On Mon, 21 Apr 2003 itojun@iijlab.net wrote:

> >> 	any interesting values on netstat -sn?
> >Ah, an excellent thought! The ip "with data size < data length" one is
> >incrementing for every packet that comes back via the GRE. I wonder if
> >I screwed up the patch somehow? I've appended a diff; perhaps you could
> >look it over and see if I missed something.
>
> >+	m_adj(m, hlen);
> > 	m->m_pkthdr.len -= hlen;	<-- maybe this line is redundant.

Yes, that seems to do the trick. I now receive ESP+GRE and AH+ESP+GRE
packets at the host with the fixed kernel, and they are dencapsualted
and routed properly. Do you want to make commit this patch and submit a
request for a pullup, or shall I do it?

I still don't understand why IPSec + gif is not working, however.

cjs
-- 
Curt Sampson  <cjs@cynic.net>   +81 90 7737 2974   http://www.netbsd.org
    Don't you know, in this new Dark Age, we're all light.  --XTC