Jeremy Jackson wrote: > Hi, > > I'm looking for a way to set IPSEC policy per-socket; a quick trawl > throught the kernel source shows IP_IPSEC_POLICY (ie PF_KEY) isn't > implemented (per socket), but rather only the native Linux > IP_XFRM_POLICY sockopt. > > ipsec-tools don't use it, in fact I can't find one single piece of code, > or userspace library, or documentation on the net. Can anyone point me > in the right direction? ipsec-tools do set policies per socket for every racoon's isakmp socket. See setsockopt_bypass()@src/racoon/sockmisc.c -- Aidas Kasparas IT administrator GM Consult Group, UAB - : send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
