[Openswan dev] Relation between Security association and Security policy table in Linux2.6(Native IPSec Stack)

SaRaVanAn saravanan.nagarajan87 at gmail.com
Wed Nov 2 06:26:58 EDT 2011


Hi team,
    I need to know which parameter tells the kernel that "this particular
security policy correponds to this particular security association".
I could not able to track the common parameter between security polciy and
security association corresponds to a tunnel.

*Is it possible to explain how a SA is attached to SP?*

struct xfrm_usersa_info {
 struct xfrm_selector  sel;
 struct xfrm_id   id;
 xfrm_address_t   saddr;
 struct xfrm_lifetime_cfg lft;
 struct xfrm_lifetime_cur curlft;
 struct xfrm_stats  stats;
 uint32_t   seq;
 uint32_t   reqid;
 uint16_t   family;
 uint8_t    mode; /* 0=transport,1=tunnel */
 uint8_t    replay_window;
 uint8_t    flags;
#define XFRM_STATE_NOECN 1
#define XFRM_STATE_AF_UNSPEC 32
};

struct xfrm_userpolicy_info {
 struct xfrm_selector  sel;
 struct xfrm_lifetime_cfg lft;
 struct xfrm_lifetime_cur curlft;
 uint32_t   priority;
 uint32_t   index;
 uint8_t    dir;
 uint8_t    action;
#define XFRM_POLICY_ALLOW 0
#define XFRM_POLICY_BLOCK 1
 uint8_t    flags;
#define XFRM_POLICY_LOCALOK 1 /* Allow user to override global policy */
 uint8_t    share;
};

Regards,
Saravanan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/dev/attachments/20111102/0d1b2519/attachment.html 


More information about the Dev mailing list