[strongSwan-dev] strongswan plugin interface

Ghitulete Razvan razvan.ghitulete at gmail.com
Thu Mar 15 23:07:39 CET 2012


Hi,
    I am trying to use strongswan in a more dynamic approach. In more
detail, I want to be able to use something like a runtime API(let's say for
javva) that can be used to alter strongswan configurations as those read
from ipsec.conf. So I was wondering what would be the best way to do so,
and also have this "feature" merged into the main branch.
    The thing is that I wouldn't want to tamper with the ipsec.conf, as
this would be a rather nasty hack and very prone to error and bugs. So
there would be the approach of writing a plugin for this, but the plugins
are daemon triggered, and this doesn't help me at all, as the plugin should
be the one that triggers the daemon in this case(when a message for a new
configuration is received). Also I was wondering(because the code base is
very big and wasn't able to find an answer myself), what would an exact
workflow diagram look like: who stores the configurations? how it stores
them? is there any communication between daemons? if pluto and charon are
both active at the same time, do they have distinct configuration storage?


-- 
Razvan Ghitulete
Vrije Universiteit Amsterdam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20120315/acddeb02/attachment.html>


More information about the Dev mailing list