-----Original Message-----
From: À±ÁÖ´ç.. <yulli@ece.skku.ac.kr>
To: <ipsec@lists.tislabs.com>
Date: Friday, March 24, 2000 7:03 PM
Subject: How to call from kernel to user program TO IPSEC developers..I am programming ipsec on LINUX. Now I have finished modifying kernel. But I have difficulties in attaching key management entity..In RFC 2407,4.3.1 Key Management Issues
It is expected that many systems choosing to implement ISAKMP will
strive to provide a protected domain of execution for a combined IKE
key management daemon. On protected-mode multiuser operating
systems, this key management daemon will likely exist as a separate
privileged process.
In such an environment, a formalized API to introduce keying material
into the TCP/IP kernel may be desirable. The IP Security
architecture does not place any requirements for structure or flow
between a host TCP/IP kernel and its key management provider.
above this, key management program should be a separate process and a form of daemon and IPSEC program should include kernel program.
key management program consists of client and server. And when needed, ipsec program must be able to call key management client in order to negotiate key and so on.
So in order that kernel program calls user program, it seems to be needed a formalized API.
but I don't know how a part of kernel can call user program and how to design a formalized API.
I need your advices about reference books and your idea..
Help me!!
Thank you!!