> Hmm, this was my fear that the Linux kernel simply does not route > locally generated RAW packets through XFRM. Is there any other way to > make a locally-generated IP packet go through XFRM?
It seems that the kernel actually calls ip_route_output_flow() from raw_sendmsg(), what should be fine. But the flow protocol depends on the socket protocol and the HDRINCL option. You may play with these to track this issue down... Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
