libnl and IPsec/XFRM

Joerg Pommnitz pommnitz at yahoo.com
Fri Feb 17 07:44:22 EST 2012


----- Karl Hiramoto wrote -----

> 
> You can always implement your own netlink calls using  the "generic 
> netlink" lib
> http://www.infradead.org/~tgr/libnl/doc/api/group__genl.html 
> <http://www.infradead.org/%7Etgr/libnl/doc/api/group__genl.html>

Can I? I wasn't sure. I thought generic netlink is something distinct from the specialized netlink protocols like routing and XFRM. And anyway, I was looking for something with the convenience methods that come with direct libnl support.

> I'm not very familiar with NETLINK_XFRM   What are you trying to do that  
> libipsec can't do? http://ipsec-tools.sourceforge.net/

AFAIK libipsec sits on top of PF_KEY, which is deprecated. I'm just looking at my options to figure out how to proceed.

What I need is a painless way to manipulate and read the IPsec SPD an SAD.

> just a libnl user,
> 
> --
> Karl
>

Kind regards
  Joerg




More information about the libnl mailing list