<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: cipe and netfilter
From: "Alex" <aoclarit,AT,kiwi,DOT,dhs,DOT,org>
Date: Fri, 18 Jan 2002 22:19:28 +0100

folks

This is a question about a cipe tunnel in conjunction with netfilter. I have
a cipe tunnel working between 2 boxes but only if I disable the packet
filtering.
In order to adjust my iptables script accordingly I need to know this :
What is the exact running order of things that happen when a packet arrives
from the other end of a cipe tunnel.
I suppose the very first thing that happens is that the cipe daemon
intercepts the packets and decapsulates/decrypts them in order to get the
hidden ip-packets in side the udp-packets before routing/netfilter decisions
are made. Is that correct ?

The thing is that I'm not sure what kind of packets netfilter will see : the
UDP-packets with the real src/dst IP-addresses or the encapsulated packets
inside those with the cipe IP's. This makes a huge difference though cause
netfilter will decide by that whether to jump to the INPUT or FORWARD chain.
So I guess what I need to know is at what exact point does cipe intercept
the packets and decapsulate/decprypt them.
Can someone clarify this for me that'd be awesome.

Alex





<< | Thread Index | >> ]    [ << | Date Index | >> ]