[Openswan Users] Regarding IPSec Implementation
Paul Wouters
paul at xelerance.com
Wed Aug 24 11:29:42 EDT 2011
On Wed, 24 Aug 2011, SaRaVanAn wrote:
> I have implemented IKE daemon in User space. I want to use crypto
> modules in IPSec kernel stack(KLIPS/Netkey) in order to implement the
> functionality of IPSec. I don't have any idea on IPSec kernel Stack.
> I need you ppl guidance to identity things that needs to be modified
> in Kernel Stack.
> It would be grateful if you ppl provide me basic steps or interface
> API's from IKE to IPSec stack or design doc of IPSec implementation as
> it has been implemented in OpenSwan.
> It seems to be basic question but i need you guys help desperately in
> order to proceed further.
KLIPs follows the PFKEY API. Netkey is contacted via linux netlink.
To see how openswan's IKE daemon talks to the various kernel stacks, see
programs/pluto/kernel*
You will see kernel_pfkey/kernel_klips and kernel_netlink, and even a kernel_bsd
version.
Paul
More information about the Users
mailing list