From owner-freebsd-net@FreeBSD.ORG  Sun Apr  2 12:19:20 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 943D116A401
	for <freebsd-net@freebsd.org>; Sun,  2 Apr 2006 12:19:20 +0000 (UTC)
	(envelope-from dmitry@atlantis.dp.ua)
Received: from postman.atlantis.dp.ua (postman.atlantis.dp.ua [193.108.47.1])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D4C3943D45
	for <freebsd-net@freebsd.org>; Sun,  2 Apr 2006 12:19:19 +0000 (GMT)
	(envelope-from dmitry@atlantis.dp.ua)
Received: from smtp.atlantis.dp.ua (smtp.atlantis.dp.ua [193.108.46.231])
	by postman.atlantis.dp.ua (8.13.1/8.13.1) with ESMTP id k32CJAAx072213; 
	Sun, 2 Apr 2006 15:19:10 +0300 (EEST)
	(envelope-from dmitry@atlantis.dp.ua)
Date: Sun, 2 Apr 2006 15:19:10 +0300 (EEST)
From: Dmitry Pryanishnikov <dmitry@atlantis.dp.ua>
To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
In-Reply-To: <20060402113516.D76259@maildrop.int.zabbadoz.net>
Message-ID: <20060402151039.R51461@atlantis.atlantis.dp.ua>
References: <442D8E98.6050903@vineyard.net> <20060331222813.GA29047@zen.inc>
	<20060331223613.GD80492@spc.org>
	<20060402130227.G99958@atlantis.atlantis.dp.ua>
	<20060402113516.D76259@maildrop.int.zabbadoz.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: VANHULLEBUS Yvan <vanhu_bsd@zeninc.net>, freebsd-net@freebsd.org
Subject: Re: tcpdump and ipsec
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Apr 2006 12:19:20 -0000


Hello!

On Sun, 2 Apr 2006, Bjoern A. Zeeb wrote:
>> Why not? IMHO it will be very useful feature: think about e.g. traffic 
>> shaping for several different networks which are routed via the same
>> ipsec tunnel. Without the enc0, you can only shape them together, e.g.:
>
> why not shaping on the internal interface in case this is a gateway?
> You know src and dst there too.

  Gateway can also contain sources of traffic, and we should be able
to shape all outgoing or incoming traffic (not only transit packets,
but also locally-originated).

> The only difference enc0 makes is for host-only-setups or if you want
> to see all your unencrpyted ipsec traffic on a gateway in one place.

  It seems to me that it's also useful for general traffic 
shaping/accounting/filtering purposes.

Sincerely, Dmitry
-- 
Atlantis ISP, System Administrator
e-mail:  dmitry@atlantis.dp.ua
nic-hdl: LYNX-RIPE