Menu
▾
▴
Re: [Ipsec-tools-devel] protect raw sockets
|
From: Timo T. <tim...@ik...> - 2011-08-19 05:49:54
|
On 08/18/2011 06:01 PM, krbmit siso wrote: > After adding the below code in net/ipv4/raw.c in function raw_send_hdrinc() > I am able to see packet sent using RAW_SOCKET getting protected . > > Please let me know how can it be done better and provide it has a feature > , so that others can also use it if packet sent using RAW_SOCKET > needs to be protected. Raw sockets are raw sockets. They are used to send out network traffic that was captured earlier, or to generate test traffic. I don't think it makes any sense to apply XFRM policies to them: it might break the usage this API was intended for. The whole purpose of raw sockets is to bypass kernel side extra handling. To generate IPsec protected stuff use the normal APIs: regular UDP/TCP sockets. The same applies for sending/receiving IKE packets. You need regular UDP socket with IPsec bypass policy. What's your point in trying to use raw sockets? You should not need to use them unless you are implementing a packet capturer or a network traffic generator. - Timo |