RFC: ipsec(4) pseudo interface

To: tech-kern%NetBSD.org@localhost, tech-net%netbsd.org@localhost
Subject: RFC: ipsec(4) pseudo interface
From: Kengo NAKAHARA <k-nakahara%iij.ad.jp@localhost>
Date: Mon, 18 Dec 2017 18:49:44 +0900

Hi,

We implement ipsec(4) pseudo interface for route-based VPNs. This pseudo
interface manages its security policy(SP) by itself, in particular, we do
    # ifconfig ipsec0 tunnel 10.0.0.1 10.0.0.2
the SPs "10.0.0.1 -> 10.0.0.2"(out) and "10.0.0.2 -> 10.0.0.1"(in) are
generated automatically and atomically. And then, when we do
    # ifconfig ipsec0 deletetunnel
the SPs are destroyed automatically and atomically, too.

Here is the patches and an unified patch.
    http://netbsd.org/~knakahara/if_ipsec/if_ipsec.tgz
    http://netbsd.org/~knakahara/if_ipsec/if_ipsec-unified.patch

By the way, I have one question. In the above patch(s), I temporarily add
manual for ipsecX pseudo interface as if_ipsec.4, because there is already
ipsec.4 for general ipsec protocol. How should I add the man of ipsec(4)
pseudo interface?
    (a) Add if_ipsec.4
    (b) move current ipsec.4(for ipsec protocol) to ipsec.9, and then
        add ipsec.4(for ipsec pseudo interface)
    (c) any other

Could you comment the patch or the question?


Thanks,

-- 
//////////////////////////////////////////////////////////////////////
Internet Initiative Japan Inc.

Device Engineering Section,
IoT Platform Development Department,
Network Division,
Technology Unit

Kengo NAKAHARA <k-nakahara%iij.ad.jp@localhost>

Follow-Ups:
- Re: RFC: ipsec(4) pseudo interface
  - From: Thor Lancelot Simon
- Re: RFC: ipsec(4) pseudo interface
  - From: Joerg Sonnenberger

Prev by Date: Re: struct ifnet locking [was Re: IFEF_MPSAFE]
Next by Date: Re: RFC: ipsec(4) pseudo interface
Previous by Thread: possible bug in in_l2tp_match
Next by Thread: Re: RFC: ipsec(4) pseudo interface
Indexes:

Home | Main Index | Thread Index | Old Index