Marco Berizzi wrote:
Browsing the linux-net archive, I have seen that 2.6.16
will contain all ipsec hooks patches from Patrick McHardy.
Also there will be an iptables policy match to match the
ipsec policy. This patch will permit more granular control
than KLIPS ipsec virtual devices (ipsecX).
Question: will be there a way to tcpdump all traffic going
to be encrypted/decrypted? Actually with KLIPS this is
easy: tcpdump -i ipsec0
I have an unfinished patch to do this, I'll post it for discussion
after the remaining netfilter/IPsec issues are settled. One thing
I'm not sure about yet is how to tell tcpdump not to show these
packets, or to only show these packets. One possibility would be
to add new qualifiers ("ipsec"/"not ipsec" or something like that),
similar to the inbound/outbound qualifiers for ppp devices. Another
(IMO more ugly) way would be to use a dummy device.
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
