[Top] [All Lists]

Re: Netfilter+IPsec

To: "David S. Miller" <davem@xxxxxxxxxxxxx>
Subject: Re: Netfilter+IPsec
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Fri, 25 Mar 2005 13:53:49 +1100
Cc: Patrick McHardy <kaber@xxxxxxxxx>, kuznet@xxxxxxxxxxxxx, yoshfuji@xxxxxxxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to: <>
References: <> <> <> <> <> <> <> <> <> <>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.5.6+20040907i
On Wed, Mar 23, 2005 at 09:43:40PM -0800, David S. Miller wrote:
> On Thu, 24 Mar 2005 06:05:50 +0100
> Patrick McHardy <kaber@xxxxxxxxx> wrote:
> > This patch (not entirely reviewed myself yet) contains the parts
> > necessary for hooking output IPsec packets for netfilter.
> This is actually much cleaner than I had ever anticipated.
> I like it.

I completely agree.  The output patch is an elegant piece of work.

> I suppose the input side will be quite a bit more involved?

Maybe it won't be that bad when we actually see it :)

BTW Patrick, what about the other bits in your original patch set?
In particular, have you still got the bit that does policy lookups
after SNAT?

Visit Openswan at
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page:
PGP Key:

<Prev in Thread] Current Thread [Next in Thread>