Date: Sat, 4 Aug 2007 22:12:32 +0530 From: "aditya kiran" <adityaa.kiran@gmail.com> To: blue <susan.lan@zyxel.com.tw> Cc: freebsd-net@freebsd.org Subject: Re: Ipsec - PF_KEY and set_policy Message-ID: <994cd1cf0708040942p4dc6486ar1c333571bddfcc4c@mail.gmail.com> In-Reply-To: <46A7E70E.70204@zyxel.com.tw> References: <994cd1cf0707251039j7eaf167fh5851fc979ee2b60@mail.gmail.com> <46A7E70E.70204@zyxel.com.tw>
next in thread | previous in thread | raw e-mail | index | archive | help
HI Blue, Thanks a lot for this info.. It helped me in understanding the difference.. Thanks, Adityaa On 7/26/07, blue <susan.lan@zyxel.com.tw> wrote: > > As far as I know, setkey is used for IPsec SP and SA configuration. > ipsec_set_policy() could transfer a string to "policy request", which is > defined in RFC 2367 PF_KEY. Internally, setkey() will call > ipsec_set_policy() to construct the message then send it down to the > kernel. However, ipsec_set_policy() is used only for SP, not SA. > > blue > > aditya kiran wrote: > > > Hi, > > I was just trying to understand PF_KEY interface for ipsec settings. So, > > setkey uses it to do that. but i could find another system call - > > ipsec_set_policy. Could any body let me know why there are two > > interfaces to > > configure ipsec? > > Thanks, > > Aditya > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?994cd1cf0708040942p4dc6486ar1c333571bddfcc4c>