[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: racoon ISAKMP implementation for IPsec

Noah L. Meyerhans wrote:
I just downloaded the latest upstream source for the iputils packages
and noticed that they it now contains quite a bit of IPsec code.  In
particular, this includes libipsec and racoon.  Racoon is the KAME
ISAKMP (IPsec key exchange protocol) implementation.  I haven't
investigated further, but considering the upstream author's involvement
in Linux kernel network development, I'd take this as a sign that racoon
will be the "official" ISAKMP implementation for the recently merged
kernel IPsec code.

I haven't seen any mention of racoon on this list, nor in wnpp.  The
iputils release notes indicate that racoon will eventually be moved to a
separate source package that should be packaged separately from the
iptuils Debian packages.  I will maintain the racoon and libipsec
packages, since I haven't seen any sign of other people offering to do

If I missed an ITP, please let me know.

No ITP, but I did manage to get this to compile against the 2.5.50
kernel source tree.  It seems to work, but the other side of my
tunnel is down at the moment (he upgraded his kernel but didn't
rebuild freeswan).

You'll also need the setkey program from iputils to do IPSEC.  Both
of these (and the library) need headers from a recent kernel source

I've attached my changes to get racoon to compile, in case you're
interested.  Mostly tweaks because our glibc has functions that
the source doesn't think __linux__ has.

Steve Dunham

--- iputils.orig/racoon/grabmyaddr.c	2002-11-08 18:20:56.000000000 -0800
+++ iputils/racoon/grabmyaddr.c	2002-11-30 22:26:43.000000000 -0800
@@ -37,8 +37,8 @@
 #include <net/if.h>
 #if defined(__FreeBSD__) && __FreeBSD__ >= 3
 #include <net/if_var.h>
 #include <net/route.h>
 #include <stdlib.h>
 #include <stdio.h>
@@ -79,6 +79,12 @@
 #ifdef __linux__
+#include <linux/rtnetlink.h>
+__u32 nl_pid;
+int nl_rescan;
+#if 0
 /* We could do this _much_ better. kame racoon in its current form
  * will esentially die at frequent changes of address configuration.
@@ -93,10 +99,8 @@
 	struct sockaddr_storage ifa_addrbuf;
-#include <linux/rtnetlink.h>
-__u32 nl_pid;
-int nl_rescan;
 static int parse_rtattr(struct rtattr *tb[], int max, struct rtattr *rta, int len)
--- iputils.orig/racoon/pfkey.c	2002-11-08 15:25:14.000000000 -0800
+++ iputils/racoon/pfkey.c	2002-11-30 22:17:59.000000000 -0800
@@ -36,7 +36,7 @@
 #include <sys/socket.h>
 #include <sys/queue.h>
-#include <net/route.h>
+/*#include <net/route.h>*/
 #include <net/pfkeyv2.h>
 #include <netinet/in.h>

Reply to: