[RFC/RFT] projects/ipsec
Andrey V. Elsukov
ae at FreeBSD.org
Sun Dec 11 12:20:00 UTC 2016
On 11.12.2016 15:15, Slawa Olhovchenkov wrote:
>> IPsec is a set of protocol handlers - ESP/AH/IPcomp. Inbound packets are
>> handled by security association with given destination address and SPI.
>> If returned packets aren't destined to your address, protocol handlers
>> will not handle them.
>
> SA can't contains not may address? Surpised to me.
> Or I missunderstund you.
You can specify what you want, but this just will not work as you
expect. A router usually must not handle all TCP sessions that it
forwards. It routes IP packets, but it doesn't invoke tcp_input() for
each TCP packet that it sees.
--
WBR, Andrey V. Elsukov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 541 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20161211/35b8ab4d/attachment.sig>
More information about the freebsd-net
mailing list