From owner-freebsd-security Fri Jul 20 7:54:25 2001 Delivered-To: freebsd-security@freebsd.org Received: from ringworld.nanolink.com (ringworld.nanolink.com [195.24.48.39]) by hub.freebsd.org (Postfix) with SMTP id 92ADE37B403 for ; Fri, 20 Jul 2001 07:54:21 -0700 (PDT) (envelope-from roam@orbitel.bg) Received: (qmail 5388 invoked by uid 1000); 20 Jul 2001 14:58:26 -0000 Date: Fri, 20 Jul 2001 17:58:26 +0300 From: Peter Pentchev To: "Carr, Ewan" Cc: "'FreeBSD-Questions@FreeBSD.Org'" Subject: Re: Racoon Message-ID: <20010720175826.A5207@ringworld.oblivion.bg> Mail-Followup-To: "Carr, Ewan" , "'FreeBSD-Questions@FreeBSD.Org'" References: <9BF54A52E1DFD311BC1000D0B73EADFE043BFE6F@bell.logica.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <9BF54A52E1DFD311BC1000D0B73EADFE043BFE6F@bell.logica.co.uk>; from CarrE@logica.com on Fri, Jul 20, 2001 at 03:29:45PM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Jul 20, 2001 at 03:29:45PM +0100, Carr, Ewan wrote: > hi, > I have a few questions on racoon - any help > appreciated. I dont subscribe to the list so i would be grateful if you > cc and replies to carre@logica.com too...cheers ! > > 1) According to the FreeBSD handboom racoon runs in user-space..does the SAD > exist in user-space too or is it in the kernel. In whatever situation is > there an API which > I can get at which accesses the SAD...I am interested because I am looking > at a > user-space implementation of a IPSec-like security protocol...so yeh..any > info on SAD structure/APIs would be great.. The SAD itself is in the kernel, as documented by the ipsec(4) and setkey(8) FreeBSD manual pages. The most portable way to access it would be the setkey(8) utility, though if you really do need an API, you might want to take a look at the ipsec(4) manpage and the setkey(8) source, which resides in src/usr.sbin/setkey directory. > 2) Is there any useful documentationn out there on racoon (configuration, > etc?). Failing > that any useful pointers would be good...ta ! Check the mailing list archives, racoon is often discussed on this list. > 3) Can anyone provide any info on the mechanism by which IKE communicates > with > IPSec when, say, an SA doesnt exist and one has to be set up on-the-fly so > to speak.. I think you'll find most of what you need in the setkey(8) source. Hope that helps! G'luck, Peter PS. Oh, and btw, why have you addressed this message to a list with a name of "FreeBSD Questions" and an address of freebsd-security? :) -- This sentence was in the past tense. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message