SGH_WIKI

User Tools

Site Tools

Trace: tcp checksum linuxdma ipsec skb device_tree mount_filesystem notes
mywiki:linux:ipsec

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
mywiki:linux:ipsec [2015/12/16 15:09] – [Kernel cryptography] supermywiki:linux:ipsec [2019/09/15 18:55] (current) – external edit 127.0.0.1
Line 1: Line 1:
 **IPSec Implementation in Linux** **IPSec Implementation in Linux**
 +
 +| Reference | {{:mywiki:linux:chapter10_ipsec.pdf| ipsec_xfrm }} |
  
 ====== IPSEC Basic ====== ====== IPSEC Basic ======
Line 39: Line 41:
  
 ===== Kernel Terms ===== ===== Kernel Terms =====
-| aalg | +| aalg | **Authentication** algo pointer 
-| ealg | +| ealg | **Encryption** algo pointer 
-| calg | +| calg | **Compression** algo pointer 
-| aead | Authentication Encryption with Associated Data |+| aead | **Authentication Encryption** with Associated Data pointer | Note: if (aead == NULL); then only authentication without any encryption | 
 +| encap | Data for **encapsulator**, ie, for **special UDP** Encapsulation only | draft-ietf-ipsec-udp-encaps-06 |
  
  
Line 239: Line 242:
 | xfrm_state_lookup() | SAD lookup based on spi | | xfrm_state_lookup() | SAD lookup based on spi |
  
 +===== IPSec SA initialize =====
 +It is initialized by API: **static int esp_init_state(struct xfrm_state *x)**, which is defined in file:
 +  * net/ipv4/esp4.c
 +  * net/ipv6/esp6.c
 ===== IPSec Tx steps ===== ===== IPSec Tx steps =====
 <file> <file>
mywiki/linux/ipsec.1450249784.txt.gz · Last modified: (external edit)