Subject: Dumping encrypted and unencrypted packets when using IPSec
To: None <tech-net@NetBSD.org>
From: Curt Sampson <cjs@cynic.net>
List: tech-net
Date: 04/09/2004 15:39:30
I had an incident a while back where I was using IPSec on a machine,
but wanted to be able to monitor the packets being received after
decryption, which I couldn't do. I think Darren Reed proposed a solution
for this, but there doesn't seem to have been much followup. (Well, I
certainly haven't followed it up.) Has anybody got a plan for putting
in this capability that they'd care to implement? If it's not too invasive,
it would be nice to have this in 2.0.
I also remember that saw some issues with other "layering" interfaces,
such as pppoe, where I was not seeing quite what I expected when looking
at a dump from pppoe0 and the interface it was operating on top of. The
pppoe0 interface on my 1.6.2 systems is displaying the PPPoE header,
which I sort of felt that it should not be doing; that should be shown
when you dump the physical interface that it's actually running over
top of. But there might be an argument to be made the other way, too.
Anybody have any thoughts on this?
cjs
--
Curt Sampson <cjs@cynic.net> +81 90 7737 2974 http://www.NetBSD.org
Don't you know, in this new Dark Age, we're all light. --XTC