[Openswan dev] Some question about the ipsec tunnel interface

Paul Wouters paul at xelerance.com
Wed Jun 4 09:28:27 EDT 2008


On Wed, 4 Jun 2008, ??? wrote:

> 1.which part of the code is designed to decide which connection (or SA )to
> use and which part is to trigger the establishment of SA if it do not exist?
> 2. what the functionality of function of ipsec_findroute() and the
> structure  eroute?
> 3.KLIPS is only designed for IPv4 ? As many data structure are only for
> IPv4.

You will want to use the NETKEY IPsec stack, not the KLIPS IPsec stack,
if you want to use IPv6. NETKEY is part of the linux kernel, and its
functions are called in program/pluto/kernel_netlink.c

> My task is to transport  the IPv4 packet by IPv6 IPsec tunnel . When I
> receive the packet , I need to determine  which  connection(or SA)will bei
> used to tunnel the ipv4 packet (in sk_buff ). Can anyone give me any idea or
> suggestion about my task?  Thank you .

If you have an ipv6-ipv6 tunnel, can you not send ipv4-in-ipv6 packets
over that tunnel?

Paul


More information about the Dev mailing list