[strongSwan] How to bypass the strongSwan's IPsec Linux kernel interface
Martin Willi
martin at strongswan.org
Mon Sep 9 10:09:01 CEST 2013
Hi,
> I do have my own IPsec implementation (which will maintain the SAD &
> SPD,ESP encryption and decryption, authentication)
> Do I just need to comment out all the hydra->kernel_interface function
> calls and replace with ours?
No. The libhydra is a generic library, and provides a generic interfaces
to kernel/IPsec backends. You don't have to replace any of these calls.
Instead, you should implement in your own plugin the kernel_ipsec_t [1],
and if required, the kernel_net_t [2] interface. The first implements an
IPsec backend, the second generic networking functions. Have a look at
one of the available kernel backends to see how this works.
Regards
Martin
[1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libhydra/kernel/kernel_ipsec.h
[2]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libhydra/kernel/kernel_net.h
More information about the Users
mailing list