Date: Sat, 21 Jul 2001 09:46:33 +0200 From: Josef Pojsl <jp@tns.cz> To: "Carr, Ewan" <CarrE@logica.com> Cc: freebsd-security@freebsd.org Subject: Re: Racoon Message-ID: <20010721094633.A8914@ns.gnupg.cz> In-Reply-To: <9BF54A52E1DFD311BC1000D0B73EADFE043BFE6F@bell.logica.co.uk>; from CarrE@logica.com on Fri, Jul 20, 2001 at 03:29:45PM %2B0100 References: <9BF54A52E1DFD311BC1000D0B73EADFE043BFE6F@bell.logica.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Ewan, you may want to check the KAME project homepage (www.kame.net) as both racoon and IPsec in FreeBSD are instances of their IPv6/IPsec stack. Also, there is a very helpful mailing list, snap-users@kame.net (www.kame.net/snap-users/). On Fri, Jul 20, 2001 at 03:29:45PM +0100, Carr, Ewan wrote: > hi, > I have a few questions on racoon - any help > appreciated. I dont subscribe to the list so i would be grateful if you > cc and replies to carre@logica.com <mailto:carre@logica.com> too...cheers ! > > 1) According to the FreeBSD handboom racoon runs in user-space..does the SAD > exist in user-space too or is it in the kernel. In whatever situation is > there an API which > I can get at which accesses the SAD...I am interested because I am looking > at a > user-space implementation of a IPSec-like security protocol...so yeh..any > info on SAD structure/APIs would be great.. SADs are in kernel, they can be manipulated with setkey(8), racoon or any other application by means of libipsec. > 2) Is there any useful documentationn out there on racoon (configuration, > etc?). Failing > that any useful pointers would be good...ta ! Try http://www.kame.net/newsletter/20001119/ > 3) Can anyone provide any info on the mechanism by which IKE communicates > with > IPSec when, say, an SA doesnt exist and one has to be set up on-the-fly so > to speak.. There is man page for SPD manipulation in ipsec_set_policy(3) but AFAIK no for SAD manipulation. I would suggest looking at setkey source codes... Regards, Josef To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010721094633.A8914>