Jeremy Jackson wrote:Thanks, but it seems that this is using IP_IPSEC_POLICY, which isn't suported from user level code, only PFKEYv2 sockets, which require CAP_NET_ADMIN, AFAICS
I'm looking for a way to set IPSEC policy per-socket; a quick trawl
throught the kernel source shows IP_IPSEC_POLICY (ie PF_KEY) isn't
implemented (per socket), but rather only the native Linux
ipsec-tools don't use it, in fact I can't find one single piece of code,
or userspace library, or documentation on the net. Can anyone point me
in the right direction?
ipsec-tools do set policies per socket for every racoon's isakmp socket.