tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

RFC: ipsec(4) pseudo interface


We implement ipsec(4) pseudo interface for route-based VPNs. This pseudo
interface manages its security policy(SP) by itself, in particular, we do
    # ifconfig ipsec0 tunnel
the SPs " ->"(out) and " ->"(in) are
generated automatically and atomically. And then, when we do
    # ifconfig ipsec0 deletetunnel
the SPs are destroyed automatically and atomically, too.

Here is the patches and an unified patch.

By the way, I have one question. In the above patch(s), I temporarily add
manual for ipsecX pseudo interface as if_ipsec.4, because there is already
ipsec.4 for general ipsec protocol. How should I add the man of ipsec(4)
pseudo interface?
    (a) Add if_ipsec.4
    (b) move current ipsec.4(for ipsec protocol) to ipsec.9, and then
        add ipsec.4(for ipsec pseudo interface)
    (c) any other

Could you comment the patch or the question?


Internet Initiative Japan Inc.

Device Engineering Section,
IoT Platform Development Department,
Network Division,
Technology Unit


Home | Main Index | Thread Index | Old Index