Date: Fri, 20 Jul 2001 17:58:26 +0300 From: Peter Pentchev <roam@orbitel.bg> To: "Carr, Ewan" <CarrE@logica.com> Cc: "'FreeBSD-Questions@FreeBSD.Org'" <FreeBSD-Security@FreeBSD.Org> Subject: Re: Racoon Message-ID: <20010720175826.A5207@ringworld.oblivion.bg> In-Reply-To: <9BF54A52E1DFD311BC1000D0B73EADFE043BFE6F@bell.logica.co.uk>; from CarrE@logica.com on Fri, Jul 20, 2001 at 03:29:45PM %2B0100 References: <9BF54A52E1DFD311BC1000D0B73EADFE043BFE6F@bell.logica.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jul 20, 2001 at 03:29:45PM +0100, Carr, Ewan wrote: > hi, > I have a few questions on racoon - any help > appreciated. I dont subscribe to the list so i would be grateful if you > cc and replies to carre@logica.com <mailto:carre@logica.com> too...cheers ! > > 1) According to the FreeBSD handboom racoon runs in user-space..does the SAD > exist in user-space too or is it in the kernel. In whatever situation is > there an API which > I can get at which accesses the SAD...I am interested because I am looking > at a > user-space implementation of a IPSec-like security protocol...so yeh..any > info on SAD structure/APIs would be great.. The SAD itself is in the kernel, as documented by the ipsec(4) and setkey(8) FreeBSD manual pages. The most portable way to access it would be the setkey(8) utility, though if you really do need an API, you might want to take a look at the ipsec(4) manpage and the setkey(8) source, which resides in src/usr.sbin/setkey directory. > 2) Is there any useful documentationn out there on racoon (configuration, > etc?). Failing > that any useful pointers would be good...ta ! Check the mailing list archives, racoon is often discussed on this list. > 3) Can anyone provide any info on the mechanism by which IKE communicates > with > IPSec when, say, an SA doesnt exist and one has to be set up on-the-fly so > to speak.. I think you'll find most of what you need in the setkey(8) source. Hope that helps! G'luck, Peter PS. Oh, and btw, why have you addressed this message to a list with a name of "FreeBSD Questions" and an address of freebsd-security? :) -- This sentence was in the past tense. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010720175826.A5207>