Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 11 Apr 2006 15:35:35 -0700 (PDT)
From:      Kelly Yancey <kbyanc@posi.net>
To:        Dmitry Pryanishnikov <dmitry@atlantis.dp.ua>
Cc:        "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>, VANHULLEBUS Yvan <vanhu_bsd@zeninc.net>, freebsd-net@freebsd.org
Subject:   Re: tcpdump and ipsec
Message-ID:  <20060411153224.L55107@gateway.posi.net>
In-Reply-To: <20060402151039.R51461@atlantis.atlantis.dp.ua>
References:  <442D8E98.6050903@vineyard.net> <20060331222813.GA29047@zen.inc> <20060331223613.GD80492@spc.org> <20060402130227.G99958@atlantis.atlantis.dp.ua> <20060402113516.D76259@maildrop.int.zabbadoz.net> <20060402151039.R51461@atlantis.atlantis.dp.ua>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sun, 2 Apr 2006, Dmitry Pryanishnikov wrote:

>
> Hello!
>
> On Sun, 2 Apr 2006, Bjoern A. Zeeb wrote:
> >> Why not? IMHO it will be very useful feature: think about e.g. traffic
> >> shaping for several different networks which are routed via the same
> >> ipsec tunnel. Without the enc0, you can only shape them together, e.g.:
> >
> > why not shaping on the internal interface in case this is a gateway?
> > You know src and dst there too.
>
>   Gateway can also contain sources of traffic, and we should be able
> to shape all outgoing or incoming traffic (not only transit packets,
> but also locally-originated).
>
> > The only difference enc0 makes is for host-only-setups or if you want
> > to see all your unencrpyted ipsec traffic on a gateway in one place.
>
>   It seems to me that it's also useful for general traffic
> shaping/accounting/filtering purposes.
>
> Sincerely, Dmitry

  I agree 100%.  At work, we implemented the enc interface for FreeBSD
4.7 and 4.10 along with extending the divert interface such that we
could perform filtering and NAT on packets after tunnel decapsulation.
Just because one person doesn't have a use for the enc interface, does
not mean that no one does.

  Kelly

-- 
Kelly Yancey  -  kbyanc@{posi.net,FreeBSD.org}  -  kelly@nttmcl.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060411153224.L55107>