Hi, Anil Maguluri <[email protected]> writes:
> I am new to the IPsec. I am trying to understand the Linux IPsec > architecture and current implementation. If you are not familiar with the theoretical aspects, you should start with RFC 4301 to get the big picture (concepts, vocabulary, ...). If you intend to spend time on dynamic keying (IKE), it may be worth looking at RFC 2367 too before (more to understand the sequence of events than anything else). > Please let me know any tutorial/doc is available for IPsec > architecture in Linux. Linux IPsec stack is implemented via Linux XFRM transformation framework (other main users are the routing cache and Mobile IPv6). There is not that much doc on the topic. The Linux kernel also provides two ways to communicate with the IPsec stack: via PF_KEY or via netlink (native access to XFRM). Anyway, You may find the following doc interesting before digging in the code: USAGI IPv6 IPsec Development for Linux : http://hiroshi1.hongo.wide.ad.jp/hiroshi/papers/SAINT2004_kanda-ipsec.pdf IPv6 IPsec and Mobile IPv6 implementation of Linux: http://ols.fedoraproject.org/OLS/Reprints-2006/miyazawa-reprint.pdf Linux IPv6 Networking: http://www.kernel.org/doc/ols/2003/ols2003-pages-507-523.pdf Linux IPv6 Stack Implementation Based on Serialized Data State Processing: http://hiroshi1.hongo.wide.ad.jp/hiroshi/papers/yoshifuji_Mar2004.pdf Side note: don't expect Linux IPsec stack to be fully in sync with what is in RFC 4301. It was developed before RFC 4301 was published. You may have to look at the old IPsec arch document: RFC 2401. Cheers, a+ _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
