[Openswan dev] IPSECPOLICY flag in Makefile.inc
mcr at sandelman.ottawa.on.ca
Sat Jul 3 16:42:38 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Herbert" == Herbert Xu <herbert at gondor.apana.org.au> writes:
>> You can say, "I want this secure", and you can say "I want to
>> form a tunnel with FOO", but you can not specify what the
>> identity of the remote system is supposed to be.
Herbert> You mean the identity of the remote security gateway? No
Herbert> that can't be specified beyond the IP address as it is.
>> The sockopt interface is pretty limited.
Herbert> Perhaps. But the current form can be easily extended since
Herbert> the interface is based on arbitrary strings parsed by each
Herbert> interface module.
Yes, the intention of the API is that it can be implemented using
KAME-like setsockopt(), or via some other trusted IPC if desired.
setsockopt() is a pain to implement for many stacks.
] "Elmo went to the wrong fundraiser" - The Simpson | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----
More information about the Dev