Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 21 Jul 2001 09:46:33 +0200
From:      Josef Pojsl <jp@tns.cz>
To:        "Carr, Ewan" <CarrE@logica.com>
Cc:        freebsd-security@freebsd.org
Subject:   Re: Racoon
Message-ID:  <20010721094633.A8914@ns.gnupg.cz>
In-Reply-To: <9BF54A52E1DFD311BC1000D0B73EADFE043BFE6F@bell.logica.co.uk>; from CarrE@logica.com on Fri, Jul 20, 2001 at 03:29:45PM %2B0100
References:  <9BF54A52E1DFD311BC1000D0B73EADFE043BFE6F@bell.logica.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help 
Ewan,

you may want to check the KAME project homepage (www.kame.net)
as both racoon and IPsec in FreeBSD are instances of their
IPv6/IPsec stack. Also, there is a very helpful mailing list,
snap-users@kame.net (www.kame.net/snap-users/).

On Fri, Jul 20, 2001 at 03:29:45PM +0100, Carr, Ewan wrote:
> hi,
> I have a few questions on racoon - any help
> appreciated. I dont subscribe to the list so i would be grateful if you
> cc and replies to carre@logica.com <mailto:carre@logica.com>  too...cheers !
>  
> 1) According to the FreeBSD handboom racoon runs in user-space..does the SAD
> exist in user-space too or is it in the kernel. In whatever situation is
> there an API which
> I can get at which accesses the SAD...I am interested because I am looking
> at a
> user-space implementation of a IPSec-like security protocol...so yeh..any
> info on SAD structure/APIs would be great..

SADs are in kernel, they can be manipulated with setkey(8), racoon or
any other application by means of libipsec.

> 2) Is there any useful documentationn out there on racoon (configuration,
> etc?). Failing
> that any useful pointers would be good...ta !

Try http://www.kame.net/newsletter/20001119/

> 3) Can anyone provide any info on the mechanism by which IKE communicates
> with
> IPSec when, say, an SA doesnt exist and one has to be set up on-the-fly so
> to speak..

There is man page for SPD manipulation in ipsec_set_policy(3) but AFAIK
no for SAD manipulation. I would suggest looking at setkey source codes...

Regards,
Josef

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010721094633.A8914>