1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<HTML>
<HEAD>
<TITLE>Introduction to FreeS/WAN</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=iso-8859-1">
<STYLE TYPE="text/css"><!--
BODY { font-family: serif }
H1 { font-family: sans-serif }
H2 { font-family: sans-serif }
H3 { font-family: sans-serif }
H4 { font-family: sans-serif }
H5 { font-family: sans-serif }
H6 { font-family: sans-serif }
SUB { font-size: smaller }
SUP { font-size: smaller }
PRE { font-family: monospace }
--></STYLE>
</HEAD>
<BODY>
<A HREF="toc.html">Contents</A>
<A HREF="rfc.html">Previous</A>
<A HREF="umltesting.html">Next</A>
<HR>
<H1><A name="roadmap">Distribution Roadmap: What's Where in Linux
FreeS/WAN</A></H1>
<P> This file is a guide to the locations of files within the FreeS/WAN
distribution. Everything described here should be on your system once
you download, gunzip, and untar the distribution.</P>
<P>This distribution contains two major subsystems</P>
<DL>
<DT><A href="#klips.roadmap">KLIPS</A></DT>
<DD>the kernel code</DD>
<DT><A href="#pluto.roadmap">Pluto</A></DT>
<DD>the user-level key-management daemon</DD>
</DL>
<P>plus assorted odds and ends.</P>
<H2><A name="top">Top directory</A></H2>
<P>The top directory has essential information in text files:</P>
<DL>
<DT>README</DT>
<DD>introduction to the software</DD>
<DT>INSTALL</DT>
<DD>short experts-only installation procedures. More detalied procedures
are in<A href="install.html"> installation</A> and<A href="config.html">
configuration</A> HTML documents.</DD>
<DT>BUGS</DT>
<DD>major known bugs in the current release.</DD>
<DT>CHANGES</DT>
<DD>changes from previous releases</DD>
<DT>CREDITS</DT>
<DD>acknowledgement of contributors</DD>
<DT>COPYING</DT>
<DD>licensing and distribution information</DD>
</DL>
<H2><A name="doc">Documentation</A></H2>
<P> The doc directory contains the bulk of the documentation, most of it
in HTML format. See the<A href="index.html"> index file</A> for
details.</P>
<H2><A name="klips.roadmap">KLIPS: kernel IP security</A></H2>
<P><A href="glossary.html#KLIPS"> KLIPS</A> is<STRONG> K</STRONG>erne<STRONG>
L</STRONG><STRONG> IP</STRONG><STRONG> S</STRONG>ecurity. It lives in
the klips directory, of course.</P>
<DL>
<DT>klips/doc</DT>
<DD>documentation</DD>
<DT>klips/patches</DT>
<DD>patches for existing kernel files</DD>
<DT>klips/test</DT>
<DD>test stuff</DD>
<DT>klips/utils</DT>
<DD>low-level user utilities</DD>
<DT>klips/net/ipsec</DT>
<DD>actual klips kernel files</DD>
<DT>klips/src</DT>
<DD>symbolic link to klips/net/ipsec
<P>The "make insert" step of installation installs the patches and makes
a symbolic link from the kernel tree to klips/net/ipsec. The odd name
of klips/net/ipsec is dictated by some annoying limitations of the
scripts which build the Linux kernel. The symbolic-link business is a
bit messy, but all the alternatives are worse.</P>
<P></P>
</DD>
<DT>klips/utils</DT>
<DD>Utility programs:
<P></P>
<DL>
<DT>eroute</DT>
<DD>manipulate IPsec extended routing tables</DD>
<DT>klipsdebug</DT>
<DD>set Klips (kernel IPsec support) debug features and level</DD>
<DT>spi</DT>
<DD>manage IPsec Security Associations</DD>
<DT>spigrp</DT>
<DD>group/ungroup IPsec Security Associations</DD>
<DT>tncfg</DT>
<DD>associate IPsec virtual interface with real interface</DD>
</DL>
<P>These are all normally invoked by ipsec(8) with commands such as</P>
<PRE> ipsec tncfg <VAR>arguments</VAR></PRE>
There are section 8 man pages for all of these; the names have "ipsec_"
as a prefix, so your man command should be something like:
<PRE> man 8 ipsec_tncfg</PRE>
</DD>
</DL>
<H2><A name="pluto.roadmap">Pluto key and connection management daemon</A>
</H2>
<P><A href="glossary.html#Pluto"> Pluto</A> is our key management and
negotiation daemon. It lives in the pluto directory, along with its
low-level user utility, whack.</P>
<P> There are no subdirectories. Documentation is a man page,<A href="manpage.d/ipsec_pluto.8.html">
pluto.8</A>. This covers whack as well.</P>
<H2><A name="utils">Utils</A></H2>
<P> The utils directory contains a growing collection of higher-level
user utilities, the commands that administer and control the software.
Most of the things that you will actually have to run yourself are in
there.</P>
<DL>
<DT>ipsec</DT>
<DD>invoke IPsec utilities
<P>ipsec(8) is normally the only program installed in a standard
directory, /usr/local/sbin. It is used to invoke the others, both those
listed below and the ones in klips/utils mentioned above.</P>
<P></P>
</DD>
<DT>auto</DT>
<DD>control automatically-keyed IPsec connections</DD>
<DT>manual</DT>
<DD>take manually-keyed IPsec connections up and down</DD>
<DT>barf</DT>
<DD>generate copious debugging output</DD>
<DT>look</DT>
<DD>generate moderate amounts of debugging output</DD>
</DL>
<P> There are .8 manual pages for these. look is covered in barf.8. The
man pages have an "ipsec_" prefix so your man command should be
something like:</P>
<PRE>
man 8 ipsec_auto
</PRE>
<P> Examples are in various files with names utils/*.eg</P>
<H2><A name="lib">Libraries</A></H2>
<H3><A name="fswanlib">FreeS/WAN Library</A></H3>
<P> The lib directory is the FreeS/WAN library, also steadily growing,
used by both user-level and kernel code.
<BR /> It includes section 3<A href="manpages.html"> man pages</A> for
the library routines.</P>
<H3><A name="otherlib">Imported Libraries</A></H3>
<H4>LibDES</H4>
The libdes library, originally from SSLeay, is used by both Klips and
Pluto for<A href="glossary.html#3DES"> Triple DES</A> encryption.
Single DES is not used because<A href="politics.html#desnotsecure"> it
is insecure</A>.
<P> Note that this library has its own license, different from the<A href="glossary.html#GPL">
GPL</A> used for other code in FreeS/WAN.</P>
<P> The library includes its own documentation.</P>
<H4>GMP</H4>
The GMP (GNU multi-precision) library is used for multi-precision
arithmetic in Pluto's key-exchange code and public key code.
<P> Older versions (up to 1.7) of FreeS/WAN included a copy of this
library in the FreeS/WAN distribution.</P>
<P> Since 1.8, we have begun to rely on the system copy of GMP.</P>
<HR>
<A HREF="toc.html">Contents</A>
<A HREF="rfc.html">Previous</A>
<A HREF="umltesting.html">Next</A>
</BODY>
</HTML>
|
