[Openswan Users] Regarding IPSec Implementation

Paul Wouters paul at xelerance.com
Wed Aug 24 11:29:42 EDT 2011


On Wed, 24 Aug 2011, SaRaVanAn wrote:

>   I have implemented IKE daemon in User space. I want to use crypto
> modules in IPSec kernel stack(KLIPS/Netkey) in order to implement the
> functionality of IPSec.  I don't have any idea on IPSec kernel Stack.
> I need you ppl guidance to identity things that needs to be modified
> in Kernel Stack.
> It would be grateful if you ppl provide me basic steps or interface
> API's from IKE to IPSec stack or design doc of IPSec implementation as
> it has been implemented in OpenSwan.
> It seems to be basic question but i need you guys help desperately in
> order to proceed further.

KLIPs follows the PFKEY API. Netkey is contacted via linux netlink.

To see how openswan's IKE daemon talks to the various kernel stacks, see
programs/pluto/kernel*

You will see kernel_pfkey/kernel_klips and kernel_netlink, and even a kernel_bsd
version.

Paul


More information about the Users mailing list