Differences

This shows you the differences between two versions of the page.

--- mywiki:linux:ipsec [2015/12/10 12:50] – [IPSec kernel APIs] super
+++ mywiki:linux:ipsec [2019/09/15 18:55] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
 **IPSec Implementation in Linux**
+| Reference | {{:mywiki:linux:chapter10_ipsec.pdf| ipsec_xfrm }} |
 ====== IPSEC Basic ======
@@ Line 36: / Line 38: @@
 | XFRM framework | net/ipv4/xfrm4_policy.c and net/ipv6/xfrm6_policy.c |
 | XFRM initialization | xfrm4_init() and xfrm6_init(). |
+===== Kernel Terms =====
+| aalg | **Authentication** algo pointer |
+| ealg | **Encryption** algo pointer |
+| calg | **Compression** algo pointer |
+| aead | **Authentication Encryption** with Associated Data pointer | Note: if (aead == NULL); then only authentication without any encryption |
+| encap | Data for **encapsulator**, ie, for **special UDP** Encapsulation only | draft-ietf-ipsec-udp-encaps-06 |
 ===== Kernel cryptography =====
 | acrypto | asynchronous crypto |
 | cryptd |
@@ Line 231: / Line 242: @@
 | xfrm_state_lookup() | SAD lookup based on spi |
+===== IPSec SA initialize =====
+It is initialized by API: **static int esp_init_state(struct xfrm_state *x)**, which is defined in file:
+  * net/ipv4/esp4.c
+  * net/ipv6/esp6.c
 ===== IPSec Tx steps =====
 <file>