[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(usagi-users 03149) Re: [Ipsec-tools-devel] Issues on calling racoon in Linux kernel 2.6

On Fri, 19 Nov 2004 at 08:52, Aidas Kasparas wrote:
>
> Park Lee wrote:
> >    Then, Where is the code in the source code of Linux kernel 2.6
> > to call racoon?
> > ......
>
> The code is at net/key/af_key.c . It implements PF_KEY protocol.
> Requests to establish a SA are sent to every program, which have
> open PF_KEY socket and requested to receive such requests. Basis
> for PF_KEY protocol is documented in RFC 2367, but linux kernel
> and racoon implement extended version of that spec (I don't know
> better documentation for extensions than source).
 
   In net/key/af_key.c, there is a function pfkey_send_acquire(). I think this function is used by kernel to send the PF_KEY SADB_ACQUIRE message to racoon. But, It seems that in kernel source there is no other functions who call this one.
    Then, How is pfkey_send_acquire() used by kernel? and Eventually How is  the SADB_ACQUIRE message sent by kernel in IPv4 when no security associations currently exist for IPsec to use? Is it begins in the xfrm_find_bundle() function which is called by xfrm_lookup() function (in net/xfrm/xfrm_policy.c)?
 
Thank you.


--
Best Regards,
Park Lee <parklee_sel@xxxxxxxxx>
 

Do you Yahoo!?
Meet the all-new My Yahoo! ? Try it today!