On Wed, Dec 17, 2003 at 11:02:35PM +0100, Peter Hoeg wrote: > Mark Weaver wrote: > > >I have to guess so. I've no idea TBH where the packets actually go, but > >this definitely works for me. I'm more of a cook than a chef when it comes > >to netfilter. I've tried looking around the source, but I'm pretty > >clueless, and the native ipsec doesn't seem to be documented at all. It's > >not even got a maintainer listed, and virtually nothing in > >linux/Documentation. (If anyone could point me in the right direction that > >would be great!). > mark, you simply rule! this fixed my problem. now, since i was going > nuts trying to figure it out and i couldn't find ANY info on ANYWHERE > (you guys were my last resort), so i have decided to make a small guide > (i needed to learn docbook anyway so this seemed like a good chance) > which can be found here: > http://hoeg.org/lri/ > but one thing - to be honest i actually was thinking briefly about the > MARK solution myself but came to the conclusion that since it is similar > to the TOS marks you can set, then technically somebody else could tag > the packets themselves before entering my system which would bypass the > solution. and thats why i didnt take it further. can anybody shed any > light on that? No... TOS is contained in the packet. It's actually a header field. MARK is not. It's not a part of the packet at all outside of the system. It can not be introduced from outside the system. > but in order for the search engines to pick up this message: racoon > linux kernel 2.6 ipsec vpn tunnel firewall iptables netfilter > >It kind of makes sense, because without this we'd have no possibility of > >handling packets that came in via an IPSC tunnel separately. > agree Mike -- Michael H. Warfield | (770) 985-6132 | mhw@xxxxxxxxxxxx /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
Attachment:
pgp00700.pgp
Description: PGP signature
