9A=9A=9A=9A=9A=9A =
 firewire=9A=9A=9A=9A=9A=9A=9A # FireWire bus =
 code<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>=9Adevice=9A=9A=9A=9A=9A=9A=9A=9A =
 sbp=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # SCSI over FireWire
 (Requires scbus and da)<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>=9Adevice=9A=9A=9A=9A=9A=9A=9A=9A =
 fwe=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # Ethernet over
 FireWire (non-standard!)<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+#--------------------------------<o:p></o:p></=
 span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 SMP=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # =
 Symmetric
 MultiProcessor Kernel<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+#options=9A=9A=9A=9A=9A=9A=9A=9A =
 IPFIREWALL<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+#options=9A=9A=9A=9A=9A=9A=9A=9A =
 IPFIREWALL_VERBOSE<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+#options=9A=9A=9A=9A=9A=9A=9A=9A =
 IPFIREWALL_VERBOSE_LIMIT=3D100<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+#options=9A=9A=9A=9A=9A=9A=9A=9A =
 IPFIREWALL_DEFAULT_TO_ACCEPT<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+#options=9A=9A=9A=9A=9A=9A=9A=9A =
 IPDIVERT<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+#options=9A=9A=9A=9A=9A=9A=9A=9A =
 TCP_DROP_SYNFIN<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DDE =
 style=3D'font-size:10.0pt;
 font-family:Arial'>+#options=9A=9A=9A=9A=9A=9A=9A=9A =
 IPFILTER<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DDE =
 style=3D'font-size:10.0pt;
 font-family:Arial'>+#options=9A=9A=9A=9A=9A=9A=9A=9A =
 IPFILTER_LOG<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DDE =
 style=3D'font-size:10.0pt;
 font-family:Arial'>+#options=9A=9A=9A=9A=9A=9A=9A=9A =
 DUMMYNET<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 SC_HISTORY_SIZE=3D1000<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 PANIC_REBOOT_WAIT_TIME=3D120<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 SC_DISABLE_REBOOT<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 IPSEC<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 IPSEC_ESP<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 IPSEC_DEBUG<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 IPFIREWALL_FORWARD<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 IPFIREWALL_FORWARD_EXTENDED<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 HZ=3D1000<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+# pf otions<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+device pf<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+device pflog<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+device pfsync<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+#ALTQ<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 ALTQ<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 ALTQ_CBQ=9A=9A=9A=9A=9A=9A=9A # Class Bases
 Queueing<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 ALTQ_RED=9A=9A=9A=9A=9A=9A=9A # Random Early
 Detection<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 ALTQ_RIO=9A=9A=9A=9A=9A=9A=9A # RED In/Out<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 ALTQ_HFSC=9A=9A=9A=9A=9A=9A # Hierarchical
 Packet Scheduler<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 ALTQ_CDNR=9A=9A=9A=9A=9A=9A # Traffic
 conditioner<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 ALTQ_PRIQ=9A=9A=9A=9A=9A=9A # Priority =
 Queueing<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+options=9A=9A=9A=9A=9A=9A=9A=9A =
 ALTQ_NOPCC=9A=9A=9A=9A=9A # Required for SMP
 build<o:p></o:p></span></font></p>
 
 <p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
 style=3D'font-size:
 10.0pt;font-family:Arial'>+<o:p></o:p></span></font></p>
 
 </div>
 
 </body>
 
 </html>
 
 ------_=_NextPart_001_01C6C38A.0EBE7739--

From: =?koi8-r?B?+8vV0svPIOHMxcvTwc7E0g==?= <read@midland.com.ua>
To: <bug-followup@FreeBSD.org>, <read@midland.com.ua>
Cc:  
Subject: Re: kern/101400: [ipsec] some packets do not pass through IPSEC tunnel
Date: Sat, 19 Aug 2006 15:37:30 +0300

 After additional testing it was found out, that packets (not only ESP) =
 the certain size are lost all.
 If it is ICMP(as example) packet from 1473 to 1479 bytes we have lost =
 it.
 Examle:
 ping -s 1473 any_ip_address
 
 And I found that after 1480*x, where x=3D1,3,4,5,6... bytes we have the =
 same problem
 1480+1473=9A -=9A=9A 1480+1479=9A=9A=9A=9A=9A=9A=9A=9A=9A first range of =
 payload of ICMP packet
 1480*2+1473=9A - 1480*2+1479=9A=9A=9A=9A=9A second range of payload of =
 ICMP packet
 .........
 And so on
 
 If packets bigger or smaller=9A of that range - packets pass
 When problem exists I have kernel:
 diff -u ./GENERIC ./black
 --- ./GENERIC=9A=9A Mon May=9A 1 03:15:12 2006
 +++ ./black=9A=9A=9A=9A Sat Aug 19 10:51:09 2006
 @@ -22,7 +22,7 @@
 =9Acpu=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A I486_CPU
 =9Acpu=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A I586_CPU
 =9Acpu=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A I686_CPU
 -ident=9A=9A=9A=9A=9A=9A=9A=9A=9A GENERIC
 +ident=9A=9A=9A=9A=9A=9A=9A=9A=9A black
 
 =9A# To statically compile in device wiring instead of =
 /boot/device.hints
 =9A#hints=9A=9A=9A=9A=9A=9A=9A=9A =
 "GENERIC.hints"=9A=9A=9A=9A=9A=9A=9A=9A # Default places to look for =
 devices.
 @@ -33,7 +33,7 @@
 =9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 SCHED_4BSD=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # 4BSD scheduler
 =9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 PREEMPTION=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A =9A# Enable kernel thread =
 preemption
 =9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 INET=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # =
 InterNETworking
 -options=9A=9A=9A=9A=9A=9A=9A =
 INET6=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # IPv6 =
 communications protocols
 +#options=9A=9A=9A=9A=9A=9A =
 INET6=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # IPv6 =
 communications protocols
 =9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 FFS=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # =
 Berkeley Fast Filesystem
 =9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 SOFTUPDATES=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # Enable FFS soft =
 updates support
 =9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 UFS_ACL=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # Support for =
 access control lists
 @@ -279,3 +279,41 @@
 =9Adevice=9A=9A=9A=9A=9A=9A=9A=9A firewire=9A=9A=9A=9A=9A=9A=9A # =
 FireWire bus code
 =9Adevice=9A=9A=9A=9A=9A=9A=9A=9A =
 sbp=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # SCSI over FireWire (Requires =
 scbus and da)
 =9Adevice=9A=9A=9A=9A=9A=9A=9A=9A =
 fwe=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # Ethernet over FireWire =
 (non-standard!)
 +
 +#--------------------------------
 +options=9A=9A=9A=9A=9A=9A=9A=9A =
 SMP=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A =9A=9A=9A=9A=9A# =
 Symmetric MultiProcessor Kernel
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPFIREWALL
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPFIREWALL_VERBOSE
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPFIREWALL_VERBOSE_LIMIT=3D100
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPFIREWALL_DEFAULT_TO_ACCEPT
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPDIVERT
 +options=9A=9A=9A=9A=9A=9A=9A=9A TCP_DROP_SYNFIN
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPFILTER
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPFILTER_LOG
 +options=9A=9A=9A=9A=9A=9A=9A=9A DUMMYNET
 +options=9A=9A=9A=9A=9A=9A=9A=9A SC_HISTORY_SIZE=3D1000
 +options=9A=9A=9A=9A=9A=9A=9A=9A PANIC_REBOOT_WAIT_TIME=3D120
 +options=9A=9A=9A=9A=9A=9A=9A=9A SC_DISABLE_REBOOT
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPSEC
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPSEC_ESP
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPSEC_DEBUG
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPFIREWALL_FORWARD
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPFIREWALL_FORWARD_EXTENDED
 +
 +options=9A=9A=9A=9A=9A=9A=9A=9A HZ=3D1000
 +
 +# pf otions
 +device pf
 +device pflog
 +device pfsync
 +
 +#ALTQ
 +options=9A=9A=9A=9A=9A=9A=9A=9A ALTQ
 +options=9A=9A=9A=9A=9A=9A=9A=9A ALTQ_CBQ=9A=9A=9A=9A=9A=9A=9A # Class =
 Bases Queueing
 +options=9A=9A=9A=9A=9A=9A=9A=9A ALTQ_RED=9A=9A=9A=9A=9A=9A=9A # Random =
 Early Detection
 +options=9A=9A=9A=9A=9A=9A=9A=9A ALTQ_RIO=9A=9A=9A=9A=9A=9A=9A # RED =
 In/Out
 +options=9A=9A=9A=9A=9A=9A=9A=9A ALTQ_HFSC=9A=9A=9A=9A=9A=9A # =
 Hierarchical Packet Scheduler
 +options=9A=9A=9A=9A=9A=9A=9A=9A ALTQ_CDNR=9A=9A=9A=9A =9A=9A# Traffic =
 conditioner
 +options=9A=9A=9A=9A=9A=9A=9A=9A ALTQ_PRIQ=9A=9A=9A=9A=9A=9A # Priority =
 Queueing
 +options=9A=9A=9A=9A=9A=9A=9A=9A ALTQ_NOPCC=9A=9A=9A=9A=9A # Required =
 for SMP build
 +
 
