[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

How to call from kernel to user program



Title: ´ÜdzÀÙ

TO IPSEC developers..
 
I am programming ipsec on LINUX. Now I have finished modifying kernel. But I have  difficulties in attaching key management entity..
 
In RFC 2407,

    4.3.1 Key Management Issues
   
       It is expected that many systems choosing to implement ISAKMP will
       strive to provide a protected domain of execution for a combined IKE
       key management daemon.  On protected-mode multiuser operating
       systems, this key management daemon will likely exist as a separate
       privileged process.

       In such an environment, a formalized API to introduce keying material
       into the TCP/IP kernel may be desirable.  The IP Security
       architecture does not place any requirements for structure or flow
       between a host TCP/IP kernel and its key management provider.

 

above this, key management program should be a separate process and a form of daemon and IPSEC program should include kernel program.

key management program consists of client and server. And when needed, ipsec program must be able to call key management client in order to negotiate key and so on.

So in order that kernel program calls user program, it seems to be needed a formalized API.

but I don't know how a part of kernel can call user program and how to design a formalized API.

I need your advices about reference books and your idea..

Help me!!

 

Thank you!!