Re: [PATCH 00/10]: Netfilter IPsec support

[PATCH 00/10]: Netfilter IPsec support · Patrick McHardy <hidden> · 2005-11-11
Re: [PATCH 00/10]: Netfilter IPsec support · "David S. Miller" <davem@davemloft.net> · 2005-11-11
Re: [PATCH 00/10]: Netfilter IPsec support · Patrick McHardy <hidden> · 2005-11-11
Re: [PATCH 00/10]: Netfilter IPsec support · Gerd v. Egidy <hidden> · 2005-11-11
Re: [PATCH 00/10]: Netfilter IPsec support · Patrick McHardy <hidden> · 2005-11-11
Re: [PATCH 00/10]: Netfilter IPsec support · Marco Berizzi <hidden> · 2005-11-15
Re: [PATCH 00/10]: Netfilter IPsec support · Patrick McHardy <hidden> · 2005-11-17

From: Gerd v. Egidy <hidden>
Date: 2005-11-11 10:13:32
Also in: netfilter-devel

Hi,

This is the latest set patches for netfilter IPsec support.
The use of netif_rx for the innermost SA if it used transport
mode has been replaced by explicit NF_HOOK calls in
xfrm{4,6}_input.c.

Could you please describe the solution you implemented a bit more? There was 
just so many back and forth that I'm confused now.

If I use it with iptables, do the transport mode packets go through INPUT and 
OUTPUT twice, decrypted and encrypted?

If I use it with iptables, do the tunnel mode packets go through FORWARD or 
INPUT and OUTPUT twice, decrypted and encrypted?

Can I do NAT in tunnel and transport mode?

what about the policy match patches, why are they only posted "for 
completeness" and as 11/12 of 10? Aren't they ready yet?

Thanks for enlightment.

Kind regards,

Gerd

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help