 But when I comment some lines from config problem with packets =
 disappear!
 diff -u ./GENERIC ./black
 --- ./GENERIC=9A=9A Mon May=9A 1 03:15:12 2006
 +++ ./black=9A=9A=9A=9A Sat Aug 19 10:51:09 2006
 @@ -22,7 +22,7 @@
 =9Acpu=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A I486_CPU
 =9Acpu=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A I586_CPU
 =9Acpu=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A I686_CPU
 -ident=9A=9A=9A=9A=9A=9A=9A=9A=9A GENERIC
 +ident=9A=9A=9A=9A=9A=9A=9A=9A=9A black
 
 =9A# To statically compile in device wiring instead of =
 /boot/device.hints
 =9A#hints=9A=9A=9A=9A=9A=9A=9A=9A =
 "GENERIC.hints"=9A=9A=9A=9A=9A=9A=9A=9A # Default places to look for =
 devices.
 @@ -33,7 +33,7 @@
 =9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 SCHED_4BSD=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # 4BSD scheduler
 =9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 PREEMPTION=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # Enable kernel thread =
 preemption
 =9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 INET=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # =
 InterNETworking
 -options=9A=9A=9A=9A=9A=9A=9A =
 INET6=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # IPv6 =
 communications protocols
 +#options=9A=9A=9A=9A=9A=9A =
 INET6=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A =9A=9A=9A=9A# IPv6 =
 communications protocols
 =9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 FFS=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # =
 Berkeley Fast Filesystem
 =9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 SOFTUPDATES=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # Enable FFS soft =
 updates support
 =9Aoptions=9A=9A=9A=9A=9A=9A=9A =
 UFS_ACL=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # Support for =
 access control lists
 @@ -279,3 +279,41 @@
 =9Adevice=9A=9A=9A=9A=9A=9A=9A=9A firewire=9A=9A=9A=9A=9A=9A=9A # =
 FireWire bus code
 =9Adevice=9A=9A=9A=9A=9A=9A=9A=9A =
 sbp=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # SCSI over FireWire (Requires =
 scbus and da)
 =9Adevice=9A=9A=9A=9A=9A=9A=9A=9A =
 fwe=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # Ethernet over FireWire =
 (non-standard!)
 +
 +#--------------------------------
 +options=9A=9A=9A=9A=9A=9A=9A=9A =
 SMP=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A=9A # =
 Symmetric MultiProcessor Kernel
 +#options=9A=9A=9A=9A=9A=9A=9A=9A IPFIREWALL
 +#options=9A=9A=9A=9A=9A=9A=9A=9A IPFIREWALL_VERBOSE
 +#options=9A=9A=9A=9A=9A=9A=9A=9A IPFIREWALL_VERBOSE_LIMIT=3D100
 +#options=9A=9A=9A=9A=9A=9A=9A=9A IPFIREWALL_DEFAULT_TO_ACCEPT
 +#options=9A=9A=9A=9A=9A=9A=9A=9A IPDIVERT
 +#options=9A=9A=9A=9A=9A=9A=9A=9A TCP_DROP_SYNFIN
 +#options=9A=9A=9A=9A=9A=9A=9A=9A IPFILTER
 +#options=9A=9A=9A=9A=9A=9A=9A=9A IPFILTER_LOG
 +#options=9A=9A=9A=9A=9A=9A=9A=9A DUMMYNET
 +options=9A=9A=9A=9A=9A=9A=9A=9A SC_HISTORY_SIZE=3D1000
 +options=9A=9A=9A=9A=9A=9A=9A=9A PANIC_REBOOT_WAIT_TIME=3D120
 +options=9A=9A=9A=9A=9A=9A=9A=9A SC_DISABLE_REBOOT
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPSEC
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPSEC_ESP
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPSEC_DEBUG
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPFIREWALL_FORWARD
 +options=9A=9A=9A=9A=9A=9A=9A=9A IPFIREWALL_FORWARD_EXTENDED
 +
 +options=9A=9A=9A=9A=9A=9A=9A=9A HZ=3D1000
 +
 +# pf otions
 +device pf
 +device pflog
 +device pfsync
 +
 +#ALTQ
 +options=9A=9A=9A=9A=9A=9A=9A=9A ALTQ
 +options=9A=9A=9A=9A=9A=9A=9A=9A ALTQ_CBQ=9A=9A=9A=9A=9A=9A=9A # Class =
 Bases Queueing
 +options=9A=9A=9A=9A=9A=9A=9A=9A ALTQ_RED=9A=9A=9A=9A=9A=9A=9A # Random =
 Early Detection
 +options=9A=9A=9A=9A=9A=9A=9A=9A ALTQ_RIO=9A=9A=9A=9A=9A=9A=9A # RED =
 In/Out
 +options=9A=9A=9A=9A=9A=9A=9A=9A ALTQ_HFSC=9A=9A=9A=9A=9A=9A # =
 Hierarchical Packet Scheduler
 +options=9A=9A=9A=9A=9A=9A=9A=9A ALTQ_CDNR=9A=9A=9A=9A=9A=9A # Traffic =
 conditioner
 +options=9A=9A=9A=9A=9A=9A=9A=9A ALTQ_PRIQ=9A=9A=9A=9A=9A=9A # Priority =
 Queueing
 +options=9A=9A=9A=9A=9A=9A=9A=9A ALTQ_NOPCC=9A=9A=9A=9A=9A # Required =
 for SMP build
 +
 
 

From: "Alexander Shkurko" <read@midland.com.ua>
To: <bug-followup@FreeBSD.org>, <read@midland.com.ua>
Cc:  
Subject: FW: Re: kern/101400: [ipsec] some packets do not pass through IPSEC tunnel
Date: Sat, 19 Aug 2006 19:31:16 +0300

 DQoNCkFmdGVyIGFkZGl0aW9uYWwgdGVzdGluZyBpdCB3YXMgZm91bmQgb3V0LCB0aGF0IHBhY2tl
 dHMgKG5vdCBvbmx5IEVTUCkgdGhlDQpjZXJ0YWluIHNpemUgYXJlIGxvc3QgYWxsLg0KSWYgaXQg
 aXMgSUNNUChhcyBleGFtcGxlKSBwYWNrZXQgZnJvbSAxNDczIHRvIDE0NzkgYnl0ZXMgd2UgaGF2
 ZSBsb3N0IGl0Lg0KRXhhbWxlOg0KcGluZyAtcyAxNDczIGFueV9pcF9hZGRyZXNzDQoNCkFuZCBJ
 IGZvdW5kIHRoYXQgYWZ0ZXIgMTQ4MCp4LCB3aGVyZSB4PTEsMyw0LDUsNjogYnl0ZXMgd2UgaGF2
 ZSB0aGUgc2FtZQ0KcHJvYmxlbQ0KMTQ4MCsxNDczmiAtmpogMTQ4MCsxNDc5mpqampqampqaIGZp
 cnN0IHJhbmdlIG9mIHBheWxvYWQgb2YgSUNNUCBwYWNrZXQNCjE0ODAqMisxNDczmiAtIDE0ODAq
 MisxNDc5mpqampogc2Vjb25kIHJhbmdlIG9mIHBheWxvYWQgb2YgSUNNUCBwYWNrZXQNCjo6Og0K
 QW5kIHNvIG9uDQoNCklmIHBhY2tldHMgYmlnZ2VyIG9yIHNtYWxsZXKaIG9mIHRoYXQgcmFuZ2Ug
 LSBwYWNrZXRzIHBhc3MNCldoZW4gcHJvYmxlbSBleGlzdHMgSSBoYXZlIGtlcm5lbDoNCmRpZmYg
 LXUgLi9HRU5FUklDIC4vYmxhY2sNCi0tLSAuL0dFTkVSSUOamiBNb24gTWF5miAxIDAzOjE1OjEy
 IDIwMDYNCisrKyAuL2JsYWNrmpqamiBTYXQgQXVnIDE5IDEwOjUxOjA5IDIwMDYNCkBAIC0yMiw3
 ICsyMiw3IEBADQqaY3B1mpqampqampqampogSTQ4Nl9DUFUNCppjcHWampqampqampqamiBJNTg2
 X0NQVQ0KmmNwdZqampqampqampqaIEk2ODZfQ1BVDQotaWRlbnSampqampqampogR0VORVJJQw0K
 K2lkZW50mpqampqampqaIGJsYWNrDQoNCpojIFRvIHN0YXRpY2FsbHkgY29tcGlsZSBpbiBkZXZp
 Y2Ugd2lyaW5nIGluc3RlYWQgb2YgL2Jvb3QvZGV2aWNlLmhpbnRzDQqaI2hpbnRzmpqampqampog
 IkdFTkVSSUMuaGludHMimpqampqampogIyBEZWZhdWx0IHBsYWNlcyB0byBsb29rIGZvcg0KZGV2
 aWNlcy4NCkBAIC0zMyw3ICszMyw3IEBADQqab3B0aW9uc5qampqampogU0NIRURfNEJTRJqampqa
 mpqampqampogIyA0QlNEIHNjaGVkdWxlcg0Kmm9wdGlvbnOampqampqaIFBSRUVNUFRJT06ampqa
 mpqampqampogmiMgRW5hYmxlIGtlcm5lbCB0aHJlYWQgcHJlZW1wdGlvbg0Kmm9wdGlvbnOampqa
 mpqaIElORVSampqampqampqampqampqampqaICMgSW50ZXJORVR3b3JraW5nDQotb3B0aW9uc5qa
 mpqampogSU5FVDaampqampqampqampqampqampogIyBJUHY2IGNvbW11bmljYXRpb25zIHByb3Rv
 Y29scw0KKyNvcHRpb25zmpqampqaIElORVQ2mpqampqampqampqampqampqaICMgSVB2NiBjb21t
 dW5pY2F0aW9ucyBwcm90b2NvbHMNCppvcHRpb25zmpqampqamiBGRlOampqampqampqampqampqa
 mpqamiAjIEJlcmtlbGV5IEZhc3QgRmlsZXN5c3RlbQ0Kmm9wdGlvbnOampqampqaIFNPRlRVUERB
 VEVTmpqampqampqampqaICMgRW5hYmxlIEZGUyBzb2Z0IHVwZGF0ZXMgc3VwcG9ydA0Kmm9wdGlv
