Re: linux-ipsec: ESP_DES_HMAC_MD5_96 working, on to Device busy errors

On Wed, 8 Apr 1998, Richard Guy Briggs wrote:

> > Cool beans. How about 3DES-SHA1-96 ? I think the next step would be to

Hm. That's why after I have started to IDEA into linux-ipsec 0.7 and spotted OpenBSD implementation, I have found it easier to take their transforms code (which works like the one you are describing), rather than having to do all that rewriting.

>
> Once we start adding things that weren't there before then changes need

Hm. I have noticed that as well. Again, it was easier to keep the OpenBSD user space utils and changing the format of the /dev/ipsec messages to have the same format as the OpenBSD PF_ENCAP messages. Once you do that, you will have ipnsec-0.8. Then you will find you that you need to rewrite the eroute mechanism to include protocols and port numbers and that kind of stuff - and you'll get what's today ipnsec-0.82.

There is still a loooong way to go to reach OpenBSD full functionality - SPI expirations, statistics, quality of the kernfs (read: procfs) reports and mainly the integration to the rest of the IP stack.

If you look to 2.1.xx kernels, you will find that the hooks to drop in IPSec processing via the firewalling interface are part of the kernel code (no patches) and that seems to be the right way to go for the IPSec - Linux networking integration.

Petr Novak
ftp://ftp.eunet.cz/icz/ipnsec/ Received on Thu Apr 9 02:56:27 1998

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek