Hi *,
Is there any documentation on how the new 2.5 ipsec plays together with
itables? How do ipsec packets traverse the tables? Where is the
encryption/decryption of the packets done? In transport mode? In
tunnel mode?
The freeswan documentation is quite clear about this: For example
incoming packets: The paket filters see the packets twice: Once from
the physical device (eth0, ppp0, whatever), with data still encrypted
and protocol 50/51, and once from the attached virtual ipsec<n> device,
after decryption in cleartext (so iptables actually sees what tcp/udp
port it is addressed to, ...).
How does the new ipsec code work compared to that? Probably different
as there is no virtual ipsec<n> device any more, but how exactly?
Gerd
-- You can't please everybody. And usually if you _try_ to please everybody, the end result is one big mess. -- Linus Torvalds, 2002-04-20 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Nov 30 2002 - 22:00:24 EST