So after we build and install openswan, it gets loaded as a kernel module, right? If we have to statically compile it in, we would have to rebuild the kernel. Is my understanding correct?<br><br>Thanks,<br>Leena.<br><br><div class="gmail_quote">
On Wed, Mar 19, 2008 at 7:00 PM, Michael Richardson <<a href="mailto:mcr@sandelman.ottawa.on.ca">mcr@sandelman.ottawa.on.ca</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
>>>>> "Leena" == Leena Soman <<a href="mailto:leenax@gmail.com">leenax@gmail.com</a>> writes:<br>
Leena> Hi, I have just started a project on ipsec and have a very<br>
Leena> basic question regarding the co-existence of openswan ipsec<br>
Leena> and the native linux ipsec. I see from the code that openswan<br>
Leena> calls sock_register to register for the PF_KEY family and the<br>
Leena> native linux code also does the same. So openswan will get an<br>
Leena> error unless it has initialized before NETKEY. How does it<br>
Leena> make sure of this?<br>
<br>
You are responsible for this.<br>
Either you load one module or the other, or compile one in statically,<br>
or the other. There is little or no co-existence at runtime.<br>
It is something we would like to fix, but it is not done.<br>
<font color="#888888"><br>
--<br>
] Bear: "Me, I'm just the shape of a bear." | firewalls [<br>
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[<br>
]mcr@<a href="http://xelerance.com" target="_blank">xelerance.com</a> <a href="http://www.sandelman.ottawa.on.ca/mcr/" target="_blank">http://www.sandelman.ottawa.on.ca/mcr/</a> |device driver[<br>
]panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [<br>
<br>
<br>
</font></blockquote></div><br>