All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] IPsec and u32 filters
@ 2004-01-22 11:33 Cord Buhlert
  2004-01-22 23:46 ` Damion de Soto
  0 siblings, 1 reply; 2+ messages in thread
From: Cord Buhlert @ 2004-01-22 11:33 UTC (permalink / raw)
  To: lartc

Hi,
how can I filter IPsec traffic with u32 filters?
I know IPsec needs Port 500/UDP and IP protocols 50 and 51. I know how
to get the port stuff, but how can I make u32 to match the protocol
number?

thx,
cb
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [LARTC] IPsec and u32 filters
  2004-01-22 11:33 [LARTC] IPsec and u32 filters Cord Buhlert
@ 2004-01-22 23:46 ` Damion de Soto
  0 siblings, 0 replies; 2+ messages in thread
From: Damion de Soto @ 2004-01-22 23:46 UTC (permalink / raw)
  To: lartc

Cord Buhlert wrote:
> how can I filter IPsec traffic with u32 filters?
> I know IPsec needs Port 500/UDP and IP protocols 50 and 51. I know how
> to get the port stuff, but how can I make u32 to match the protocol
> number?
Same as matching tcp packets:

match ip protocol 0x32 0xff
(ESP proto 50)
or
match ip protocol 0x33 0xff
(AH proto 51)

regards

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Damion de Soto - Software Engineer  email:     damion@snapgear.com
SnapGear - A CyberGuard Company ---    ph:         +61 7 3435 2809
  | Custom Embedded Solutions          fax:         +61 7 3891 3630
  | and Security Appliances            web: http://www.snapgear.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  ---  Free Embedded Linux Distro at   http://www.snapgear.org  ---

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-01-22 23:46 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-01-22 11:33 [LARTC] IPsec and u32 filters Cord Buhlert
2004-01-22 23:46 ` Damion de Soto

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.