Platform indepedent IPsec - Security

This is a discussion on Platform indepedent IPsec - Security ; Hi, I would like know is it possible to implement plaform indepedent IPsec ? If yes then pls give me some suggestion how to do it & some related info. & is it possible to implement IPsec which runs in ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Platform indepedent IPsec

  1. Platform indepedent IPsec

    Hi,
    I would like know is it possible to implement plaform indepedent
    IPsec ?
    If yes then pls give me some suggestion how to do it & some related
    info.
    &
    is it possible to implement IPsec which runs in userspace( not as
    kernel module )

    Thanks.


  2. Re: Platform indepedent IPsec

    shrinivas.rathi@gmail.com writes:

    > Hi,
    > I would like know is it possible to implement plaform indepedent
    > IPsec ?


    Yes, but you'll need to provide some OS dependent primitives for "a
    set of functions" (fromm memory allocation to sending packets to the
    net, and including *a lot* of other things), then use some wrapper in
    your code (which will call the OS specific code for each supported
    OS).

    While doing this, you'll have a "quite independent" IPSec stack, which
    will be easy to port to any OS as soon as you can provide all
    primitives for the specified OS.


    > If yes then pls give me some suggestion how to do it & some related
    > info.


    I started thinking at such work a long time ago, it is *really* a huge
    work, as "just" writing a new IPSec stack from scratch is already an
    huge work !


    > is it possible to implement IPsec which runs in userspace( not as
    > kernel module )


    Yes, but you'll have some performance problems if you need to do some
    kernel/userland process foreach IP packet (even unencrypted packets
    needs to be confronted to the IPSec policy.....).


    But feel free to contact me if you *really* want to start such project !



    Yvan.

+ Reply to Thread