[prev in list] [next in list] [prev in thread] [next in thread]
List: ipsec
Subject: Re: [Ipsec] How to send additional data from kernel to racoon?
From: Dan McDonald <danmcd () east ! sun ! com>
Date: 2004-11-20 23:29:12
Message-ID: 20041120232912.GE577 () everywhere ! eng ! sun ! com
[Download RAW message or body]
Ahhh, here's the original...
On Sat, Nov 20, 2004 at 09:18:39AM -0800, Park Lee wrote:
> Hi,
> I'm using racoon of IPsec-Tools to automately set up SA for native IPsec
> in Linux kernel 2.6. Now, I'm doing some research on IPsec. Here in
> kernel space, I've acquired some data (These data have nothing with the
> original IPsec, It's merely some data I got in the kernel space). What I
> want to do is to send these data from kernel to racoon before racoon
> begins its negotiation. and thus when racoon begins the negotiation, it
> can also send these data to its peer when setting up a SA (i.e. when
> racoon finish its work, these data should also be included in the SA on
> both sides for later use). > I've looked through the RFC2367 (PF_KEY
> Key Management API, Version 2), But it seems that the messages, such as
> SADB_ACQUIRE, are unsuitable to carry my data from kernel to racoon. How
> to acheive this? Could you please give me some hints?
... but what sort of data is this? Obviously it's something to be shared on
the wire during a negotiation, so you may wish to augment the ACQUIRE message
with an sadb_x_<foo>_t extension of some sort.
Dan
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic