On 18.10.2016 22:11, Brian O'Connor wrote:
>
> So, for forwarded traffic (as distinct from locally source packets), I
> understand the packet to
> flow through the mangle and nat postrouting chains twice, and the other
> iptables
> output chains for raw, mangle, nat and filter tables only once
Noel,
I note your last message clearly emphasised that packets from a local process
are processed twice
via the output path of the graphic.
So, for forwarded traffic (as distinct from locally source packets), I
understand the packet to
flow through the mangle and nat postrouting chains twice,
On 18.10.2016 21:43, Brian O'Connor wrote:
> I think I have the decryption process clear but was not clear on the iptables
> processing for
> encrypted packets. From what you said, it looks like the NAT-T header is
> added after the
> iptables processing of an outbound encrypted packet, on the
Thank you, Noel.
I am trying to understand how the inner and outer IP headers for tunneled IPsec
packets
are processed by iptables, to help troubleshoot an anomalous situation I found.
I think I have the decryption process clear but was not clear on the iptables
processing for
encrypted
On 18.10.2016 21:27, Noel Kuntze wrote:
> Hello Brian,
>
> On 18.10.2016 21:05, Brian O'Connor wrote:
>
>> > 1. Where in the diagram is NAT-T de-capsulation performed?
> XFRM lookup.
Err actually xfrm decode.
>> >
>> > 2. Where in the diagram is NAT-T encapsulation performed?
> XFRM
Hello Brian,
On 18.10.2016 21:05, Brian O'Connor wrote:
> 1. Where in the diagram is NAT-T de-capsulation performed?
XFRM lookup.
>
> 2. Where in the diagram is NAT-T encapsulation performed?
XFRM lookup.
>
> 3. Does the NAT-T UDP header have to be removed so the iptables IPsec
>
Hello,
The commonly quoted packet flow diagram at [1] does not show where NAT-T is
implemented for
IPsec MOBIKE. Questions are:
1. Where in the diagram is NAT-T de-capsulation performed?
2. Where in the diagram is NAT-T encapsulation performed?
3. Does the NAT-T UDP header have to
