Sebastien Roy wrote: > On Mon, 2009-08-03 at 21:54 -0400, James Carlson wrote: >> That's not quite what I was expected. I didn't think it'd remove bytes >> from the middle of the packet. > > ACCEPT. There are some headers that will never get passed up to iptun. > Fragmentation headers won't, obviously. The ip module does reassembly > prior to passing payloads up. IPsec headers are another, and TX labels > are another. You're correct regarding other random extension headers, > though, snoop needs to expect that those could show up and the user-land > filter needs to adjust its offsets to accommodate.
Sounds like we're in sync. Thanks! -- James Carlson 42.703N 71.076W <carlsonj at workingcode.com>
