Re: Question about IP tunnel

Richard Guy Briggs (rgb@conscoop.ottawa.on.ca)
Mon, 5 Jul 1999 15:47:15 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Vedran Rodic: "Anybody doing i386 S3 (Trio64) frame buffer video device driver?"
Previous message: Jens Axboe: "Re: ejecting a mounted CD (linux 2.2.10; vmware 1.02)"

-----BEGIN PGP SIGNED MESSAGE-----

> Hi,
>
> I'm a graduate student doing something about IP security. To implement a
> security gateway using Linux, I'm reading 'new_tunnel.c' by Sam
> Lantinga, and want to rewrite it to implement IPSec tunneling.

Why not grab FreeS/WAN? It already does most of this with the same
origins. <http://www.xs4all.nl/~freeswan>

> There are 3 question about the new_tunnel.c:
> 1.In tunnel_xmit():
> rt=ip_rt_route(iph->daddr,0,);
> if(rt->rt_flags & RTF_GATEWAY)
> target=rt->rt_gateway; /* Question: When the
> rt->rt_flags & RTF_GATEWAY is true? */
> /* In other words, by what configuration this
> condition will meet? Can u give examples?*/
> else
> target=dev->pa_dstaddr;
> 2.As the example gaven by README.tunnel, the normal procedure to
> configure tunnel is as below:
> #ifconfig tunl0 202.115.6.1 pointopoint 202.115.5.1
> #route add 202.115.5.1 dev eth0
> #route add -net 202.115.5.0 dev tunl0
> So, all IP packets from 202.115.6.1to 202.115.5.x, but 202.115.5.1 will
> be encapsulated. If I also need to encapsulate packet from 202.115.6.1
> to 202.115.5.1, what should I do? (to implement security gateway).
> 3. Is new_tunnel.c a right place to implement IP ESP tunneling? or,
> other places as ip_forward be better?
>
> Thanks for any suggestion from you.
> Chen l.

slainte mhath, RGB
- --
Canadians teams win 3 of top 10 in Sunrayce '99! - <www.sunrayce.com/sunrayce/>
Richard Guy Briggs -- PGP key available Auto-Free Ottawa! Canada
<http://www.conscoop.ottawa.on.ca/rgb/> </www.flora.org/afo/>
Prevent Internet Wiretapping! -- FreeS/WAN:<www.xs4all.nl/~freeswan>
Thanks for voting Green! -- <green.ca> Marillion:<www.marillion.co.uk>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBN4ELwd+sBuIhFagtAQEsKgQAjDtoM2oh5l+9J0HeGLCrHl3xTZ4gUwRp
UuzOWsJsdLiIg0bCie5VKpZ5wAw8FXFIoFSFLpo5mo2GbaSDG2nyQBH/xGElL3Lh
n2+zgEt5/NhNLbJC0vM/N2+IYGLie9cZrPyrete+/PQCiUzWGeiHKFFEB41P29MM
/AujAzWuMCQ=
=MKzW
-----END PGP SIGNATURE-----

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Vedran Rodic: "Anybody doing i386 S3 (Trio64) frame buffer video device driver?"
Previous message: Jens Axboe: "Re: ejecting a mounted CD (linux 2.2.10; vmware 1.02)"