what comes first Cipe or netfilter...

[Alex]

folks

This is a question about a cipe tunnel in conjunction with netfilter. I have
a cipe tunnel working between 2 boxes but only if I disable the packet
filtering.
In order to adjust my iptables script accordingly I need to know this :
What is the exact running order of things that happen when a packet arrives
from the other end of a cipe tunnel.
I suppose the very first thing that happens is that the cipe daemon
intercepts the packets and decapsulates/decrypts them in order to get the
hidden ip-packets in side the udp-packets before routing/netfilter decisions
are made. Is that correct ?

The thing is that I'm not sure what kind of packets netfilter will see : the
UDP-packets with the real src/dst IP-addresses or the encapsulated packets
inside those with the cipe IP's. This makes a huge difference though cause
netfilter will decide by that whether to jump to the INPUT or FORWARD chain.

Can someone clarify this for me that'd be awesome and I apologize if you
think this doesn't belong to this list.

thx and keep this awesomw list up please !!

Alex