racoon2-20070720a
所属分类:Linux/Unix编程
开发工具:C/C++
文件大小:1140KB
下载次数:54
上传日期:2010-12-31 22:46:44
上 传 者:
kyrene
说明: Linux下的Ipsec实现源码,实现了IKE等
(ipsec sourcecode)
文件列表:
racoon2-20070720a\.indent.pro (593, 2005-10-06)
racoon2-20070720a\aclocal.m4 (8303, 2006-06-14)
racoon2-20070720a\BUGS (2884, 2007-07-20)
racoon2-20070720a\config.guess (44207, 2006-07-27)
racoon2-20070720a\config.sub (32436, 2006-07-27)
racoon2-20070720a\configure (40471, 2007-07-10)
racoon2-20070720a\configure.in (3050, 2007-07-10)
racoon2-20070720a\COPYRIGHT (8337, 2007-07-17)
racoon2-20070720a\COPYRIGHT.jp (1507, 2005-07-20)
racoon2-20070720a\doc\config-usage.ja.txt (15523, 2006-10-04)
racoon2-20070720a\doc\config-usage.txt (23943, 2007-05-16)
racoon2-20070720a\doc\iked-memo.ja.txt (6525, 2007-05-16)
racoon2-20070720a\doc\INSTALL (7032, 2007-07-20)
racoon2-20070720a\doc\kinkd-data-struct.obj (24445, 2004-06-28)
racoon2-20070720a\doc\kinkd-impl.ja.txt (18313, 2005-07-20)
racoon2-20070720a\doc\kinkd-install.ja.txt (4895, 2005-07-20)
racoon2-20070720a\doc\kinkd-state-txn.obj (13263, 2003-10-10)
racoon2-20070720a\doc\libracoon.ja.txt (21020, 2006-08-21)
racoon2-20070720a\doc\specification.ja.txt (19588, 2005-10-04)
racoon2-20070720a\doc\spmif.txt (4572, 2006-06-29)
racoon2-20070720a\doc\style.txt (11555, 2005-10-06)
racoon2-20070720a\doc\system-message.ja.txt (15249, 2005-06-23)
racoon2-20070720a\doc\USAGE (20906, 2007-07-19)
racoon2-20070720a\FAQ (49, 2006-12-27)
racoon2-20070720a\iked\authenticator.c (4243, 2007-07-04)
racoon2-20070720a\iked\authenticator.h (2311, 2007-07-04)
racoon2-20070720a\iked\config.guess (44207, 2006-07-27)
racoon2-20070720a\iked\config.h.in (3863, 2006-07-20)
racoon2-20070720a\iked\config.sub (32436, 2006-07-27)
racoon2-20070720a\iked\configure (81331, 2006-08-22)
racoon2-20070720a\iked\configure.in (7108, 2006-08-22)
racoon2-20070720a\iked\crypto_impl.h (10301, 2007-07-04)
racoon2-20070720a\iked\crypto_openssl.c (64455, 2007-07-09)
racoon2-20070720a\iked\crypto_openssl.h (3377, 2005-10-14)
racoon2-20070720a\iked\debug.h (2536, 2005-11-02)
racoon2-20070720a\iked\dh.c (6763, 2007-07-04)
racoon2-20070720a\iked\dhgroup.h (10802, 2007-07-04)
racoon2-20070720a\iked\encryptor.c (26508, 2007-07-04)
racoon2-20070720a\iked\encryptor.h (2974, 2007-07-04)
racoon2-20070720a\iked\gcmalloc.h (3343, 2005-10-06)
... ...
$Id: README,v 1.53 2007/07/18 07:52:01 fukumoto Exp $
This document describes the Racoon2 and the distribution kit.
You have to read doc/INSTALL and doc/USAGE to use the Racoon2
after you read this document. Enjoy !
o Files and Directories
README : this file, explaining the Racoon2 distribution.
COPYRIGHT: contains the copyright.
NEWS : major changes, new functionalities, etc.
FAQ : Frequently Asked Questions.
doc/ : specs, memos, usage, etc.
samples/ : configuration samples.
lib/ : files related to the library, libracoon.a
kinkd/ : files related to the KINK daemon.
iked/ : files related to the IKE daemon.
spmd/ : files related to the IPsec Security Policy Management daemon.
pskgen/ : files related to pskgen(8)
o What is the Racoon2 ?
The Racoon2 is a system to exchange and to install security parameters
for the IPsec.
This is provided by the Racoon2 Project in the WIDE Project, Japan.
The project aims to provide the IPsec system for FreeBSD, NetBSD and
Linux. There are some similar projects working in the Internet community.
We do not have any thoughts to compete with these communities.
We'd rather like to collaborate with them though there is a language barrier.
Main objective of the Racoon2 is for research rather than business. We may not
be able to provide satisfactory support for you. We are continuously changing
it in our research. It does not have enough stability. So, please take full
responsibility for using the Racoon2.
Currently, the system supports the following specifications:
Internet Key Exchange (IKEv2) Protocol
RFC 4306
RFC 4307
Kerberized Internet Negotiation of Keys (KINK)
RFC 4430
The Internet Key Exchange (IKE)
RFC 2409
RFC 3947
RFC 3948
PF_KEY Key Management API, Version 2
RFC 2367
RFC 4718
The system provides three daemons: iked, kinkd and spmd.
Each daemon manages IKE, KINK and IPsec Policy respectively.
The "previous Racoon" only supports IKEv1 [RFC2409]. The Racoon2 supports
IKEv1, IKEv2 and KINK.
The Racoon2 also supports IPsec security policy management with "spmd".
The configuration is completely different too, because the Racoon2 system
supports multiple key exchange protocols as well as policy management.
We however implement IKEv1 based on the Racoon in ipsec-tools.
o What features will the Racoon2 support ?
Here is the list of features that we think to implement in a future.
This is not a complete list. This may be changed with no announcing.
- English documentation.
- IKEv2: configuration payload (aka mode-config in IKEv1) in iked.
- MIPL support (MIP6 Implementation on Linux) in iked.
- SHISA support (WIDE MIP6 Implementation on *BSD) in iked.
- Support graceful rekeying.
- Configuration file converter from the "previous Racoon".
- Easy configuration tool.
o What is the Racoon2 system structure ?
There are three daemons in the Racoon2 system. The following picture
illustrates the relationship between the daemons in the system.
You have to run "spmd" AND one protocol daemon to establish IPsec SAs.
+--------+ +--------+
| iked |--(spmif)--+ +--(spmif)--| kinkd |
+--------+ | | +--------+
| +--------+ |
| | spmd | |
| +--------+ |
| | |
| | |
--(PFKEY)------------(PFKEY)-----------(PFKEY)--
| | |
| | |
+---------------------------------------------+
| Kernel |
+---------------------------------------------+
"spmd" is the IPsec security policy management daemon. It has two missions.
First one is to manage IPsec policies. "spmd" will install IPsec policies
and delete them from the kernel. It uses PF_KEYv2 for this purpose.
Another is to cache the mapping table between IP addresses and FQDNs
for KINK processing.
"iked" processes the IKE protocol. It initiates the protocol, and processes
the packet from the remote system. Then it installs IPsec SAs into the
kernel by using PF_KEYv2. If generating IPsec policies as the result of
the exchange, it also requests "spmd" to install the policies by using "spmif",
which is an abbreviation of spmd interface.
"kinkd" is similar to "iked" except that it processes the KINK protocol.
o Contact Points
Informations about the Racoon2 are available at the project's web page:
http://www.racoon2.wide.ad.jp/
If you have any questions about the Racoon2, you can ask to the mailing
list:
racoon2-users@racoon2.wide.ad.jp
Before sending your question, you MUST subscribe this mailing list
by sending a request in the body:
subscribe
to racoon2-users-ctl@racoon2.wide.ad.jp. You will receive a confirmation
from the mailing list owner. Then you have to reply to the mail in order
to complete the procedure.
Please don't ask them to other mailing lists such as "racoon@kame.net",
"kame-snap@kame.net", or "ipsec-tools-users@lists.sourceforge.net".
If you want to help us or if you want to contribute, please contact us.
Please feel free to post any patches, make suggestions, etc.
In particular, to check English documentations is very helpful for us.
o Copyright
Basically this kit follows the BSD-like copyright. See the file: COPYRIGHT.
In short, the code is freely available but with no warranty.
The copyright holder is WIDE Project instead of the Racoon2 Project.
This is because the Racoon2 Project belongs to the one of the working groups
in the WIDE Project.
o IPR consideration
The Racoon2 Project takes no position regarding the validity or scope of
any intellectual property rights or other rights that might be
claimed to pertain to the implementation or use of the technology
used in the Racoon2, or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights.
The Racoon2 Project simply reproduces the intellectual property rights
statements that have been submitted to the IETF at
concerning
the IETF protocols embodied in the Racoon2.
Certicom's Statement About IPR Claimed in RFC 3526, RFC 2409,
draft-ietf-ipsec-ikev2, and Other IETF Specifications Using MODP
Groups:
Internet Key Exchange (IKEv2) Protocol:
Microsoft's statement about IPR claimed in
draft-ietf-ipsec-ikev2-08.txt:
If you have a concern about the possible intellectual property rights
associated with acquiring, compiling, modifying, or otherwise using
the Racoon2 software, you should consult your own attorney.
o Project Members
Core project members are:
Satoshi Inoue Panasonic Communications Co., Ltd.
Atsushi Fukumoto Toshiba Corporation
Mitsuru Kanda Toshiba Corporation
Kazunori Miyazawa Yokogawa Electric Corporation
Ken'ichi Kamada Yokogawa Electric Corporation
Shoichi Sakane Yokogawa Electric Corporation
Francis Dupont
Alphabetical order of the name of their belonging company.
o Acknowledgments
Thanks to Paul Hoffman. He suggested what we should think about the
intellectual property rights related the IKEv2 protocol, and helped us
to publish our IKEv2 code. Thanks to member of the WIDE project.
We could not work without the great project.
Thanks to Yutaka Yamashita. He implemented the partial mobility support
with SHISA in iked(8).
近期下载者:
相关文件:
收藏者: