Re: tcpdump with Linux 2.6 and ipsec/ESP

[Michael Richardson <mcr () sandelman ottawa on ca>]

-----BEGIN PGP SIGNED MESSAGE-----


> > > > > "Michael" == Michael Mueller <m.mueller99 () kay-mueller de> writes:
    Michael> Is this a Linux or tcpdump / libpcap problem? Does anybody
    Michael> have some further details about it? Is there a more
    Michael> appropriate Linux list to send this question to?

  On Linux 26sec code, there is no interface equivalent to "ipsec0" on
which you can see packets. 
  The -E option really doesn't help much in real use, because the keys
are not easily divulged. 

  BSDs running KAME stacks have had the same problem, some of the BSDs
have created a special tap point which tcpdump can attach to which is
prior to encryption, and after decryption.

  You will discover that there are other issues with 26sec -- you have
now effectively 3 firewalls (iptables, advanced routing/QoS, and SPD),
and the SPD one is unaware of the other two.

- --
]     "Elmo went to the wrong fundraiser" - The Simpson         |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr () xelerance com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQWKi44qHRg3pndX9AQHZsgP9EhYg3E0DdD2vDVpr7xezWA5ueadgO/No
Ru7PUPEVxTPHk/sQCnssJ0lVf0oIOsBRtI5xXfrXAvXd65z4LiFl/LxCHsF4/erJ
vjo/srUIDsDAsUZk7d82aID3ZdwMHTstT215jCTbxGNdy9Fkg2tf7XFN6nIOoCSq
XzCHpzn3cVI=
=MqZA
-----END PGP SIGNATURE-----
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.