Hi, > 1. IP Sec interface:- > Provides a mechanism to interface with the kernel through XFRM sockets > to update SPD and SADs.
Yes, the ipsec interface manages IPsec policies and SAs. We have implementations for the Linux specific XFRM netlink interface and the more generic PF_KEY interface. > 2. Net Interface:- > We do not understand the requirement for this interface. The IKE daemon needs to query and configure additional networking specific resources in the kernel. For example, the net interface is used to query interface, address and routing information (mainly for MOBIKE), install additional routes to handle traffic properly in IPsec and install IP addresses received via configuration payloads. > a. Why is net interface required by the IKEv2 stack? Yes, the net interface is required for the IKE daemon, it queries information and install routes and addresses. > b. If we compile out net interface, would it impact the IKEv2 > functionality in any way. Yes, you might grep through the code to find out where these net interface functions are used. > c. Can you refer us to any documentation that explains the intent of > using net interface in the StrongSwan stack to us? The net interface definition at [1] should give you a broad overview to see for what it is needed. Regards Martin [1]http://wiki.strongswan.org/repositories/entry/strongswan/src/charon/kernel/kernel_net.h _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
