IETF Logo Mail Archive

[IPsec] IPSec implementation query.

"Prashant Batra (prbatra)" <prbatra@cisco.com> Thu, 18 August 2011 06:17 UTC

Return-Path: <prbatra@cisco.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C5B021F8581 for <ipsec@ietfa.amsl.com>; Wed, 17 Aug 2011 23:17:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QM9dFz11Xu1M for <ipsec@ietfa.amsl.com>; Wed, 17 Aug 2011 23:17:37 -0700 (PDT)
Received: from ams-iport-2.cisco.com (ams-iport-2.cisco.com [144.254.224.141]) by ietfa.amsl.com (Postfix) with ESMTP id B4E0621F856C for <ipsec@ietf.org>; Wed, 17 Aug 2011 23:17:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=prbatra@cisco.com; l=429; q=dns/txt; s=iport; t=1313648310; x=1314857910; h=mime-version:content-transfer-encoding:subject:date: message-id:references:from:to; bh=eUdn0g7fhatKjNmlTefhDshdpBFIzOWikStEdQ6Gx5c=; b=FJ0r0U2vuNJi+o8rIDQkyajPcFn6OkprD7PXeHr1HZAyZHhf6IjvypGy ba3pqW6Djpgr03Q/yRNZA6I8EcmgQycZtp7HS30LGa2KWBAXb/GK8CUYy YhAiV+uDJJ/uU55jQRLg9+BPAKnt1IQir9hlH795OWqDdMSE6/6of0yn1 Q=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AnoGALmtTE5Io8US/2dsb2JhbABAmV2PFXeBQQEBAQMSAR0KTwIBKgYYBgFWAQEECxAaoRABnnWFaV8Eh16QSoto
X-IronPort-AV: E=Sophos;i="4.68,243,1312156800"; d="scan'208";a="51010731"
Received: from bgl-core-3.cisco.com ([72.163.197.18]) by ams-iport-2.cisco.com with ESMTP; 18 Aug 2011 06:18:28 +0000
Received: from xbh-bgl-411.cisco.com (xbh-bgl-411.cisco.com [72.163.129.201]) by bgl-core-3.cisco.com (8.14.3/8.14.3) with ESMTP id p7I6IRZx013982 for <ipsec@ietf.org>; Thu, 18 Aug 2011 06:18:28 GMT
Received: from xmb-bgl-419.cisco.com ([72.163.129.215]) by xbh-bgl-411.cisco.com with Microsoft SMTPSVC(6.0.3790.4675); Thu, 18 Aug 2011 11:48:21 +0530
X-MimeOLE: Produced By Microsoft Exchange V6.5
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-CR-Hashedpuzzle: AUEh Azvw BYlJ CGjF CieL DD0D DdkU EMxW E7Ju E8Pd Fvim F4e2 HNVv HVE3 Hft+ KbmD; 1; aQBwAHMAZQBjAEAAaQBlAHQAZgAuAG8AcgBnAA==; Sosha1_v1; 7; {B095C219-BFC9-41AB-AC8C-4FC891CE0EA3}; cAByAGIAYQB0AHIAYQBAAGMAaQBzAGMAbwAuAGMAbwBtAA==; Thu, 18 Aug 2011 06:18:18 GMT; SQBQAFMAZQBjACAAaQBtAHAAbABlAG0AZQBuAHQAYQB0AGkAbwBuACAAcQB1AGUAcgB5AC4A
X-CR-Puzzleid: {B095C219-BFC9-41AB-AC8C-4FC891CE0EA3}
Content-class: urn:content-classes:message
Date: Thu, 18 Aug 2011 11:48:18 +0530
Message-ID: <B97B134FACB2024DB45F524AB0A7B7F2042C036A@XMB-BGL-419.cisco.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: IPSec implementation query.
Thread-Index: AcxK0UywJgRnA9ThSiW+Is6Eot+WkgAcjspgBIq+AZA=
References: <20013.29623.491247.654466@fireball.kivinen.iki.fi>
From: "Prashant Batra (prbatra)" <prbatra@cisco.com>
To: ipsec@ietf.org
X-OriginalArrivalTime: 18 Aug 2011 06:18:21.0871 (UTC) FILETIME=[A12C1BF0:01CC5D6E]
Subject: [IPsec] IPSec implementation query.
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Aug 2011 06:17:38 -0000

Hello,

	IPSec in linux kernel doesn't seem to work with packets sent
from RAW socket.
I think this is as per the design of RAW socket, that they bypass the
transport layer. But as they enter the core IP layer, and there is a
policy to protect, they should get protected. But this does not happen?
Any clues?

Also, if this is not possible, how can we use kernel IPSec to protect
RAW socket data.

Thanks,
Prashant

v2.23.0 | Report a Bug | By Email