[Click] Some new IPsec developement
Markku Savela
Markku.Savela at vtt.fi
Fri Apr 20 04:21:33 EDT 2012
Hi,
I've been trying to add some framework to the IPsec section for
supporting future real RFC-4301 compliant IPsec.
I've now created a forked repo on github
git://github.com/msa2/click.git
which contains the first rough implementation. This is just
framework, and the guts need more implementation work before
it can really claim any RFC-4301 compatibility.
It does not contain any real key management adapter, only
trivial fixed key loader (IPsecKM). However, this IPsecKM
element should be the base for implementing adaptation to
real key management (IKEv2 or IKEv1), or for experimenting
with non-standard key exchange protocols.
Unfortunately, due to being a quick work, these elements
are only usable in user mode (I used dynamic-cast in few
places, and it apparently does not compile in kernel module).
Other thing is that it still needs to be configure with
--enable-ip6 due to use of IP6Address (although I tried
not to require it).
Thus do ..
./configure --enable-ip6 --enable-ipsec
cd userlevel
make
...edit ../conf/ipsec-vtt.click to your needs, and
sudo ./click ../conf/ipsec-vtt.click
regards,
-- Markku Savela
More information about the click
mailing list