On Tue, Mar 07, 2006 at 05:13:24PM -0500, James Carlson wrote: > Nicolas Williams writes: > > There should be a single re-writer, and at worst "around" hooks to > > observe packets before and after re-writes (someone's bound to want > > that). No? > > Should that single re-writer be NAT or IPsec ESP?
I can see NAT as something that plugs into hooks; hooking ESP/AH in seems less appropriate, but maybe that's just my sense of aesthetics (NAT sucks; IPsec is almost a fundamental component of the IP architecture). In any case, order should only matter amongst re-writers/queuers. To really push observability we should have hooks around, not just before or after, re-write points. Am I interested in snooping packets as they come off the wire? Or posts IPsec processing? Why not both? That way I get to confirm that ESP/AH are being used. _______________________________________________ networking-discuss mailing list [email protected]
