Browsing the linux-net archive, I have seen that 2.6.16 will contain all ipsec hooks patches from Patrick McHardy. Also there will be an iptables policy match to match the ipsec policy. This patch will permit more granular control than KLIPS ipsec virtual devices (ipsecX). Question: will be there a way to tcpdump all traffic going to be encrypted/decrypted? Actually with KLIPS this is easy: tcpdump -i ipsec0 TIA - : send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
