[Openswan dev] Openswan on uClinux
Michael Richardson
mcr at xelerance.com
Sun Dec 16 12:48:25 EST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "David" == David McCullough <David_Mccullough at securecomputing.com> writes:
David> There is no reason it can't be done. Just the tools needed to
David> get all the scripts going may not all be fully functional on
David> a !MMU system, or it may need a little work. If you go
David> barebones and just use pluto and whack it gets a lot easier
David> (depending on your point of view ;-) on !MMU.
So, a goal in the 2.5 line is to be able to operate without major
loss of functionality without (g)awk. Many of our scripts are now
busybox compliant, but not all.
However, you can certainly avoid using many of the scripts if you
start pluto directly, and use the /usr/lib/ipsec/whack and addconn
programs directly.
I think that in 2.5, the addconn interface is sufficiently
dis-entangled from pluto that if someone wants to pull policies directly
from whatever GUI-friendly database there is, then that will result in
much lower overhead than writing them to a config file.
I mean to finish doing that for the ebox distro, for instance.
- --
] Bear: "Me, I'm just the shape of a bear." | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys
iQEVAwUBR2Vk2ICLcPvd0N1lAQK43Af9GzS3tzbWcXhbvGk/qPteeWHdzEG9GGL0
uViKepPGCS05QOhJr5mdJF5R5PJfuTuErxVdWPXeOaSCjaSQWEvmZYZ1QmuzZy8P
ngJJ8Xxyfvh5aW96HabK4zwQxt2FhL+1Bo+L2zMvlr95Rr8K2ZwUTuuL6FC672xX
k63CHyOIbJGT3OVQzYfpsdrd8BafKRbkgvVl+p+z6A1gMNHGaaOc5iZEr+uuYDgg
kuHHQFyWGRg/uGO7yw0To+unxOKMzFm3io2wBKQ5pkU6o8TTii3xDMbkyLpTrxrV
6EM4kl2IoavO9xKv+xEByh4tlL01hFsOcV1ODFIwz3kQH8G4MAw5Rw==
=Trxf
-----END PGP SIGNATURE-----
More information about the Dev
mailing list