(usagi-users 03151) Issue on PF_KEY vs. Netlink interface

[Park Lee <parklee_sel@xxxxxxxxx>]

Hi,
    I'm learning native IPsec in Linux kernel 2.6. and use IPsec-Tools as my user-space tools.
    In net/key/af_key.c, there are something about PF_KEY as follows:

static struct xfrm_mgr pfkeyv2_mgr =
{
        .id             = "pfkeyv2",
        .notify         = pfkey_send_notify,
        .acquire        = pfkey_send_acquire,        
 .compile_policy = pfkey_compile_policy,
        .new_mapping    = pfkey_send_new_mapping,
};

static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *xp, int dir)

   

     In net/xfrm/xfrm_user.c, there are also something about Netlink as follows:

static struct xfrm_mgr netlink_mgr = {
        .id             = "netlink",
        .notify         = xfrm_send_state_notify,
        .acquire        = xfrm_send_acquire,
        .compile_policy = xfrm_compile_policy,
        .notify_policy  = xfrm_send_policy_notify,
};

static int xfrm_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *xt,
                             struct xfrm_policy *xp, int dir)

   

     Then, when kernel send a message to racoon for setting up a SA, What interface(i.e. PF_KEY or Netlink) indeed is used to send such a message? (i.e. Does it use pfkey_send_acquire() or xfrm_send_acquire()? )
    And, What is the relationship between PF_KEY and Netlink in Linux kernel, when we use IPsec?

 

    Thank you.

 

--
Best Regards,
Park Lee <parklee_sel@xxxxxxxxx>

 

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com