From mboxrd@z Thu Jan 1 00:00:00 1970 From: Raffaele Brancaleoni Date: Mon, 09 Jul 2001 18:26:47 +0000 Subject: Re: [LARTC] How to recognize a IPSEC packet ? Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To: lartc@vger.kernel.org Franck BALAZOT wrote: > Hi all, > > I want to make bandwidth management with CBQ (iproute2) > There is no problem to manage service like FTP, HTTP,... > We have an IPSEC VPN here, and I don't know how to reconignize IPSEC > packets to manage the VPN bandwith. > Is there a special port or something in the IP packet header that tells > "here is an IPSEC packet" ? > > Thanks, > ------------------------------------------------ > Franck BALAZOT (fbalazot@aeta.fr) > AETA.COM > 361, Avenue du G=E9n=E9ral De Gaulle > 92140 CLAMART > FRANCE > T=E9l:01.41.36.12.93 > ------------------------------------------------ > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Ro= uting/ Hi, >From what I remember, IPSec use port 500 TCP for IKE & protocol-ids for IPS= ec trafic are 50 (ESP) / 51 (AH) (stored in IP Header). This should allow you to recogniz= e the IPSec traffic with u32 filters. Hope this help ! Later, Raffaele. -- ____________________________________________________________________________ Raffaele Brancaleoni Email : s940195@student.ulg.ac.be Licence en Informatique Universit=E9 de Li=E8ge - Belgique ____________________________________________________________________________ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Rout= ing/