On Fri, 2006-11-10 at 17:28 +0100, Mark Phalan wrote: > > If you know the physical interface through which tunneled traffic > > eventually ends up, you can of course capture packets on that interface. > > This doesn't help, of course, if you've configured IPsec policy on your > > tunnel interface to encrypt packets. It's also problematic on > > multi-homed systems, where the physical interface through which tunneled > > packets are flowing could change based on dynamic routing information. > > > > Ok, so if I snoop the physical interface I can see the IPv6 packets but > I can't do any filtering... > for e.g. snoop host <ipv6host> > won't work.
That's correct. This is a significant drawback to the lack of IP tunnel data-links in Solaris. > > I guess I'll have to wait until clearview is integrated. Unfortunately, I think so. > > We (the Clearview project) are periodically releasing early access bfu > > archives that contain our work in development. When the IP tunneling > > work is baked enough to arrive in these early access bits, we'll make > > sure to notify you and the people on this list. > > > > Cool, looking foward to seeing this in Nevada. And we're looking forward to being able to draw on you as an early adopter and tester prior to integration into Nevada (right?). ;-) Thanks, -Seb _______________________________________________ networking-discuss mailing list [email protected]
