[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(usagi-users 03135) Re: [Ipsec-tools-devel] How to send additional data from kernel to racoon?

To: Aidas Kasparas <a.kasparas@xxxxxx>
Subject: (usagi-users 03135) Re: [Ipsec-tools-devel] How to send additional data from kernel to racoon?
From: Park Lee <parklee_sel@xxxxxxxxx>
Date: Sat, 20 Nov 2004 10:32:44 -0800 (PST)
Cc: ipsec-tools-devel@xxxxxxxxxxxxxxxxxxxxx, usagi-users@xxxxxxxxxxxxxx, ipsec@xxxxxxxxxxxxxxxxx
Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=3Z91elPwMdZY2Gh2H3oaQoJ6OboOgnPHPhM1wsceRlszvYAMo2jq3PRTRfRE47+xNpX5ED78rRI2H5L2z69Pc5JRD5OJC83tuUW6xivh6ETpoejJZIxF6fwkI729RWvYIFs+dM7eCp4/KmFiao188/wzWHwMeCfa7KELqPbXfpA= ;
In-reply-to: <419F8685.8040907@gmc.lt>
Reply-to: usagi-users@xxxxxxxxxxxxxx
Resent-date: Sun, 21 Nov 2004 10:14:43 +0900
Resent-from: sekiya@xxxxxxxxxxxxxx
Resent-message-id: <200411211014.FMLAAB27594.usagi-users@linux-ipv6.org>
Resent-to: usagi-users@xxxxxxxxxxxxxx (moderated)

On Sat, 20 Nov 2004 at 20:01, Aidas Kasparas wrote:

> Park, if you would tell us what's wrong with acquire it would be MUCH

> easier for us to suggest something sensible.

> I guess, you need separate IPSec SA for for every group of network

> objects with equal color code. Right?

Yes, that's what I want. Thanks.

>Then, I would:

> - add field for colorcoding into SA datastructure;
> - extend SA selection algorithm to include check for color code;
> - if kernel will not find appropriate SA, it will send ACQUIRE

> message, which has to be extended with required colorcode ant other

> info you need (most likely by adding KMPRIVATE extension);

But, In Appendix C: Key Management Private Data Extension(RFC2367), It says: The Key Management Private Data extension is attached to either an SADB_ADD or SADB_UPDATE message. It attaches a single piece of arbitrary data to a security association....

Then, Would you please tell me Can KMPRIVATE extension also be attached to SADB_ACQUIRE message?

> - extend racoon to understand that data and exchange it with peer.

> After successfull negotiation new SA will be added by racoon;

> - kernel will find that SA and use it for sending data to peer.
> If I'm answering the wrong question, please let us know what the

> question is.

Your answer is exactly what I want.

Thank you very much.

--
Best Regards,
Park Lee <parklee_sel@xxxxxxxxx>

Do you Yahoo!?
The all-new My Yahoo! ? Get yours free!

Follow-Ups:
- (usagi-users 03132) Re: [Ipsec-tools-devel] How to send additional data from kernel to racoon?
  - From: Aidas Kasparas

References:
- (usagi-users 03133) Re: [Ipsec-tools-devel] How to send additional data from kernel to racoon?
  - From: Aidas Kasparas

Prev by Date: (usagi-users 03134) Re: [Ipsec] Re: [Ipsec-tools-devel] How to send additional data from kernel to racoon?
Next by Date: (usagi-users 03136) Re: [Ipsec-tools-devel] How to send additional data from kernel to racoon?
Previous by thread: (usagi-users 03133) Re: [Ipsec-tools-devel] How to send additional data from kernel to racoon?
Next by thread: (usagi-users 03132) Re: [Ipsec-tools-devel] How to send additional data from kernel to racoon?
Index(es):
- Date
- Thread