Pantek Library

Hosting Provided By

CybrHost

High Speed Hosting

Re: [Design] IPSec in 2.5 Kernel?

From: Derek Atkins <derek(at)ihtfp.com>
Date: Wed Mar 19 2003 - 12:12:49 EST

Paul Wouters <paul@xtdnet.nl> writes:

> > Opportunistic Encryption has the potential to get large portions

I certainly understand the importance of OE, but as you said it is not high on my list. I've already got a working IKE, and that's already available in a few contexts (ipsec-tools.sourceforge.net).

I'm not sure what kernel hooks you need for OE. The existing code has the concept of "require ipsec" and "use ipsec"... Require means that no non-IPsec packets will be passed; Use means that IPsec will be used if an SA exists. I _believe_ that both Require and Use policies will signal IKE to start a negotiation, but I'd have to re-examine that code to verify.

My immediate priority is finishing the NAT-T implementation in IKE. However, patches for other features are certainly welcome.

-derek

-- 
       Derek Atkins
       Computer and Internet Security Consultant
       derek@ihtfp.com             www.ihtfp.com
_______________________________________________
Design mailing list
Design@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/design

Received on Wed Mar 19 13:44:24 2003

This message: [ Message body ]
Next message: Michael Richardson: "[Design] OE in IPv6"
Previous message: Derek Atkins: "Re: [Design] IPSec in 2.5 Kernel?"
In reply to Paul Wouters: "Re: [Design] IPSec in 2.5 Kernel?"
Next in thread: Michael Richardson: "Re: [Design] IPSec in 2.5 Kernel?"
Reply: Michael Richardson: "Re: [Design] IPSec in 2.5 Kernel?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:57 EDT

Do you need help?

Contact Us Legal Notices Order Services Online
Pantek Home Privacy Policy IT news Site Map Pantek Library