* [2.5] ipsec + iptables
@ 2002-11-30 11:11 Gerd Knorr
0 siblings, 0 replies; only message in thread
From: Gerd Knorr @ 2002-11-30 11:11 UTC (permalink / raw)
To: Kernel List
Hi *,
Is there any documentation on how the new 2.5 ipsec plays together with
itables? How do ipsec packets traverse the tables? Where is the
encryption/decryption of the packets done? In transport mode? In
tunnel mode?
The freeswan documentation is quite clear about this: For example
incoming packets: The paket filters see the packets twice: Once from
the physical device (eth0, ppp0, whatever), with data still encrypted
and protocol 50/51, and once from the attached virtual ipsec<n> device,
after decryption in cleartext (so iptables actually sees what tcp/udp
port it is addressed to, ...).
How does the new ipsec code work compared to that? Probably different
as there is no virtual ipsec<n> device any more, but how exactly?
Gerd
--
You can't please everybody. And usually if you _try_ to please
everybody, the end result is one big mess.
-- Linus Torvalds, 2002-04-20
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2002-11-30 11:32 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-11-30 11:11 [2.5] ipsec + iptables Gerd Knorr
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.