Date: Thu, 22 Mar 2001 11:17:42 +0900 From: itojun@iijlab.net To: freebsd-security@freebsd.org Subject: Re: IPSEC/VPN/NAT and filtering Message-ID: <19242.985227462@coconut.itojun.org> In-Reply-To: itojun's message of Thu, 22 Mar 2001 04:10:29 JST. <10518.985201829@coconut.itojun.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> see latest NetBSD source code tree, and the following URL, on how > we handled it (now ipfilter looks at wire format packet only). i have > no environment/time to do the same on freebsd, but i can > say that the foundations are there in kame and netbsd tree. > (you can check if the packet went throught ip sec on inbound, > by using ipsec_gethist()) > http://www.netbsd.org/Documentation/network/ipsec/#ipf-interaction not sure if it works, but anyway, here it is. http://orange.kame.net/dev/cvsweb.cgi/kame/freebsd4/sys/netinet/ip_input.c.diff?r1=1.16&r2=1.17 (based on 4.2-RELEASE) itojun To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19242.985227462>