Date: Sun, 2 Apr 2006 11:38:05 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Dmitry Pryanishnikov <dmitry@atlantis.dp.ua> Cc: VANHULLEBUS Yvan <vanhu_bsd@zeninc.net>, freebsd-net@freebsd.org Subject: Re: tcpdump and ipsec Message-ID: <20060402113516.D76259@maildrop.int.zabbadoz.net> In-Reply-To: <20060402130227.G99958@atlantis.atlantis.dp.ua> References: <442D8E98.6050903@vineyard.net> <20060331222813.GA29047@zen.inc> <20060331223613.GD80492@spc.org> <20060402130227.G99958@atlantis.atlantis.dp.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 2 Apr 2006, Dmitry Pryanishnikov wrote: > > Hello! > > On Fri, 31 Mar 2006, Bruce M Simpson wrote: >> On Sat, Apr 01, 2006 at 12:28:13AM +0200, VANHULLEBUS Yvan wrote: >>> 2) use enc0 support, which is actually pr kern/94829, and which should >>> be included soon in kernel. >> >> Oh god! Not another ifnet! NoOOOOOO!!!!!! > > Why not? IMHO it will be very useful feature: think about e.g. traffic > shaping for several different networks which are routed via the same > ipsec tunnel. Without the enc0, you can only shape them together, e.g.: why not shaping on the internal interface in case this is a gateway? You know src and dst there too. The only difference enc0 makes is for host-only-setups or if you want to see all your unencrpyted ipsec traffic on a gateway in one place. -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060402113516.D76259>