IPSEC traffic duplicated on interface.

From: Christiaan den Besten
Date: Sun Dec 26 2004 - 09:35:17 EST

Next message: bc.sampsonikfvifps: "FREE SEARCH of our Foreclosure Listings"
Previous message: M Benz: "is my RAID safe?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all !

Not really sure this is a kernel, or a netfilter issue, but posting anyway.

After trying to determine the 'overhead' of my ipsec traffic, I hit a rather annoying 'feature'.

(Using racoon ipsec with default debian-kernels 2.6.x kernels, but issue was with 2.4 as well if i remember correctly.)

Traffic on the outgoing interface (eth0) shows both the encapsulated as well as the non-encapsulated packets.

--- (tcpdump -i eth0 -n ) ---
15:24:20.003088 IP 172.20.40.45.45707 > 10.136.100.1.48193: . 297216:298592(1376) ack 1 win 5792 <nop,nop,timestamp 920412777 2654747912>
15:24:20.005095 IP 130.161.82.9 > 84.35.71.36: ESP(spi=0x080d4f70,seq=0x1de7c)
15:24:20.005095 IP 172.20.40.45.45707 > 10.136.100.1.48193: . 298592:299968(1376) ack 1 win 5792 <nop,nop,timestamp 920412777 2654747912>
15:24:20.005223 IP 84.35.71.36 > 130.161.82.9: ESP(spi=0x0451e539,seq=0xee8e)
---

Using default tools a la 'iptraf' count them both, so it would look like my adsl-line is doing 11Mbit :)

Is there any way to prevent the kernel from showing the data inside the tunnel ? (172.20.40.45 <> 10.136.100.1 is the tunneled traffic).

bye,
Chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: bc.sampsonikfvifps: "FREE SEARCH of our Foreclosure Listings"
Previous message: M Benz: "is my RAID safe?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]