what comes first Cipe or netfilter...
Stephen Frost
sfrost@snowman.net
Fri, 18 Jan 2002 13:58:04 -0500
--SLauP2uySp+9cKYP
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
* Alex (aoclarit@kiwi.dhs.org) wrote:
> folks
>=20
> The thing is that I'm not sure what kind of packets netfilter will see : =
the
> UDP-packets with the real src/dst IP-addresses or the encapsulated packets
> inside those with the cipe IP's. This makes a huge difference though cause
> netfilter will decide by that whether to jump to the INPUT or FORWARD cha=
in.
netfilter is going to see both.
The UDP packets from the remote host will come in on your real
external interface (like eth0) and then CIPE will pick up on
them, decrypt them and whatnot, and then you'll see the data
that was encapsulated in that UDP packet come in on your CIPE
interface (like cipcb0).
Stephen
--SLauP2uySp+9cKYP
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8SHA8rzgMPqB3kigRArxbAKCZvYjM5JG+eTuhgqPGQQ0vzOfjBgCfZqb9
eUEXkFHTdpDHjWx5BYTMqU8=
=EZvi
-----END PGP SIGNATURE-----
--SLauP2uySp+9cKYP--