<html><body><div style="color:#000; background-color:#fff; font-family:lucida console, sans-serif;font-size:12pt"><div><font face="Times New Roman">
</font></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>Hi All,<o:p></o:p></span></div><div><font face="Times New Roman">
</font></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>What I understand, the libhydra library contains daemon-specific code and plugins
used by the Charon daemon. The kernel_ipsec_t structure is an interface to the
ipsec subsystem of the kernel. This interface handles the communication with
the kernel for SA and policy management e.g. adds an SA/SP to the SAD/SPD. It
communicates with the native IPsec stack of the Linux 2.6 kernel via a Netlink
socket which speaks the XFRM protocol. IPsec SAs can be inserted and deleted
and status information on the active tunnels can be retrieved from the kernel
which does the actual ESP encryption and decryption work. <o:p></o:p></span></div><div><font face="Times New Roman">
</font></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>During the IKEv2 Charon daemon initialization,<o:p></o:p></span></div><div><font face="Times New Roman">
</font></div><div class="MsoListParagraphCxSpFirst" style="margin: 0in 0in 0pt 0.5in; text-indent: -0.25in; mso-list: l1 level1 lfo2;"><!--[if !supportLists]--><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt; mso-fareast-font-family: "Comic Sans MS"; mso-bidi-font-family: "Comic Sans MS";'><span style="mso-list: Ignore;">1)<span style='font: 7pt/normal "Times New Roman"; font-size-adjust: none; font-stretch: normal;'>
</span></span></span><!--[endif]--><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>It calls libhydra_init () function, which
initializes kernel interfaces specific to 'starter' for the kernel.<o:p></o:p></span></div><div><font face="Times New Roman">
</font></div><div class="MsoListParagraphCxSpLast" style="margin: 0in 0in 10pt 0.5in; text-indent: -0.25in; mso-list: l1 level1 lfo2;"><!--[if !supportLists]--><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt; mso-fareast-font-family: "Comic Sans MS"; mso-bidi-font-family: "Comic Sans MS";'><span style="mso-list: Ignore;">2)<span style='font: 7pt/normal "Times New Roman"; font-size-adjust: none; font-stretch: normal;'>
</span></span></span><!--[endif]--><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>It subscribes to XFRM events generated by the Linux
kernel which are triggered by IPsec XFRM state limits and get processed in
process-expire() ( defined in libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c).<o:p></o:p></span></div><div><font face="Times New Roman">
</font></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>I do have my own IPsec implementation (which will maintain the SAD & SPD,ESP encryption and decryption, authentication) thus want to bypass the
following <span style="mso-spacerun: yes;"> </span><o:p></o:p></span></div><div><font face="Times New Roman">
</font></div><div class="MsoListParagraphCxSpFirst" style="margin: 0in 0in 0pt 0.5in; text-indent: -0.25in; mso-list: l0 level1 lfo1;"><!--[if !supportLists]--><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt; mso-fareast-font-family: "Comic Sans MS"; mso-bidi-font-family: "Comic Sans MS";'><span style="mso-list: Ignore;">1)<span style='font: 7pt/normal "Times New Roman"; font-size-adjust: none; font-stretch: normal;'>
</span></span></span><!--[endif]--><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>Linux kernel-netlink plugin which implements
configuration and management of IPsec Policies and SAs via XFRM.<o:p></o:p></span></div><div><font face="Times New Roman">
</font></div><div class="MsoListParagraphCxSpLast" style="margin: 0in 0in 10pt 0.5in; text-indent: -0.25in; mso-list: l0 level1 lfo1;"><!--[if !supportLists]--><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt; mso-fareast-font-family: "Comic Sans MS"; mso-bidi-font-family: "Comic Sans MS";'><span style="mso-list: Ignore;">2)<span style='font: 7pt/normal "Times New Roman"; font-size-adjust: none; font-stretch: normal;'>
</span></span></span><!--[endif]--><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>Installing, updating, querying and deleting IPsec
Policies and SAs in Linux kernel.<o:p></o:p></span></div><div><font face="Times New Roman">
</font></div><div><font face="Times New Roman">
</font></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>Do I just need to comment out all the hydra->kernel_interface
function calls and replace with ours? Please suggest and correct me if I am
wrong.<o:p></o:p></span></div><div><font face="Times New Roman">
</font></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>Thanks in advance for yours support and response<o:p></o:p></span></div><div><font face="Times New Roman">
</font></div><div><font face="Times New Roman">
</font></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>Regards,<o:p></o:p></span></div><div><font face="Times New Roman">
</font></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>Chinmaya<o:p></o:p></span></div><div><font face="Times New Roman">
</font></div></div></body></html>