[PATCH]: latest netfilter+ipsec patches

[Patrick McHardy]

Alexander Samad wrote:
> Q do I understand right that encrypted packets can or can't be acted
> upon by the hooks in LOCAL_IN.
> 
> Or another way of putting it does a packet travel the tables twice once
> as an encrypted packet and once as a de crypted packet ?

Exactly, input looks like this:

(encrypted) PRE_ROUTING -> LOCAL_IN ->
(plain) PRE_ROUTING -> LOCAL_IN/FORWARD

output looks like this:

(plain) FORWARD/LOCAL_OUT -> POST_ROUTING ->
(encrypted) LOCAL_OUT -> POST_ROUTING

This is the same as with freeswan, only without the ipsec
devices, the policy match can be used as a easy replacement
for them (-m policy --pol ipsec).

Regards,
Patrick

> 
> Alex
> 
>