tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Help_Structure_IPSec

>   Hello,
> I am a student engineer at network and telecommunications, I have a
> project on IPSec. I chose to work on NetBSD. But I have to change a
> part of the Kernel on IPSec.
> Can you help me in this project :
>  * Structure ipsec at NetBSD Kernel
>  * Architecture ipsec at NetBSD Kernel
>  * function calls when processing an IP packet
>  * Advice
>  * ...

They are currently two ipsec implementation of Ipsec in NetBSD. I will
only take about fast_ipsec. All the code is in sys/netipsec.

The ip input is done by the function ip_input (in sys/netinet/ip_input.c).
The processing of ipsec part is done by ipsec4_common_input
(sys/netipsec/ipsec_input.c). Check that the policy was correct is done by

On the output part, the ipsec part is in sys/netipsec/ipsec_output.c by
ipsec4_process_output, then reinject in ip_output

Protocol specific transformation are implemented in

I can answer to more precise question, but if you read this part of the
code, you may have some good overview of the way Ipsec works in NetBSD.


Arnaud Degroote
degroote at netbsd dot org

Home | Main Index | Thread Index | Old Index