[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(usagi-users 03117) Re: [Ipsec-tools-devel] Issue on add new items to security association
- To: Park Lee <parklee_sel@xxxxxxxxx>
- Subject: (usagi-users 03117) Re: [Ipsec-tools-devel] Issue on add new items to security association
- From: Aidas Kasparas <a.kasparas@xxxxxx>
- Date: Sun, 14 Nov 2004 13:43:56 +0200
- Cc: ipsec-tools-devel@xxxxxxxxxxxxxxxxxxxxx, usagi-users@xxxxxxxxxxxxxx, ipsec@xxxxxxxxxxxxxxxxx
- In-reply-to: <20041114055557.35952.qmail@web51504.mail.yahoo.com>
- References: <20041114055557.35952.qmail@web51504.mail.yahoo.com>
- Reply-to: usagi-users@xxxxxxxxxxxxxx
- Resent-date: Tue, 16 Nov 2004 16:38:50 +0900
- Resent-from: sekiya@xxxxxxxxxxxxxx
- Resent-message-id: <200411161638.FMLAAB5187.usagi-users@linux-ipv6.org>
- Resent-to: usagi-users@xxxxxxxxxxxxxx (moderated)
- User-agent: Mozilla Thunderbird 0.8 (X11/20040918)
Park Lee wrote:
Hi,
I'm using IPsec-tools as my user space tools for native IPsec of Linux
kernel 2.6.
Now, I need to add some items to security association (SA), Then, I add
those items to struct xfrm_state in include/net/xfrm.h.
After having done this, How can I initiate these new added items and
make them usable in the later process for packets?
Not sure what you claim to have done.
If you have kernel code which changes datastructures pointed out in my
previous message -- your changes must have effect on how your packets
are handled.
If you did that in userspace, then you have to inform kernel about
changes you wish. Currently, there are two interfaces for this --
netlink and pfkey. Code whichever you like more. If you need portability
to other OS'es -- go pfkey; if you need efficiency -- go netlink. If
you're extending some tool -- go whathever way your tool is using.
Need I make some changes to setkey or racoon in order to set values for
these new added items and thus build a valid SA? and How to make change?
--
Aidas Kasparas
IT administrator
GM Consult Group, UAB