 bnOampqampqaIFVGU19BQ0yampqampqampqampqampqaICMgU3VwcG9ydCBmb3IgYWNjZXNzIGNv
 bnRyb2wgbGlzdHMNCkBAIC0yNzksMyArMjc5LDQxIEBADQqaZGV2aWNlmpqampqampogZmlyZXdp
 cmWampqampqaICMgRmlyZVdpcmUgYnVzIGNvZGUNCppkZXZpY2WampqampqamiBzYnCampqampqa
 mpqampogIyBTQ1NJIG92ZXIgRmlyZVdpcmUgKFJlcXVpcmVzIHNjYnVzIGFuZCBkYSkNCppkZXZp
 Y2WampqampqamiBmd2WampqampqampqampogIyBFdGhlcm5ldCBvdmVyIEZpcmVXaXJlIChub24t
 c3RhbmRhcmQhKQ0KKw0KKyMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KK29wdGlv
 bnOampqampqamiBTTVCampqampqampqampqampogmpqampojIFN5bW1ldHJpYyBNdWx0aVByb2Nl
 c3NvciBLZXJuZWwNCitvcHRpb25zmpqampqampogSVBGSVJFV0FMTA0KK29wdGlvbnOampqampqa
 miBJUEZJUkVXQUxMX1ZFUkJPU0UNCitvcHRpb25zmpqampqampogSVBGSVJFV0FMTF9WRVJCT1NF
 X0xJTUlUPTEwMA0KK29wdGlvbnOampqampqamiBJUEZJUkVXQUxMX0RFRkFVTFRfVE9fQUNDRVBU
 DQorb3B0aW9uc5qampqampqaIElQRElWRVJUDQorb3B0aW9uc5qampqampqaIFRDUF9EUk9QX1NZ
 TkZJTg0KK29wdGlvbnOampqampqamiBJUEZJTFRFUg0KK29wdGlvbnOampqampqamiBJUEZJTFRF
 Ul9MT0cNCitvcHRpb25zmpqampqampogRFVNTVlORVQNCitvcHRpb25zmpqampqampogU0NfSElT
 VE9SWV9TSVpFPTEwMDANCitvcHRpb25zmpqampqampogUEFOSUNfUkVCT09UX1dBSVRfVElNRT0x
 MjANCitvcHRpb25zmpqampqampogU0NfRElTQUJMRV9SRUJPT1QNCitvcHRpb25zmpqampqampog
 SVBTRUMNCitvcHRpb25zmpqampqampogSVBTRUNfRVNQDQorb3B0aW9uc5qampqampqaIElQU0VD
 X0RFQlVHDQorb3B0aW9uc5qampqampqaIElQRklSRVdBTExfRk9SV0FSRA0KK29wdGlvbnOampqa
 mpqamiBJUEZJUkVXQUxMX0ZPUldBUkRfRVhURU5ERUQNCisNCitvcHRpb25zmpqampqampogSFo9
 MTAwMA0KKw0KKyMgcGYgb3Rpb25zDQorZGV2aWNlIHBmDQorZGV2aWNlIHBmbG9nDQorZGV2aWNl
 IHBmc3luYw0KKw0KKyNBTFRRDQorb3B0aW9uc5qampqampqaIEFMVFENCitvcHRpb25zmpqampqa
 mpogQUxUUV9DQlGampqampqaICMgQ2xhc3MgQmFzZXMgUXVldWVpbmcNCitvcHRpb25zmpqampqa
 mpogQUxUUV9SRUSampqampqaICMgUmFuZG9tIEVhcmx5IERldGVjdGlvbg0KK29wdGlvbnOampqa
 mpqamiBBTFRRX1JJT5qampqampogIyBSRUQgSW4vT3V0DQorb3B0aW9uc5qampqampqaIEFMVFFf
 SEZTQ5qampqamiAjIEhpZXJhcmNoaWNhbCBQYWNrZXQgU2NoZWR1bGVyDQorb3B0aW9uc5qampqa
 mpqaIEFMVFFfQ0ROUpqampogmpojIFRyYWZmaWMgY29uZGl0aW9uZXINCitvcHRpb25zmpqampqa
 mpogQUxUUV9QUklRmpqampqaICMgUHJpb3JpdHkgUXVldWVpbmcNCitvcHRpb25zmpqampqampog
