-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Patrick McHardy wrote: | Tom Eastep wrote: | |> | Have you applied the ipsec+netfilter patches ? Without them, packets |> are |> | only seen encrypted in the OUTPUT chain. |> | |> Yes -- the ipsec+netfilter patches are applied. Here is the same test |> with the bridge removed and the local ip address transfered to one of |> the network cards: | | | The problem is ipv4_sabotage_out in the briding code. It prevents the | packet from hitting the LOCAL_OUT hook while it is still unencrypted. | When it hits the bridging code and its LOCAL_OUT hook it's too late. | Not sure how to handle it yet. | Thanks for the update. - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@xxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBIBFOO/MAbZfjDLIRAvS4AJ9eGQhcxVi09h8gmLZ/CpauSYlw1wCePgBQ trHWmX/wZV/DyIjSz05IGyQ= =mL/B -----END PGP SIGNATURE-----
