RE: cipe and netfilter|
Mon, 21 Jan 2002 17:44:21 +0100|
The packet travels through netfilter twice: once as the encrypted UDP packet
addressed to the local system, coming through your interface to the internet
(eth0 perhaps?) and then again as the unencrypted packet, coming from the
cipcb? interface, as it was originally sent.
> -----Original Message-----
> From: Alex [SMTP:aoclarit,AT,kiwi,DOT,dhs,DOT,org
> Sent: Friday, January 18, 2002 1:06 PM
> To: cipe-l,AT,inka,DOT,de
> Subject: cipe and netfilter
> This is a question about a cipe tunnel in conjunction with netfilter. I
> a cipe tunnel working between 2 boxes but only if I disable the packet
> In order to adjust my iptables script accordingly I need to know this :
> What is the exact running order of things that happen when a packet
> from the other end of a cipe tunnel.
> I suppose the very first thing that happens is that the cipe daemon
> intercepts the packets and decapsulates/decrypts them in order to get the
> hidden ip-packets in side the udp-packets before routing/netfilter
> are made. Is that correct ?
> The thing is that I'm not sure what kind of packets netfilter will see :
> UDP-packets with the real src/dst IP-addresses or the encapsulated packets
> inside those with the cipe IP's. This makes a huge difference though cause
> netfilter will decide by that whether to jump to the INPUT or FORWARD
> So I guess what I need to know is at what exact point does cipe intercept
> the packets and decapsulate/decprypt them.
> Can someone clarify this for me that'd be awesome.
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive: