Hi Chris, > So over the past few weeks, I've been perusing through the StrongSwan > source, trying to get a better understanding of how a packet actually > gets encrypted, and then transmitted.
> As of now, I'm only concerned with ESP. As Nagaraj already said, strongSwan itself does not process ESP packets. It negotiates security associations and installs them in the kernel. On Linux, this is usually done with Netlink. The XFRM framework in the kernel processes ESP packets, as explained by Nagaraj. > I'm still working in a *BSD environment On BSD, the configuration is done using the PF_KEY interface. The ESP packet processing takes place completely in the kernel, but I don't know much about the inner workings of the BSD networking stacks. > - What libraries are called first to initiate encryption? > - In BSD, Kernel-Pfkey is responsible for interfacing with the kernel, > but where are the calls to kernel level encryption functions? Probably depends on your *BSD, but it is all handled in the kernel. To understand the in-kernel packet flow of *BSD, they probably can help you better on their mailing list. Kind regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
