Mark ESP packets

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* Mark ESP packets
@ 2011-08-12 14:03 Stephen Clark
  2011-08-12 14:04 ` Jan Engelhardt
  0 siblings, 1 reply; 3+ messages in thread
From: Stephen Clark @ 2011-08-12 14:03 UTC (permalink / raw)
  To: Netfilter Developer Mailing List

Hello,

Is it possible to mark esp packets so they can be identified when the 
re-traverse netfilter as unencrypted packets?


Thank,
Steve

-- 

"They that give up essential liberty to obtain temporary safety,
deserve neither liberty nor safety."  (Ben Franklin)

"The course of history shows that as a government grows, liberty
decreases."  (Thomas Jefferson)




^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Mark ESP packets
  2011-08-12 14:03 Mark ESP packets Stephen Clark
@ 2011-08-12 14:04 ` Jan Engelhardt
  2011-08-12 18:58   ` Stephen Clark
  0 siblings, 1 reply; 3+ messages in thread
From: Jan Engelhardt @ 2011-08-12 14:04 UTC (permalink / raw)
  To: Stephen Clark; +Cc: Netfilter Developer Mailing List

On Friday 2011-08-12 16:03, Stephen Clark wrote:

> Hello,
>
> Is it possible to mark esp packets so they can be identified when the
> re-traverse netfilter as unencrypted packets?

It should be, as the skb remains the same.
Or you could also use -m policy --dir in --proto esp on unencrypted 
packets.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Mark ESP packets
  2011-08-12 14:04 ` Jan Engelhardt
@ 2011-08-12 18:58   ` Stephen Clark
  0 siblings, 0 replies; 3+ messages in thread
From: Stephen Clark @ 2011-08-12 18:58 UTC (permalink / raw)
  To: Jan Engelhardt; +Cc: Netfilter Developer Mailing List

On 08/12/2011 10:04 AM, Jan Engelhardt wrote:
> -m policy --dir in --proto esp
Thanks Jan,

This appears to work.

-- 

"They that give up essential liberty to obtain temporary safety,
deserve neither liberty nor safety."  (Ben Franklin)

"The course of history shows that as a government grows, liberty
decreases."  (Thomas Jefferson)




^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2011-08-12 19:21 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-08-12 14:03 Mark ESP packets Stephen Clark
2011-08-12 14:04 ` Jan Engelhardt
2011-08-12 18:58   ` Stephen Clark

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).