[strongSwan] understanding libhydra kernel interface
Ravi Kanth Vanapalli
vvnrk.vanapalli at gmail.com
Fri Oct 12 22:24:43 CEST 2012
Hi all,
I am having trouble interpreting the plugins of libhydra, specifically
understanding the interfaces which communicate with kernel.
Scenario:* using SS client for IKEv2.*
Web link below indicates that by default 'kernel-netlink' of libhydra will
be loaded by default for communicating with kernel net-key ipsec stack.
http://wiki.strongswan.org/projects/strongswan/wiki/Pluginlist
which means.. as per my understanding of code base.
Following would be the flow ,
*i)* ipsec start --> starts the starter in starter.c
There is a call libhydra_init("starter") --> initalize kernel
interfaces specific to 'starter' for the kernel.
*iii) *Starter starts the Charon daemon in line 714 of starter.c.
*iii)* Inside charon.c line
*a)* again libhydra_init("charon") line 472 --> initialize the
kernel interfaces ( including netlink interface) specific to the 'charon'
for the kernel
* b)* line 572 Initalize the charon daemon with 'charon.load' which
reads libhydra plugins from "strongswan.conf" pertaning to "charon".
In Step* b*) above, there is a plugin called 'kernel-netlink' which
initializes the netlink kernel interfaces for NETKEY ipsec and netlink
kernel interfaces for network. ( line 46,48 of kernel_netlink_plugin.c )
My question is, why should we initialize the kernel interface eg.
'kernel-netlink' again when step a) already initializes the
'kernel-netlink' interfaces in libhydra_init.
Why should the Charon daemon specifically initalize its kernel
interfaces like in step b, when libhydra daemon for Charon..already does it
in step a.
I am not sure if my understanding or reasoning is correct and I would
deeply apppreciate any help to clarify my doubt.
Regards,
RV
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121012/647ce008/attachment.html>
More information about the Users
mailing list