Akhil Jain wrote:
> Hi ,
> 
> I read somewhere that :
> IPsec will be loaded if  /etc/inet/ipsecinit.conf exists. And in my system 
> this file doesn't exist. So Just wanted to confirm that IPsec is running or 
> not. Please help.

By saying 'IPsec will be loaded' I guess you mean the IPsec kernel 
modules to be linked and loaded into kernel space. If you touch PF_KEY 
or PF_POLICY socket this will make the modules to be loaded, yes.

> Moreover when i did modinfo | grep ipsec then it shows:
> 102 7bada000   68a0 141   1  ipsecesp (IPsec ESP STREAMS driver 1.14)
> 102 7bada000   68a0   -   1  ipsecesp (IPsec ESP STREAMS module 1.14)
> 103  1344660   e270 140   1  ipsecah (IPsec AH STREAMS driver 1.14)
> 103  1344660   e270   -   1  ipsecah (IPsec AH STREAMS module 1.14)
> 
> But when i captured IP packets with help of snoop they didn't have any AH or 
> ESP header in them.
> 
> So is it a possibility that IPSec modules are loaded in kernel but still not 
> running ?

IPsec processing is only done on packets matching the configured policy 
(global or per-port).


v.

Reply via email to