On Saturday 2011-10-08 08:50, Prashant Batra wrote: >Hello, > >I am thinking to implement user-space IPSec using NETLINK_FIREWALL >protocol. This is how, I am thinking to proceed- > >-Get the plain packet sent out using OUTPUT rule with QUEUE target in >the user space. Encapsulate the packet and send out ESP packet. >-Similarly get the ESP packet sent from the peer gateway, get it into >user space with INPUT ESP based rule, decrypt the packet >and send it to the application using raw sockets. > >But I have some doubts whether this will work just fine or not. _Outputting_ data to a raw socket fd is not going to make it appear in the _input path_. Don't make it more complicated than it needs to be. The kernel ESP encoder/decoder works just fine. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
