From owner-freebsd-net@FreeBSD.ORG  Sat Aug  4 16:42:33 2007
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9217316A417
	for <freebsd-net@freebsd.org>; Sat,  4 Aug 2007 16:42:33 +0000 (UTC)
	(envelope-from adityaa.kiran@gmail.com)
Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.179])
	by mx1.freebsd.org (Postfix) with ESMTP id 7A90513C45E
	for <freebsd-net@freebsd.org>; Sat,  4 Aug 2007 16:42:33 +0000 (UTC)
	(envelope-from adityaa.kiran@gmail.com)
Received: by wa-out-1112.google.com with SMTP id k17so1314813waf
	for <freebsd-net@freebsd.org>; Sat, 04 Aug 2007 09:42:33 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta;
	h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references;
	b=iW9LadWgyYa7rcfN4nAclqHibGMb3U+5QH7edV7x3u0z0Sdwuu7EUtO5yIKhdc/UFzFSiJ4wbBECyyzSI2eG06lIr/k16TSyprQDhYEZrgYPwnnlCOqpeOYWYXdd3LZDgbx8l/OX5A/CDqsMFmL5jpUUGxi0758On0G9bsKH7to=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta;
	h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references;
	b=PdW2+xKtwHGf0a5+zLWg4O42T80wqVmVuyGZ0drqWG1Ka56ksmWH4PuGLIOka7vgPBt4DpfN5WnbnFQnaFTOmrELfUe5REd4ULdGJ7yKSH1gslj29UHPmU10teSLkDbapQ49QLd2Hr1jhPCDL0tZrYeTS4tknV2KJuive1rlHR8=
Received: by 10.114.27.20 with SMTP id a20mr4048752waa.1186245752973;
	Sat, 04 Aug 2007 09:42:32 -0700 (PDT)
Received: by 10.114.72.3 with HTTP; Sat, 4 Aug 2007 09:42:32 -0700 (PDT)
Message-ID: <994cd1cf0708040942p4dc6486ar1c333571bddfcc4c@mail.gmail.com>
Date: Sat, 4 Aug 2007 22:12:32 +0530
From: "aditya kiran" <adityaa.kiran@gmail.com>
To: blue <susan.lan@zyxel.com.tw>
In-Reply-To: <46A7E70E.70204@zyxel.com.tw>
MIME-Version: 1.0
References: <994cd1cf0707251039j7eaf167fh5851fc979ee2b60@mail.gmail.com>
	<46A7E70E.70204@zyxel.com.tw>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: freebsd-net@freebsd.org
Subject: Re: Ipsec - PF_KEY and set_policy
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Aug 2007 16:42:33 -0000

HI Blue,
Thanks a lot for this info.. It helped me in understanding the difference..
Thanks,
Adityaa


On 7/26/07, blue <susan.lan@zyxel.com.tw> wrote:
>
> As far as I know, setkey is used for IPsec SP and SA configuration.
> ipsec_set_policy() could transfer a string to "policy request", which is
> defined in RFC 2367 PF_KEY. Internally, setkey() will call
> ipsec_set_policy() to construct the message then send it down to the
> kernel. However, ipsec_set_policy() is used only for SP, not SA.
>
> blue
>
> aditya kiran wrote:
>
> > Hi,
> > I was just trying to understand PF_KEY interface for ipsec settings. So,
> > setkey uses it to do that. but i could find another  system call -
> > ipsec_set_policy. Could any body let me know why there are two
> > interfaces to
> > configure ipsec?
> > Thanks,
> > Aditya
> > _______________________________________________
> > freebsd-net@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-net
> > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
> >
>
>