SGH_WIKI

User Tools

Site Tools

Trace: tcp checksum skb linuxdma mount_filesystem notes ipsec device_tree
mywiki:linux:ipsec

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
mywiki:linux:ipsec [2015/12/16 15:27] – [Kernel Terms] supermywiki:linux:ipsec [2019/09/15 18:55] (current) – external edit 127.0.0.1
Line 1: Line 1:
 **IPSec Implementation in Linux** **IPSec Implementation in Linux**
 +
 +| Reference | {{:mywiki:linux:chapter10_ipsec.pdf| ipsec_xfrm }} |
  
 ====== IPSEC Basic ====== ====== IPSEC Basic ======
Line 43: Line 45:
 | calg | **Compression** algo pointer | | calg | **Compression** algo pointer |
 | aead | **Authentication Encryption** with Associated Data pointer | Note: if (aead == NULL); then only authentication without any encryption | | aead | **Authentication Encryption** with Associated Data pointer | Note: if (aead == NULL); then only authentication without any encryption |
 +| encap | Data for **encapsulator**, ie, for **special UDP** Encapsulation only | draft-ietf-ipsec-udp-encaps-06 |
  
  
Line 239: Line 242:
 | xfrm_state_lookup() | SAD lookup based on spi | | xfrm_state_lookup() | SAD lookup based on spi |
  
 +===== IPSec SA initialize =====
 +It is initialized by API: **static int esp_init_state(struct xfrm_state *x)**, which is defined in file:
 +  * net/ipv4/esp4.c
 +  * net/ipv6/esp6.c
 ===== IPSec Tx steps ===== ===== IPSec Tx steps =====
 <file> <file>
mywiki/linux/ipsec.1450250823.txt.gz · Last modified: (external edit)