[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(usagi-users 03115) Re: [Ipsec-tools-devel] Where are SAD and SPD stored?

To: Park Lee <parklee_sel@xxxxxxxxx>
Subject: (usagi-users 03115) Re: [Ipsec-tools-devel] Where are SAD and SPD stored?
From: Aidas Kasparas <a.kasparas@xxxxxx>
Date: Sun, 14 Nov 2004 13:30:07 +0200
Cc: ipsec-tools-devel@xxxxxxxxxxxxxxxxxxxxx, usagi-users@xxxxxxxxxxxxxx, ipsec@xxxxxxxxxxxxxxxxx
In-reply-to: <20041114075742.75705.qmail@web51502.mail.yahoo.com>
References: <20041114075742.75705.qmail@web51502.mail.yahoo.com>
Reply-to: usagi-users@xxxxxxxxxxxxxx
Resent-date: Tue, 16 Nov 2004 16:32:48 +0900
Resent-from: sekiya@xxxxxxxxxxxxxx
Resent-message-id: <200411161632.FMLAAB5141.usagi-users@linux-ipv6.org>
Resent-to: usagi-users@xxxxxxxxxxxxxx (moderated)
User-agent: Mozilla Thunderbird 0.8 (X11/20040918)

Park Lee wrote:

I know that in native IPsec of Linux kernel 2.6, security association and security policy are stored in SAD and SPD respectively, But where are SAD and SPD themself stored in Linux kernel 2.6?

There is no explicit ipsec SAD and SPD in Linux kernel. Security policies are converted to general policies and stored in xfrm_policy_list array of lists. Semantics of xfrm policies and ipsec policies described in RFC slightly differ, so there is no 1:1 mapping between the two. Security associations are stored in complex datastructure, headed in xfrm_state_by{dst|spi} arrays.


--
Aidas Kasparas
IT administrator
GM Consult Group, UAB

Prev by Date: (usagi-users 03112) Re: ipv6_addr_cmp performance patch
Next by Date: (usagi-users 03117) Re: [Ipsec-tools-devel] Issue on add new items to security association
Previous by thread: (usagi-users 03111) Configuring IPv4-in-IPv6 tunnels
Next by thread: (usagi-users 03117) Re: [Ipsec-tools-devel] Issue on add new items to security association
Index(es):
- Date
- Thread