From owner-freebsd-net@FreeBSD.ORG  Mon Aug 21 16:46:02 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: net@freebsd.org
Delivered-To: freebsd-net@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6217816A4DA
	for <net@freebsd.org>; Mon, 21 Aug 2006 16:46:02 +0000 (UTC)
	(envelope-from infofarmer@gmail.com)
Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.178])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2D12743D76
	for <net@freebsd.org>; Mon, 21 Aug 2006 16:45:55 +0000 (GMT)
	(envelope-from infofarmer@gmail.com)
Received: by py-out-1112.google.com with SMTP id o67so2481110pye
	for <net@freebsd.org>; Mon, 21 Aug 2006 09:45:54 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth;
	b=DAIC3Eblz/VWP8St8eYKr6fovtYMgsQmgAbQLjQI4mjZCHPsPHwUT+ruAGNGEtKlGSchTkwGI8lqotFE0aGEZFWpgFiAaIHiGd3RxfOWi/fqkCV8sRvg62DDCc+0gVL6Gr2n2i1MarfxeUa6Ey8Aj60PTqckZQrHRFun8lpeuWc=
Received: by 10.35.126.7 with SMTP id d7mr13663606pyn;
	Mon, 21 Aug 2006 09:45:54 -0700 (PDT)
Received: by 10.35.105.10 with HTTP; Mon, 21 Aug 2006 09:45:54 -0700 (PDT)
Message-ID: <cb5206420608210945q2c6659f8oa52644727510dd18@mail.gmail.com>
Date: Mon, 21 Aug 2006 20:45:54 +0400
From: "Andrew Pantyukhin" <infofarmer@FreeBSD.org>
Sender: infofarmer@gmail.com
To: "Jeremie Le Hen" <jeremie@le-hen.org>
In-Reply-To: <20060821162830.GA58048@obiwan.tataz.chchile.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <44E58E9E.1030401@FreeBSD.org> <44E5F19E.9070600@isi.edu>
	<cb5206420608181236h34c0b85fwffc93bdd6c6979f4@mail.gmail.com>
	<44E619F7.7030300@isi.edu>
	<cb5206420608181258w3c845f93w589525e4c7293816@mail.gmail.com>
	<20060821162830.GA58048@obiwan.tataz.chchile.org>
X-Google-Sender-Auth: 71a00aa4b6b0cf94
Cc: remko@freebsd.org, thompsa@freebsd.org, net@freebsd.org
Subject: Re: [fbsd] Re: Routing IPSEC packets?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Aug 2006 16:46:02 -0000

On 8/21/06, Jeremie Le Hen <jeremie@le-hen.org> wrote:
> As is has indeed already been stated in this thread, IPSec tunnel mode
> shunts the routing table.  However the new enc(4) interface that Andrew
> Thompson has imported from OpenBSD allows to filter IPSec traffic in a
> more natural way.

My understanding is that "options IPSEC_FILTERGIF"
already forces decoded packets to show up on the
interface:

http://lists.freebsd.org/pipermail/freebsd-bugs/2005-December/016074.html