Platform indepedent IPsec

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I would like know is it possible to implement plaform indepedent
IPsec ?
If yes then pls give me some suggestion how to do it & some related
is it possible to implement IPsec which runs in userspace( not as
kernel module )


Re: Platform indepedent IPsec writes:

Quoted text here. Click to load it

Yes, but you'll need to provide some OS dependent primitives for "a
set of functions" (fromm memory allocation to sending packets to the
net, and including *a lot* of other things), then use some wrapper in
your code (which will call the OS specific code for each supported

While doing this, you'll have a "quite independent" IPSec stack, which
will be easy to port to any OS as soon as you can provide all
primitives for the specified OS.

Quoted text here. Click to load it

I started thinking at such work a long time ago, it is *really* a huge
work, as "just" writing a new IPSec stack from scratch is already an
huge work !

Quoted text here. Click to load it

Yes, but you'll have some performance problems if you need to do some
kernel/userland process foreach IP packet (even unencrypted packets
needs to be confronted to the IPSec policy.....).

But feel free to contact me if you *really* want to start such project !


Site Timeline