On Wed, Mar 23, 2005 at 09:43:40PM -0800, David S. Miller wrote:

On Thu, 24 Mar 2005 06:05:50 +0100
Patrick McHardy [off-list ref] wrote:

quoted

This patch (not entirely reviewed myself yet) contains the parts
necessary for hooking output IPsec packets for netfilter.

This is actually much cleaner than I had ever anticipated.
I like it.

I completely agree.  The output patch is an elegant piece of work.

I suppose the input side will be quite a bit more involved?

Maybe it won't be that bad when we actually see it :)

BTW Patrick, what about the other bits in your original patch set?
In particular, have you still got the bit that does policy lookups
after SNAT?

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} [off-list ref]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt