Are there parameters for debugging and tuning the XFRM framework ? Regards, -sanjay
----------------------------------------------------- Please consider the environment before printing this email. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Martin Willi Sent: Monday, July 16, 2012 3:34 AM To: Chris Rogers Cc: [email protected] Subject: Re: [strongSwan] Path of Execution Hi Chris, > So over the past few weeks, I've been perusing through the StrongSwan > source, trying to get a better understanding of how a packet actually > gets encrypted, and then transmitted. > As of now, I'm only concerned with ESP. As Nagaraj already said, strongSwan itself does not process ESP packets. It negotiates security associations and installs them in the kernel. On Linux, this is usually done with Netlink. The XFRM framework in the kernel processes ESP packets, as explained by Nagaraj. > I'm still working in a *BSD environment On BSD, the configuration is done using the PF_KEY interface. The ESP packet processing takes place completely in the kernel, but I don't know much about the inner workings of the BSD networking stacks. > - What libraries are called first to initiate encryption? > - In BSD, Kernel-Pfkey is responsible for interfacing with the kernel, > but where are the calls to kernel level encryption functions? Probably depends on your *BSD, but it is all handled in the kernel. To understand the in-kernel packet flow of *BSD, they probably can help you better on their mailing list. Kind regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
