From owner-freebsd-net@FreeBSD.ORG Thu Jul 26 00:13:03 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A9EB416A417 for ; Thu, 26 Jul 2007 00:13:03 +0000 (UTC) (envelope-from Susan.Lan@zyxel.com.tw) Received: from zyfb01-66.zyxel.com.tw (zyfb01-66.zyxel.com.tw [59.124.183.66]) by mx1.freebsd.org (Postfix) with ESMTP id 50B6113C45A for ; Thu, 26 Jul 2007 00:13:02 +0000 (UTC) (envelope-from Susan.Lan@zyxel.com.tw) Received: from zytwbe01.zyxel.com ([172.23.5.10]) by zyfb01-66.zyxel.com.tw with Microsoft SMTPSVC(6.0.3790.1830); Thu, 26 Jul 2007 08:13:01 +0800 Received: from zytwfe01.ZyXEL.com ([172.23.5.5]) by zytwbe01.zyxel.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 26 Jul 2007 08:13:01 +0800 Received: from [172.23.17.155] ([172.23.17.155]) by zytwfe01.ZyXEL.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 26 Jul 2007 08:13:01 +0800 Message-ID: <46A7E70E.70204@zyxel.com.tw> Date: Thu, 26 Jul 2007 08:13:02 +0800 From: blue User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103) X-Accept-Language: en-us, en MIME-Version: 1.0 To: aditya kiran References: <994cd1cf0707251039j7eaf167fh5851fc979ee2b60@mail.gmail.com> In-Reply-To: <994cd1cf0707251039j7eaf167fh5851fc979ee2b60@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 26 Jul 2007 00:13:01.0239 (UTC) FILETIME=[BA701C70:01C7CF19] Cc: freebsd-net@freebsd.org Subject: Re: Ipsec - PF_KEY and set_policy X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jul 2007 00:13:03 -0000 As far as I know, setkey is used for IPsec SP and SA configuration. ipsec_set_policy() could transfer a string to "policy request", which is defined in RFC 2367 PF_KEY. Internally, setkey() will call ipsec_set_policy() to construct the message then send it down to the kernel. However, ipsec_set_policy() is used only for SP, not SA. blue aditya kiran wrote: > Hi, > I was just trying to understand PF_KEY interface for ipsec settings. So, > setkey uses it to do that. but i could find another system call - > ipsec_set_policy. Could any body let me know why there are two > interfaces to > configure ipsec? > Thanks, > Aditya > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >