Re: Help_Structure_IPSec

To: "M. Maachaoui" <m.maachaoui%gmail.com@localhost>
Subject: Re: Help_Structure_IPSec
From: adegroot%laas.fr@localhost
Date: Fri, 24 Apr 2009 11:43:27 +0200 (CEST)

>   Hello,
>
> I am a student engineer at network and telecommunications, I have a
> project on IPSec. I chose to work on NetBSD. But I have to change a
> part of the Kernel on IPSec.
> Can you help me in this project :
>
>  * Structure ipsec at NetBSD Kernel
>  * Architecture ipsec at NetBSD Kernel
>  * function calls when processing an IP packet
>  * Advice
>  * ...
>

They are currently two ipsec implementation of Ipsec in NetBSD. I will
only take about fast_ipsec. All the code is in sys/netipsec.

The ip input is done by the function ip_input (in sys/netinet/ip_input.c).
The processing of ipsec part is done by ipsec4_common_input
(sys/netipsec/ipsec_input.c). Check that the policy was correct is done by
ipsec_check_policy4.

On the output part, the ipsec part is in sys/netipsec/ipsec_output.c by
ipsec4_process_output, then reinject in ip_output
(sys/netinet/ip_output.c).

Protocol specific transformation are implemented in
sys/netipsec/xform_{ah,esp,ipcomp}.c.

I can answer to more precise question, but if you read this part of the
code, you may have some good overview of the way Ipsec works in NetBSD.

Regards,

--
Arnaud Degroote
degroote at netbsd dot org

Follow-Ups:
- Re: Help_Structure_IPSec
  - From: Hubert Feyrer

References:
- Help_Structure_IPSec
  - From: M. Maachaoui

Prev by Date: Help_Structure_IPSec
Next by Date: Re: Help_Structure_IPSec
Previous by Thread: Help_Structure_IPSec
Next by Thread: Re: Help_Structure_IPSec
Indexes:

Home | Main Index | Thread Index | Old Index