[LARTC] Classful Queuing
Alexander Samad
alex@samad.com.au
Tue, 12 Oct 2004 17:05:53 +1000
--Uzkapz4/HjIvV4VZ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Oct 11, 2004 at 10:46:01PM -0500, rsenykoff@harrislogic.com wrote:
> >But will the mark still exist after the encryption/encapsulation?
> >>not so about ingres, but the marking stay with the packet after the enc
> >>( well on 2.6 with native stack it does). I use this for marking
> >>packets.
>=20
> Isn't this going to depend on whether you are encrypting the whole packet=
=20
> (VPN style) or just the data portion of the packet (SSL style)?
I use it to mark parkets that are then esp enc. I am using in currently
with 2.6 and native ipsec stack to mark all packets that come in as esp
and then are de - enc, I allow these through the firewall. This was my
way around the old the problem of how to setup the firewall when the
ipsecX interface dissappeared.
I beleive the packet is encaped in place not duplicate. Then the new
packet is refeed back in to netfilter.
Alex
--Uzkapz4/HjIvV4VZ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBa4JRkZz88chpJ2MRAjYtAJ9Go2fuTefXXdCR3jE2fSj4lo0sKACfTDOx
Sgd4ZtIArsMgQE5munz7CgE=
=/aGK
-----END PGP SIGNATURE-----
--Uzkapz4/HjIvV4VZ--