From owner-freebsd-security Sat Jul 21 0:46:41 2001 Delivered-To: freebsd-security@freebsd.org Received: from ns.gnupg.cz (ns.gnupg.cz [193.165.192.251]) by hub.freebsd.org (Postfix) with ESMTP id BE6FE37B405 for ; Sat, 21 Jul 2001 00:46:34 -0700 (PDT) (envelope-from jp@tns.cz) Received: by ns.gnupg.cz (Postfix, from userid 1002) id AC7411B242; Sat, 21 Jul 2001 09:46:33 +0200 (CEST) Date: Sat, 21 Jul 2001 09:46:33 +0200 From: Josef Pojsl To: "Carr, Ewan" Cc: freebsd-security@freebsd.org Subject: Re: Racoon Message-ID: <20010721094633.A8914@ns.gnupg.cz> Mail-Followup-To: "Carr, Ewan" , freebsd-security@freebsd.org References: <9BF54A52E1DFD311BC1000D0B73EADFE043BFE6F@bell.logica.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <9BF54A52E1DFD311BC1000D0B73EADFE043BFE6F@bell.logica.co.uk>; from CarrE@logica.com on Fri, Jul 20, 2001 at 03:29:45PM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Ewan, you may want to check the KAME project homepage (www.kame.net) as both racoon and IPsec in FreeBSD are instances of their IPv6/IPsec stack. Also, there is a very helpful mailing list, snap-users@kame.net (www.kame.net/snap-users/). On Fri, Jul 20, 2001 at 03:29:45PM +0100, Carr, Ewan wrote: > hi, > I have a few questions on racoon - any help > appreciated. I dont subscribe to the list so i would be grateful if you > cc and replies to carre@logica.com too...cheers ! > > 1) According to the FreeBSD handboom racoon runs in user-space..does the SAD > exist in user-space too or is it in the kernel. In whatever situation is > there an API which > I can get at which accesses the SAD...I am interested because I am looking > at a > user-space implementation of a IPSec-like security protocol...so yeh..any > info on SAD structure/APIs would be great.. SADs are in kernel, they can be manipulated with setkey(8), racoon or any other application by means of libipsec. > 2) Is there any useful documentationn out there on racoon (configuration, > etc?). Failing > that any useful pointers would be good...ta ! Try http://www.kame.net/newsletter/20001119/ > 3) Can anyone provide any info on the mechanism by which IKE communicates > with > IPSec when, say, an SA doesnt exist and one has to be set up on-the-fly so > to speak.. There is man page for SPD manipulation in ipsec_set_policy(3) but AFAIK no for SAD manipulation. I would suggest looking at setkey source codes... Regards, Josef To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message