Re: IPFilter 5.1.1 imported into current

To: Darren Reed <darrenr%netbsd.org@localhost>
Subject: Re: IPFilter 5.1.1 imported into current
From: Hubert Feyrer <hubert%feyrer.de@localhost>
Date: Mon, 30 Jan 2012 23:26:27 +0100 (CET)

On Tue, 31 Jan 2012, Darren Reed wrote:

I think that this requires something different as a requirement
here is to play with packets when they're passed to IPsec but
before they're encrypted. At present, IPFilter sees packets only
on input and output and at both points in the stack, the inner
packet will be encrypted, correct?

IIRC not - on sending, ip_output(?) is called once for the actual packetto send, and then it's handed - still unencrypted - to IPsec, which thencalls ip_output(?) again. Similar on input.



 - Hubert

References:
- IPFilter 5.1.1 imported into current
  - From: Darren Reed
- Re: IPFilter 5.1.1 imported into current
  - From: Hubert Feyrer
- Re: IPFilter 5.1.1 imported into current
  - From: Darren Reed

Prev by Date: Re: IPFilter 5.1.1 imported into current
Next by Date: Re: IPFilter 5.1.1 imported into current
Previous by Thread: Re: IPFilter 5.1.1 imported into current
Indexes:

Home | Main Index | Thread Index | Old Index