[strongSwan-dev] StrongSwan Implementation Modification
Martin Willi
martin at strongswan.org
Wed May 2 10:39:10 CEST 2012
Hello Nasir,
> 1- Security Policy Database: We want to modify the classes who access
> the database to reflect our own changes in the database.
> 2- ESP Header: We need to modify the ESP header.
> 3- We also need to modify the inbound and outbound processing as needed.
strongSwan itself provides the userland parts of the IPsec key exchange
(IKEv1 and IKEv2), but does not process the ESP packets nor maintain a
SPD.
These parts are usually handled by the (Linux) kernel. Using the Netkey
IPsec stack, this is done by XFRM (see net/xfrm/ in the Linux sources).
Unfortunately there is not much documentation, so you should start
having a look at these sources.
Regards
Martin
More information about the Dev
mailing list