From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alexander Samad Date: Tue, 12 Oct 2004 07:05:53 +0000 Subject: Re: [LARTC] Classful Queuing Message-Id: <20041012070553.GW522@samad.com.au> MIME-Version: 1 Content-Type: multipart/mixed; boundary="Uzkapz4/HjIvV4VZ" List-Id: References: <20041012010156.GY16095@cerberus> In-Reply-To: <20041012010156.GY16095@cerberus> To: lartc@vger.kernel.org --Uzkapz4/HjIvV4VZ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Oct 11, 2004 at 10:46:01PM -0500, rsenykoff@harrislogic.com wrote: > >But will the mark still exist after the encryption/encapsulation? > >>not so about ingres, but the marking stay with the packet after the enc > >>( well on 2.6 with native stack it does). I use this for marking > >>packets. >=20 > Isn't this going to depend on whether you are encrypting the whole packet= =20 > (VPN style) or just the data portion of the packet (SSL style)? I use it to mark parkets that are then esp enc. I am using in currently with 2.6 and native ipsec stack to mark all packets that come in as esp and then are de - enc, I allow these through the firewall. This was my way around the old the problem of how to setup the firewall when the ipsecX interface dissappeared. I beleive the packet is encaped in place not duplicate. Then the new packet is refeed back in to netfilter. Alex --Uzkapz4/HjIvV4VZ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBa4JRkZz88chpJ2MRAjYtAJ9Go2fuTefXXdCR3jE2fSj4lo0sKACfTDOx Sgd4ZtIArsMgQE5munz7CgE= =/aGK -----END PGP SIGNATURE----- --Uzkapz4/HjIvV4VZ-- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/