"Michael H. Warfield" wrote:
> They may have one other thing in mind too... Once KLIPS is in the
> kernel, nothing is prohibiting someone else from porting ISKMP from
> BSD or anywhere else (once PFKEY2 is fully supported) to Linux.
Actually, you need more than PF-key v2. v2 does not handle policy and
IPSEC must, so extensions are required. Currently, FreeS/WAN, KAME and
Open BSD each have their own slightly different extensions.
> FreeSWAN
> is two parts. KLIPS (the kernel part) and PLUTO (IKE - the user space
> part). Porting ISKMP from OpenBSD to Linux is already been discussed.
I think it was actually done, for an older version of FreeS/WAN. There's
link in the WWWref.html doc file to a site in Scandinavia with the code.
What would, I think, be far more interesting would be a port of the BSD
photurisd(8). Since Linux ipsec_pluto(8) and BSD isakmpd(8) both
implement the same protocol, IKE, the payoff for a port in either
direction is not huge. Photuris, though, is a different protocol for
the same function, and a much cleaner design, so that would be a win.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Aug 07 2000 - 21:00:10 EST