I'm using NanoBSD for branch office routers, I have like dozens of these. I'm using gre+ipsec to create a corporate VPN. After upgrade to r285595 ipsec stopped working. Symptoms: - SP are installed - SA are installed (ipsec-tools are used) - scheme is as follows: (A, FreeBSD) <=========ipsec/gre========> (B, nanobsd) B sends icmp via tunnel to A. A sees ipsec packets, successfully decrypts them and replies. B sees ipsec packets (correct SPIs and stuff) but sees nothing on the tunnel interface. The most interesting part is that A also runs same release as B, but on amd64. I've upgraded both systems to r286954, to resolve recent netstat issue, and, since it was related to i386 and ipsec somehow, to see if that would help - it didn't. When I disable ipsec (flush the SA and SP's for that particular tunnel on A and B) the tunnel begins to work.
Take it.
A commit references this bug: Author: ae Date: Wed Oct 28 17:55:37 UTC 2015 New revision: 290116 URL: https://svnweb.freebsd.org/changeset/base/290116 Log: Check the size of data available in mbuf, before using them. PR: 202667 MFC after: 1 week Changes: head/sys/net/if_gre.c
A commit references this bug: Author: ae Date: Wed Nov 4 10:42:51 UTC 2015 New revision: 290360 URL: https://svnweb.freebsd.org/changeset/base/290360 Log: MFC r290116: Check the size of data available in mbuf before using it. PR: 202667 Changes: _U stable/10/ stable/10/sys/net/if_gre.c
Fixed in head/ and stable/10. Thanks!