 QUxUUV9OT1BDQ5qampqaICMgUmVxdWlyZWQgZm9yIFNNUCBidWlsZA0KKw0KDQpCdXQgd2hlbiBJ
 IGNvbW1lbnQgc29tZSBsaW5lcyBmcm9tIGNvbmZpZyBwcm9ibGVtIHdpdGggcGFja2V0cyBkaXNh
 cHBlYXIhDQpkaWZmIC11IC4vR0VORVJJQyAuL2JsYWNrDQotLS0gLi9HRU5FUklDmpogTW9uIE1h
 eZogMSAwMzoxNToxMiAyMDA2DQorKysgLi9ibGFja5qampogU2F0IEF1ZyAxOSAxMDo1MTowOSAy
 MDA2DQpAQCAtMjIsNyArMjIsNyBAQA0KmmNwdZqampqampqampqaIEk0ODZfQ1BVDQqaY3B1mpqa
 mpqampqampogSTU4Nl9DUFUNCppjcHWampqampqampqamiBJNjg2X0NQVQ0KLWlkZW50mpqampqa
 mpqaIEdFTkVSSUMNCitpZGVudJqampqampqamiBibGFjaw0KDQqaIyBUbyBzdGF0aWNhbGx5IGNv
 bXBpbGUgaW4gZGV2aWNlIHdpcmluZyBpbnN0ZWFkIG9mIC9ib290L2RldmljZS5oaW50cw0KmiNo
 aW50c5qampqampqaICJHRU5FUklDLmhpbnRzIpqampqampqaICMgRGVmYXVsdCBwbGFjZXMgdG8g
 bG9vayBmb3INCmRldmljZXMuDQpAQCAtMzMsNyArMzMsNyBAQA0Kmm9wdGlvbnOampqampqaIFND
 SEVEXzRCU0SampqampqampqampqaICMgNEJTRCBzY2hlZHVsZXINCppvcHRpb25zmpqampqamiBQ
 UkVFTVBUSU9OmpqampqampqampqamiAjIEVuYWJsZSBrZXJuZWwgdGhyZWFkIHByZWVtcHRpb24N
 CppvcHRpb25zmpqampqamiBJTkVUmpqampqampqampqampqampqamiAjIEludGVyTkVUd29ya2lu
 Zw0KLW9wdGlvbnOampqampqaIElORVQ2mpqampqampqampqampqampqaICMgSVB2NiBjb21tdW5p
 Y2F0aW9ucyBwcm90b2NvbHMNCisjb3B0aW9uc5qampqamiBJTkVUNpqampqampqampqampqaIJqa
 mpojIElQdjYgY29tbXVuaWNhdGlvbnMgcHJvdG9jb2xzDQqab3B0aW9uc5qampqampogRkZTmpqa
 mpqampqampqampqampqampogIyBCZXJrZWxleSBGYXN0IEZpbGVzeXN0ZW0NCppvcHRpb25zmpqa
 mpqamiBTT0ZUVVBEQVRFU5qampqampqampqamiAjIEVuYWJsZSBGRlMgc29mdCB1cGRhdGVzIHN1
 cHBvcnQNCppvcHRpb25zmpqampqamiBVRlNfQUNMmpqampqampqampqampqamiAjIFN1cHBvcnQg
 Zm9yIGFjY2VzcyBjb250cm9sIGxpc3RzDQpAQCAtMjc5LDMgKzI3OSw0MSBAQA0KmmRldmljZZqa
 mpqampqaIGZpcmV3aXJlmpqampqamiAjIEZpcmVXaXJlIGJ1cyBjb2RlDQqaZGV2aWNlmpqampqa
 mpogc2JwmpqampqampqampqaICMgU0NTSSBvdmVyIEZpcmVXaXJlIChSZXF1aXJlcyBzY2J1cyBh
 bmQgZGEpDQqaZGV2aWNlmpqampqampogZndlmpqampqampqampqaICMgRXRoZXJuZXQgb3ZlciBG
 aXJlV2lyZSAobm9uLXN0YW5kYXJkISkNCisNCisjLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
 LS0tLS0NCitvcHRpb25zmpqampqampogU01QmpqampqampqampqampqampqampogIyBTeW1tZXRy
 aWMgTXVsdGlQcm9jZXNzb3IgS2VybmVsDQorI29wdGlvbnOampqampqamiBJUEZJUkVXQUxMDQor
