Patrick McHardy wrote:
Marco Berizzi wrote:
Browsing the linux-net archive, I have seen that 2.6.16
will contain all ipsec hooks patches from Patrick McHardy.
Also there will be an iptables policy match to match the
ipsec policy. This patch will permit more granular control
than KLIPS ipsec virtual devices (ipsecX).
Question: will be there a way to tcpdump all traffic going
to be encrypted/decrypted? Actually with KLIPS this is
easy: tcpdump -i ipsec0
I have an unfinished patch to do this, I'll post it for discussion
after the remaining netfilter/IPsec issues are settled. One thing
I'm not sure about yet is how to tell tcpdump not to show these
packets, or to only show these packets. One possibility would be
to add new qualifiers ("ipsec"/"not ipsec" or something like that),
excellent idea.
similar to the inbound/outbound qualifiers for ppp devices. Another
(IMO more ugly) way would be to use a dummy device.
...I agree with you, it is IMHO a little ugly.
Thanks for the reply.
PS: I see a lot of spam on this list archive. Is this the right list to post
questions?
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
