questions about ipsec-tools-0.4 and linux kernel 2.6

Evgeniy Polyakov johnpol at 2ka.mipt.ru
Wed Mar 9 09:17:06 CET 2005 

On Sat, 2005-02-05 at 12:39 +0100, Emilio Calicchio wrote:
> I am a student of engineering in  first university of 
> Rome (“La Sapienza”) and I’m working to my degree
> thesis whose title is: 
> “End-to-end real-time applications performance
> measurements on VPN  network (both terrestrial  and 
> satellite),  blocks encryption algorithms vs stream
> cipher ones.”
> 
> Since I have to use a Linux based test bed, I must
> integrate the stream cipher algorithms (like Scream
> and Seal cipher algorithm)in the Linux ipsec
> implementation; at aim I wonder whether you can help
> me by providing the following information:
> Architectural description  of the ipsec Linux
> implementation (both tools and kernel modules) 
> the files of kernel version 2.6 and ipsec-tools-0.4
> that I should modify in order to add chiper stream
> algorithm
> if someone else is facing the same topic.

Hmmm, dataflow in network is a block flow, 
although you can apply stream cipher to that blocks.

Too many uerspace tools support in-kernel IPsec, 
some info at:
http://sourceforge.net/projects/ipsec-tools
http://lartc.org/howto/lartc.ipsec.html
http://www.ipsec-howto.org

I suppose all key daemons supports it.

In-kernel part lives in net/xfrm.

You may have interest in following files:
./net/ipv4/esp4.c
./net/ipv6/esp6.c

they contain esp implementation.

You need to analyze esp_output() to see crypto usage there.

But I really doubt stream ciphers have any usage in network - 
it is not mobile phones.

If you need to test network performance inside encrypted tunnel,
you may create your own tunnel(see net/ipv4/ip_gre.c) which will
encrypt your trafic using any cipher you like.

> Thanks for your help
> Best regards
> 
> CALICCHIO EMILIO

-- 
        Evgeniy Polyakov

Crash is better than data corruption -- Arthur Grabowski
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.logix.cz/pipermail/cryptoapi/attachments/20050309/89faf449/attachment.pgp

More information about the CryptoAPI mailing list