Aidas Kasparas wrote:
Jeremy Jackson wrote:
Hi,
I'm looking for a way to set IPSEC policy per-socket; a quick trawl
throught the kernel source shows IP_IPSEC_POLICY (ie PF_KEY) isn't
implemented (per socket), but rather only the native Linux
IP_XFRM_POLICY sockopt.
ipsec-tools don't use it, in fact I can't find one single piece of code,
or userspace library, or documentation on the net. Can anyone point me
in the right direction?
ipsec-tools do set policies per socket for every racoon's isakmp socket.
See setsockopt_bypass()@src/racoon/sockmisc.c
Thanks, but it seems that this is using IP_IPSEC_POLICY, which isn't
suported from user level code, only PFKEYv2 sockets, which require
CAP_NET_ADMIN, AFAICS
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
