[strongSwan] How to bypass the strongSwan's IPsec Linux kernel interface
martin at strongswan.org
Mon Sep 9 10:09:01 CEST 2013
> I do have my own IPsec implementation (which will maintain the SAD &
> SPD,ESP encryption and decryption, authentication)
> Do I just need to comment out all the hydra->kernel_interface function
> calls and replace with ours?
No. The libhydra is a generic library, and provides a generic interfaces
to kernel/IPsec backends. You don't have to replace any of these calls.
Instead, you should implement in your own plugin the kernel_ipsec_t ,
and if required, the kernel_net_t  interface. The first implements an
IPsec backend, the second generic networking functions. Have a look at
one of the available kernel backends to see how this works.
More information about the Users