tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Help_Structure_IPSec



>   Hello,
>
> I am a student engineer at network and telecommunications, I have a
> project on IPSec. I chose to work on NetBSD. But I have to change a
> part of the Kernel on IPSec.
> Can you help me in this project :
>
>  * Structure ipsec at NetBSD Kernel
>  * Architecture ipsec at NetBSD Kernel
>  * function calls when processing an IP packet
>  * Advice
>  * ...
>

They are currently two ipsec implementation of Ipsec in NetBSD. I will
only take about fast_ipsec. All the code is in sys/netipsec.

The ip input is done by the function ip_input (in sys/netinet/ip_input.c).
The processing of ipsec part is done by ipsec4_common_input
(sys/netipsec/ipsec_input.c). Check that the policy was correct is done by
ipsec_check_policy4.

On the output part, the ipsec part is in sys/netipsec/ipsec_output.c by
ipsec4_process_output, then reinject in ip_output
(sys/netinet/ip_output.c).

Protocol specific transformation are implemented in
sys/netipsec/xform_{ah,esp,ipcomp}.c.

I can answer to more precise question, but if you read this part of the
code, you may have some good overview of the way Ipsec works in NetBSD.

Regards,

--
Arnaud Degroote
degroote at netbsd dot org





Home | Main Index | Thread Index | Old Index