The interface does not change,
so how can I see in netfilter if a packet
came in encrypted and got decrypted,
or if it came in unencrypted?
with freeswan ipsec the packet had an incoming interfaces "ipsec0"
that could be matched for this purpose.
Also packets seem to be processed:
- transport mode:
2 times by INCOMING, both with proto=AH, different length
- tunnel mode:
2 times INCOMING (first proto=AH then proto=ESP) and then INCOMING
or FORWARD with the tcp/udp/icmp packet.
However the other way I see packets only once, in OUTGOING or FORWARD
without any encryption.
Is it meant to be that way?
Regards, Andreas
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
This archive was generated by hypermail 2b29 : Fri May 23 2003 - 22:00:01 EST