On Fri, 19 Nov 2004 at 08:52, Aidas Kasparas wrote:
> Park Lee wrote:
> >    Then, Where is the code in the source code of Linux kernel 2.6
> > to call racoon?
> > ......
> The code is at net/key/af_key.c . It implements PF_KEY protocol.
> Requests to establish a SA are sent to every program, which have
> open PF_KEY socket and requested to receive such requests. Basis
> for PF_KEY protocol is documented in RFC 2367, but linux kernel
> and racoon implement extended version of that spec (I don't know
> better documentation for extensions than source).
   In net/key/af_key.c, there is a function pfkey_send_acquire(). I think this function is used by kernel to send the PF_KEY SADB_ACQUIRE message to racoon. But, It seems that in kernel source there is no other functions who call this one.
    Then, How is pfkey_send_acquire() used by kernel? and Eventually How is  the SADB_ACQUIRE message sent by kernel in IPv4 when no security associations currently exist for IPsec to use? Is it begins in the xfrm_find_bundle() function which is called by xfrm_lookup() function (in net/xfrm/xfrm_policy.c)?
Thank you.

Best Regards,
Park Lee <parklee_sel@yahoo.com>

Do you Yahoo!?
Meet the all-new My Yahoo! Try it today!