Hello, I am thinking to implement user-space IPSec using NETLINK_FIREWALL protocol. This is how, I am thinking to proceed- -Get the plain packet sent out using OUTPUT rule with QUEUE target in the user space. Encapsulate the packet and send out ESP packet. -Similarly get the ESP packet sent from the peer gateway, get it into user space with INPUT ESP based rule, decrypt the packet and send it to the application using raw sockets. But I have some doubts whether this will work just fine or not. Lets say that I am trying to IPSec SCTP data. The client is using kernel-sctp, but as I block the sctp packet(say connect) using firewall, convert it to esp packet and send out, will the sctp layer of kernel maintain the sctp states properly. Similarly, for recv part. Please comment. -- Thanks Prashant Batra -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
