From mboxrd@z Thu Jan  1 00:00:00 1970
From: Damion de Soto <damion@snapgear.com>
Date: Thu, 22 Jan 2004 23:46:32 +0000
Subject: Re: [LARTC] IPsec and u32 filters
Message-Id: <401060D8.6080301@snapgear.com>
List-Id: <lartc.vger.kernel.org>
References: <20040122113316.GA2014@keppler.vrg.de>
In-Reply-To: <20040122113316.GA2014@keppler.vrg.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Cord Buhlert wrote:
> how can I filter IPsec traffic with u32 filters?
> I know IPsec needs Port 500/UDP and IP protocols 50 and 51. I know how
> to get the port stuff, but how can I make u32 to match the protocol
> number?
Same as matching tcp packets:

match ip protocol 0x32 0xff
(ESP proto 50)
or
match ip protocol 0x33 0xff
(AH proto 51)

regards

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Damion de Soto - Software Engineer  email:     damion@snapgear.com
SnapGear - A CyberGuard Company ---    ph:         +61 7 3435 2809
  | Custom Embedded Solutions          fax:         +61 7 3891 3630
  | and Security Appliances            web: http://www.snapgear.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  ---  Free Embedded Linux Distro at   http://www.snapgear.org  ---

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/