 I29wdGlvbnOampqampqamiBJUEZJUkVXQUxMX1ZFUkJPU0UNCisjb3B0aW9uc5qampqampqaIElQ
 RklSRVdBTExfVkVSQk9TRV9MSU1JVD0xMDANCisjb3B0aW9uc5qampqampqaIElQRklSRVdBTExf
 REVGQVVMVF9UT19BQ0NFUFQNCisjb3B0aW9uc5qampqampqaIElQRElWRVJUDQorI29wdGlvbnOa
 mpqampqamiBUQ1BfRFJPUF9TWU5GSU4NCisjb3B0aW9uc5qampqampqaIElQRklMVEVSDQorI29w
 dGlvbnOampqampqamiBJUEZJTFRFUl9MT0cNCisjb3B0aW9uc5qampqampqaIERVTU1ZTkVUDQor
 b3B0aW9uc5qampqampqaIFNDX0hJU1RPUllfU0laRT0xMDAwDQorb3B0aW9uc5qampqampqaIFBB
 TklDX1JFQk9PVF9XQUlUX1RJTUU9MTIwDQorb3B0aW9uc5qampqampqaIFNDX0RJU0FCTEVfUkVC
 T09UDQorb3B0aW9uc5qampqampqaIElQU0VDDQorb3B0aW9uc5qampqampqaIElQU0VDX0VTUA0K
 K29wdGlvbnOampqampqamiBJUFNFQ19ERUJVRw0KK29wdGlvbnOampqampqamiBJUEZJUkVXQUxM
 X0ZPUldBUkQNCitvcHRpb25zmpqampqampogSVBGSVJFV0FMTF9GT1JXQVJEX0VYVEVOREVEDQor
 DQorb3B0aW9uc5qampqampqaIEhaPTEwMDANCisNCisjIHBmIG90aW9ucw0KK2RldmljZSBwZg0K
 K2RldmljZSBwZmxvZw0KK2RldmljZSBwZnN5bmMNCisNCisjQUxUUQ0KK29wdGlvbnOampqampqa
 miBBTFRRDQorb3B0aW9uc5qampqampqaIEFMVFFfQ0JRmpqampqamiAjIENsYXNzIEJhc2VzIFF1
 ZXVlaW5nDQorb3B0aW9uc5qampqampqaIEFMVFFfUkVEmpqampqamiAjIFJhbmRvbSBFYXJseSBE
 ZXRlY3Rpb24NCitvcHRpb25zmpqampqampogQUxUUV9SSU+ampqampqaICMgUkVEIEluL091dA0K
 K29wdGlvbnOampqampqamiBBTFRRX0hGU0OampqampogIyBIaWVyYXJjaGljYWwgUGFja2V0IFNj
 aGVkdWxlcg0KK29wdGlvbnOampqampqamiBBTFRRX0NETlKampqampogIyBUcmFmZmljIGNvbmRp
 dGlvbmVyDQorb3B0aW9uc5qampqampqaIEFMVFFfUFJJUZqampqamiAjIFByaW9yaXR5IFF1ZXVl
 aW5nDQorb3B0aW9uc5qampqampqaIEFMVFFfTk9QQ0OampqamiAjIFJlcXVpcmVkIGZvciBTTVAg
 YnVpbGQNCisNCg==
 

From: read@midland.com.ua
To: undisclosed-recipients:;
Cc:  
Subject: Re: kern/101400: [ipsec] some packets do not pass through IPSEC tunnel
Date: Mon, 21 Aug 2006 15:50:12 +0300 (EEST)

 Close this PR, because problem was in something else (see http://www.freebsd.org/cgi/query-pr.cgi?pr=102344) 
State-Changed-From-To: open->closed 
State-Changed-By: maxim 
State-Changed-When: Mon Aug 21 13:04:22 UTC 2006 
State-Changed-Why:  
Closed by the submitter's request.  Superseded by kern/102344. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=101400 
>Unformatted:
