[LARTC] IPsec and u32 filters

[LARTC] IPsec and u32 filters

[Cord Buhlert]

Hi,
how can I filter IPsec traffic with u32 filters?
I know IPsec needs Port 500/UDP and IP protocols 50 and 51. I know how
to get the port stuff, but how can I make u32 to match the protocol
number?

thx,
cb
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IPsec and u32 filters

[Damion de Soto]

Cord Buhlert wrote:
> how can I filter IPsec traffic with u32 filters?
> I know IPsec needs Port 500/UDP and IP protocols 50 and 51. I know how
> to get the port stuff, but how can I make u32 to match the protocol
> number?
Same as matching tcp packets:

match ip protocol 0x32 0xff
(ESP proto 50)
or
match ip protocol 0x33 0xff
(AH proto 51)

regards

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Damion de Soto - Software Engineer  email:     damion@snapgear.com
SnapGear - A CyberGuard Company ---    ph:         +61 7 3435 2809
  | Custom Embedded Solutions          fax:         +61 7 3891 3630
  | and Security Appliances            web: http://www.snapgear.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  ---  Free Embedded Linux Distro at   http://www.snapgear.org  ---

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/