Hi, I have some more doubts please help.
We are using strongswan for implementation of IKEv2 on QNX operating system. We do not want to use the MOBIKE. If IP address changes while there are security associations established by IKEv2 stack in strongswan:- 1. How does the stack know of the change in the IP address? 2. Does the stack listen to such events from the kernel? If yes, could you point us to the location in the stack that listens to kernel for such events? We studied the kernel-netlink code for the same, but could not find any function that listened to the kernel for changes in IP address etc. Thanks in advance for your help. Vivek Bairathi On 6/26/09, Martin Willi <mar...@strongswan.org> wrote: > Hi, > >> 1. IP Sec interface:- >> Provides a mechanism to interface with the kernel through XFRM sockets >> to update SPD and SADs. > > Yes, the ipsec interface manages IPsec policies and SAs. We have > implementations for the Linux specific XFRM netlink interface and the > more generic PF_KEY interface. > >> 2. Net Interface:- >> We do not understand the requirement for this interface. > > The IKE daemon needs to query and configure additional networking > specific resources in the kernel. For example, the net interface is used > to query interface, address and routing information (mainly for MOBIKE), > install additional routes to handle traffic properly in IPsec and > install IP addresses received via configuration payloads. > >> a. Why is net interface required by the IKEv2 stack? > > Yes, the net interface is required for the IKE daemon, it queries > information and install routes and addresses. > >> b. If we compile out net interface, would it impact the IKEv2 >> functionality in any way. > > Yes, you might grep through the code to find out where these net > interface functions are used. > >> c. Can you refer us to any documentation that explains the intent of >> using net interface in the StrongSwan stack to us? > > The net interface definition at [1] should give you a broad overview to > see for what it is needed. > > Regards > Martin > > [1]http://wiki.strongswan.org/repositories/entry/strongswan/src/charon/kernel/kernel_net.h > > _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
