[prev in list] [next in list] [prev in thread] [next in thread]
List: ipsec
Subject: [Ipsec] Re: [Ipsec-tools-devel] Issues on calling racoon in Linux
From: Park Lee <parklee_sel () yahoo ! com>
Date: 2004-11-25 14:49:50
Message-ID: 20041125144950.17099.qmail () web51509 ! mail ! yahoo ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
On Fri, 19 Nov 2004 at 08:52, Aidas Kasparas wrote:
>
> Park Lee wrote:
> > Then, Where is the code in the source code of Linux kernel 2.6
> > to call racoon?
> > ......
>
> The code is at net/key/af_key.c . It implements PF_KEY protocol.
> Requests to establish a SA are sent to every program, which have
> open PF_KEY socket and requested to receive such requests. Basis
> for PF_KEY protocol is documented in RFC 2367, but linux kernel
> and racoon implement extended version of that spec (I don't know
> better documentation for extensions than source).
In net/key/af_key.c, there is a function pfkey_send_acquire(). I think this \
function is used by kernel to send the PF_KEY SADB_ACQUIRE message to racoon. But, It \
seems that in kernel source there is no other functions who call this one. Then, \
How is pfkey_send_acquire() used by kernel? and Eventually How is the SADB_ACQUIRE \
message sent by kernel in IPv4 when no security associations currently exist for \
IPsec to use? Is it begins in the xfrm_find_bundle() function which is called by \
xfrm_lookup() function (in net/xfrm/xfrm_policy.c)?
Thank you.
--
Best Regards,
Park Lee <parklee_sel@yahoo.com>
---------------------------------
Do you Yahoo!?
Meet the all-new My Yahoo! – Try it today!
[Attachment #5 (text/html)]
<DIV>On Fri, 19 Nov 2004 at 08:52, Aidas Kasparas wrote:<BR>><BR>> Park Lee \
wrote:<BR>> > Then, Where is the code in the source code of \
Linux kernel 2.6 </DIV> <DIV>> > to call racoon?<BR>> > \
......<BR>> <BR>> The code is at net/key/af_key.c . It implements PF_KEY \
protocol. <BR>> Requests to establish a SA are sent to every program, which have \
</DIV> <DIV>> open PF_KEY socket and requested to receive such requests. \
Basis </DIV> <DIV>> for PF_KEY protocol is documented in RFC 2367, but linux \
kernel </DIV> <DIV>> and racoon implement extended version of that spec (I \
don't know </DIV> <DIV>> better documentation for extensions than \
source).<BR> <BR> In net/key/af_key.c, there is a function \
pfkey_send_acquire(). I think this function is used by kernel to send the PF_KEY \
SADB_ACQUIRE message to racoon. But, It seems that in kernel source there is no other \
functions who call this one. <BR> Then, How is pfkey_send_acquire() \
used by kernel? and Eventually How is the SADB_ACQUIRE message sent by kernel \
in IPv4 when no security associations currently exist for IPsec to use? Is it begins \
in the xfrm_find_bundle() function which is called by xfrm_lookup() function (in \
net/xfrm/xfrm_policy.c)? </DIV> <DIV> </DIV>
<DIV>Thank you.<BR></DIV><BR><BR><DIV>
<DIV>
<DIV>
<DIV>
<DIV>
<DIV>--<BR>Best Regards,<BR>Park Lee <<A \
href="http://us.f515.mail.yahoo.com/ym/Compose?To=parklee_sel@yahoo.com&YY=1156&p;order=down&sort=date&pos=0"><FONT \
color=#003399>parklee_sel@yahoo.com</FONT></A>> </DIV> \
<DIV> </DIV></DIV></DIV></DIV></DIV></DIV><p> <hr size=1>Do you Yahoo!?<br>
Meet the <a href="http://my.yahoo.com">all-new My Yahoo!</a> – Try it today!
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic