我正在设置 IP sec,我有点困惑。
setkey racoon <-------(IKE)-------> somebody
| ^ | (5)
| | |(6)
|(1) +-----+ +---+
| (4)| |
v | v
+-----+ (2) | (3) +-----+
| SPD |<----- kernel ------>| SAD |
+-----+ | +-----+
|(7)
v
(1)The administrator sets a policy to SPD by using setkey.
(2)Kernel refers to SPD in order to make a decision of applying IPsec to a packet.
(3)If IPsec is required, then kernel get the Key for IPsec-SA from SAD.
(4)If it is failed, then kernel send a request to get the Key to racoon.
(5)racoon exchange the Key by using IKE with the other to be established IPsec-SA.
(6)racoon put the Key into SAD.
(7)Kernel can send a packet applied IPsec.
那是在KAME网站上。Racoon 如何设置自己以接收来自内核的请求?我使用的是 Ubuntu,但我不明白界面。我需要编写一个程序在内核和浣熊之间运行。