From owner-freebsd-security  Tue Aug  6  2: 3:14 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4077037B400
	for <freebsd-security@FreeBSD.ORG>; Tue,  6 Aug 2002 02:03:12 -0700 (PDT)
Received: from math.teaser.net (math.teaser.net [213.91.2.4])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3F23443E77
	for <freebsd-security@FreeBSD.ORG>; Tue,  6 Aug 2002 02:03:11 -0700 (PDT)
	(envelope-from e-masson@kisoft-services.com)
Received: from notbsdems.nantes.kisoft-services.com (nantes.kisoft-services.com [193.56.60.243])
	by math.teaser.net (Postfix) with ESMTP
	id 6A1DD6C899; Tue,  6 Aug 2002 11:03:09 +0200 (CEST)
Received: by notbsdems.nantes.kisoft-services.com (Postfix, from userid 1001)
	id 304B85AAED; Tue,  6 Aug 2002 10:51:31 +0200 (CEST)
To: cjclark@alum.mit.edu
Cc: Matthew Grooms <mgrooms@seton.org>, dlavigne6@cogeco.ca,
	Mailing List FreeBSD Security <freebsd-security@FreeBSD.ORG>
Subject: Re: esp tunnel without gif(4) [Was Re: vpn1/fw1 NG to ipsec/racoon
 troubles, help please ...]
References: <sd455602.090@aus-gwia.aus.dcnhs.org>
	<20020730074813.GF89241@blossom.cjclark.org>
	<86znw5r9h3.fsf_-_@notbsdems.nantes.kisoft-services.com>
	<86k7n9qv08.fsf@notbsdems.nantes.kisoft-services.com>
	<20020802172729.GA6880@blossom.cjclark.org>
	<86wur5o0r4.fsf@notbsdems.nantes.kisoft-services.com>
	<20020805174156.GA62935@blossom.cjclark.org>
From: Eric Masson <e-masson@kisoft-services.com>
In-Reply-To: <20020805174156.GA62935@blossom.cjclark.org> ("Crist J.
 Clark"'s message of "Mon, 5 Aug 2002 10:41:56 -0700")
X-Operating-System: FreeBSD 4.6-STABLE i386
Date: Tue, 06 Aug 2002 10:51:30 +0200
Message-ID: <86znw0z7xp.fsf@notbsdems.nantes.kisoft-services.com>
Lines: 27
User-Agent: Gnus/5.090008 (Oort Gnus v0.08) XEmacs/21.4 (Common Lisp,
 i386--freebsd)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

>>>>> "Crist" == Crist J Clark <crist.clark@attbi.com> writes:

 Crist> Tunnelling is not the same as routing. The tunnelling actually
 Crist> has no effect on routing. A packet going through the tunnel is
 Crist> encapsulated and sent to a different destination. This is not
 Crist> like routing where we don't touch the source or destination
 Crist> addresses and merely manipulate where the packet is directed on
 Crist> the next hop. Once encapsulation is done, routing is done
 Crist> normally.

 Crist> I think a command that displays the SPD and live SAD entries in
 Crist> more intuitive ways, possibly in a 'netstat -r'-like fashion
 Crist> would be very useful, but it shouldn't actually be in 'netstat
 Crist> -r.'

I was just thinking of a more friendly way to display tunnels, so
netstat came to my mind, but it seems that a specialized command should
be better.

Thanks

Eric Masson

-- 
 coucou m'man! Fais-moi plaisir, réagis, que je puisse t'humilier en
 public!
 -+- Attila in <http://www.le-gnu.net> : Bonne fête maman -+-

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message