Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 20 Jul 2001 17:58:26 +0300
From:      Peter Pentchev <roam@orbitel.bg>
To:        "Carr, Ewan" <CarrE@logica.com>
Cc:        "'FreeBSD-Questions@FreeBSD.Org'" <FreeBSD-Security@FreeBSD.Org>
Subject:   Re: Racoon
Message-ID:  <20010720175826.A5207@ringworld.oblivion.bg>
In-Reply-To: <9BF54A52E1DFD311BC1000D0B73EADFE043BFE6F@bell.logica.co.uk>; from CarrE@logica.com on Fri, Jul 20, 2001 at 03:29:45PM %2B0100
References:  <9BF54A52E1DFD311BC1000D0B73EADFE043BFE6F@bell.logica.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, Jul 20, 2001 at 03:29:45PM +0100, Carr, Ewan wrote:
> hi,
> I have a few questions on racoon - any help
> appreciated. I dont subscribe to the list so i would be grateful if you
> cc and replies to carre@logica.com <mailto:carre@logica.com>  too...cheers !
>  
> 1) According to the FreeBSD handboom racoon runs in user-space..does the SAD
> exist in user-space too or is it in the kernel. In whatever situation is
> there an API which
> I can get at which accesses the SAD...I am interested because I am looking
> at a
> user-space implementation of a IPSec-like security protocol...so yeh..any
> info on SAD structure/APIs would be great..

The SAD itself is in the kernel, as documented by the ipsec(4) and
setkey(8) FreeBSD manual pages.  The most portable way to access it
would be the setkey(8) utility, though if you really do need an API,
you might want to take a look at the ipsec(4) manpage and the setkey(8)
source, which resides in src/usr.sbin/setkey directory.

> 2) Is there any useful documentationn out there on racoon (configuration,
> etc?). Failing
> that any useful pointers would be good...ta !

Check the mailing list archives, racoon is often discussed on this list.

> 3) Can anyone provide any info on the mechanism by which IKE communicates
> with
> IPSec when, say, an SA doesnt exist and one has to be set up on-the-fly so
> to speak..

I think you'll find most of what you need in the setkey(8) source.

Hope that helps!

G'luck,
Peter

PS. Oh, and btw, why have you addressed this message to a list with
a name of "FreeBSD Questions" and an address of freebsd-security? :)

-- 
This sentence was in the past tense.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010720175826.A5207>