Hi,
I'm learning native IPsec in Linux kernel 2.6. and use IPsec-Tools as
my user-space tools.
In net/key/af_key.c, there are something about PF_KEY as follows:
static struct xfrm_mgr pfkeyv2_mgr =
{
.id = "pfkeyv2",
.notify = pfkey_send_notify,
.acquire = pfkey_send_acquire,
.compile_policy = pfkey_compile_policy,
.new_mapping = pfkey_send_new_mapping,
};
static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t,
struct xfrm_policy *xp, int dir)
In net/xfrm/xfrm_user.c, there are also something about Netlink as
follows:
static struct xfrm_mgr netlink_mgr = {
.id = "netlink",
.notify = xfrm_send_state_notify,
.acquire = xfrm_send_acquire,
.compile_policy = xfrm_compile_policy,
.notify_policy = xfrm_send_policy_notify,
};
static int xfrm_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *xt,
struct xfrm_policy *xp, int dir)
Then, when kernel send a message to racoon for setting up a SA, What
interface(i.e. PF_KEY or Netlink) indeed is used to send such a
message? (i.e. Does it use pfkey_send_acquire() or
xfrm_send_acquire()? ) .. if both r used can u tell me the situation
where one or the othere is used..
And, What is the relationship between PF_KEY and Netlink in Linux
kernel, when we use IPsec?
plzz help me i m stuck at a place where i dont know anyone who can help me..
Thank you.
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
