tcpdump and ipsec
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Sun Apr 2 11:40:17 UTC 2006
On Sun, 2 Apr 2006, Dmitry Pryanishnikov wrote:
>
> Hello!
>
> On Fri, 31 Mar 2006, Bruce M Simpson wrote:
>> On Sat, Apr 01, 2006 at 12:28:13AM +0200, VANHULLEBUS Yvan wrote:
>>> 2) use enc0 support, which is actually pr kern/94829, and which should
>>> be included soon in kernel.
>>
>> Oh god! Not another ifnet! NoOOOOOO!!!!!!
>
> Why not? IMHO it will be very useful feature: think about e.g. traffic
> shaping for several different networks which are routed via the same
> ipsec tunnel. Without the enc0, you can only shape them together, e.g.:
why not shaping on the internal interface in case this is a gateway?
You know src and dst there too.
The only difference enc0 makes is for host-only-setups or if you want
to see all your unencrpyted ipsec traffic on a gateway in one place.
--
Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT
More information about the freebsd-net
mailing list