FreeS/WAN IPSec for Linux
Challenges and Solutions on the path to KLIPS, kernel portion of
FreeS/WAN, an IPSec implementation for Linux
- How do we get at incoming and outgoing packets? dummy devs? FW code?
- 10 second pings
- How to route transport mode packets (stoopid routing tricks)
- Oops causes module to be unloadable -- reboot
- How to debug kernel modules -- on the fly debug swtiching, netlink vs sysctl
- Non-ethernet devices -- hard_header_len
- Fixing /proc/net/ipsec_* support
- Kernel config option defaults -- append to arch/*/defconfig, .config
- Reorg from xform switch to algo switch -- eliminate fixing same bug 14 times
- Use GFP_KERNEL from user-init code, GFP_ATOMIC from interrupt-init code
- Kernel-accessible random functions -- get_random_bytes()
- Whoami, from kernel -- ip_chk_addr(u32)==IS_MYADDR
-
- Finding your way around the Linux kernel - etags/ctags, cflow
- Unloading modules
- Deleting SAs
- Deleting eroutes
- Static linked KLIPS
- Memleak package for detecting kernel memory leaks
- Route-stealing -- internal loop
- Bypass for IKE (UDP/500)
- For Alpha portability, use %p instead of (uint)%d, use long instead of int
- IPIP dependance, built from it, include it.
- What to do with oversize packets / with DF set
- Send ICMP MTU and fragment
- PF_KEYv2 sockets
- Extending PF_KEYv2 or SDB?
- 2.2.x kernels
Last modified by Richard Guy
Briggs on February 5th, 1999.