They are currently two ipsec implementation of Ipsec in NetBSD. I will
only take about fast_ipsec. All the code is in sys/netipsec.

The ip input is done by the function ip_input (in sys/netinet/ip_input.c).
The processing of ipsec part is done by ipsec4_common_input
(sys/netipsec/ipsec_input.c). Check that the policy was correct is done by
ipsec_check_policy4.

On the output part, the ipsec part is in sys/netipsec/ipsec_output.c by
ipsec4_process_output, then reinject in ip_output
(sys/netinet/ip_output.c).

Protocol specific transformation are implemented in
sys/netipsec/xform_{ah,esp,ipcomp}.c.

I can answer to more precise question, but if you read this part of the
code, you may have some good overview of the way Ipsec works in NetBSD.

Regards,

--
Arnaud Degroote
degroote at netbsd dot org




--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

FWIW, http://www.netbsd.org/docs/network/ipsec/ has some ASCII diagrams of
how things are processed. It's above function-call level, though.


- Hubert

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

Hello,

Thank you very much for your responses.
I will see this documentations, and if I have others quetions I will ask
you.

best regards,
Mohamed