1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
|
<html>
<head>
<title>FreeS/WAN roadmap</title>
<meta name="keywords" content="Linux, IPsec, VPN, security, FreeSWAN">
<!--
Written by Sandy Harris for the Linux FreeS/WAN project
Freely distributable under the GNU General Public License
More information at www.freeswan.org
Feedback to users@lists.freeswan.org
CVS information:
RCS ID: $Id: roadmap.html,v 1.1 2004/03/15 20:35:24 as Exp $
Last changed: $Date: 2004/03/15 20:35:24 $
Revision number: $Revision: 1.1 $
CVS revision numbers do not correspond to FreeS/WAN release numbers.
-->
</head>
<body>
<h1><a name="roadmap">Distribution Roadmap: What's Where in Linux FreeS/WAN</a></h1>
<p>
This file is a guide to the locations of files within the FreeS/WAN
distribution. Everything described here should be on your system once you
download, gunzip, and untar the distribution.</p>
<p>This distribution contains two major subsystems
</p>
<dl>
<dt><a href="#klips.roadmap">KLIPS</a></dt>
<dd>the kernel code</dd>
<dt><a href="#pluto.roadmap">Pluto</a></dt>
<dd>the user-level key-management daemon</dd>
</dl>
<p>plus assorted odds and ends.
</p>
<h2><a name="top">Top directory</a></h2>
<p>The top directory has essential information in text files:</p>
<dl>
<dt>README</dt>
<dd>introduction to the software</dd>
<dt>INSTALL</dt>
<dd>short experts-only installation procedures. More detalied procedures are in
<a href="install.html">installation</a> and
<a href="config.html">configuration</a> HTML documents.</dd>
<dt>BUGS</dt>
<dd>major known bugs in the current release.</dd>
<dt>CHANGES</dt>
<dd>changes from previous releases</dd>
<dt>CREDITS</dt>
<dd>acknowledgement of contributors</dd>
<dt>COPYING</dt>
<dd>licensing and distribution information</dd>
</dl>
<h2><a name="doc">Documentation</a></h2>
<p>
The doc directory contains the bulk of the documentation, most of it in
HTML format. See the <a href="index.html">index file</a> for details.
</p>
<h2><a name="klips.roadmap">KLIPS: kernel IP security</a></h2>
</a>
<p>
<a href="glossary.html#KLIPS">KLIPS</a> is <strong>K</strong>erne<strong>L</strong>
<strong>IP</strong> <strong>S</strong>ecurity. It lives in the klips
directory, of course.
</p>
<dl>
<dt>klips/doc</dt>
<dd>documentation</dd>
<dt>klips/patches</dt>
<dd>patches for existing kernel files</dd>
<dt>klips/test</dt>
<dd>test stuff</dd>
<dt>klips/utils</dt>
<dd>low-level user utilities</dd>
<dt>klips/net/ipsec</dt>
<dd>actual klips kernel files</dd>
<dt>klips/src</dt>
<dd>symbolic link to klips/net/ipsec
<p>The "make insert" step of installation installs the patches and makes
a symbolic link from the kernel tree to klips/net/ipsec. The odd name of
klips/net/ipsec is dictated by some annoying limitations of the scripts
which build the Linux kernel. The symbolic-link business is a bit
messy, but all the alternatives are worse.</p>
<p></p>
</dd>
<dt>klips/utils</dt>
<dd>Utility programs:
<p></p>
<dl>
<dt>eroute</dt>
<dd>manipulate IPsec extended routing tables</dd>
<dt>klipsdebug</dt>
<dd>set Klips (kernel IPsec support) debug features and level</dd>
<dt>spi</dt>
<dd>manage IPsec Security Associations</dd>
<dt>spigrp</dt>
<dd>group/ungroup IPsec Security Associations</dd>
<dt>tncfg</dt>
<dd>associate IPsec virtual interface with real interface</dd>
</dl>
<p>These are all normally invoked by ipsec(8) with commands such as</p>
<pre> ipsec tncfg <var>arguments</var></pre>
There are section 8 man pages for all of these; the names have "ipsec_"
as a prefix, so your man command should be something like:
<pre> man 8 ipsec_tncfg</pre>
</dd>
</dl>
<h2><a name="pluto.roadmap">Pluto key and connection management daemon</a></h2>
<p>
<a href="glossary.html#Pluto">Pluto</a> is our key management and negotiation daemon. It
lives in the pluto directory, along with its low-level user utility,
whack.
</p>
<p>
There are no subdirectories. Documentation is a man page,
<a href="manpage.d/ipsec_pluto.8.html">pluto.8</a>. This covers whack as well.
</p>
<h2><a name="utils">Utils</a></h2>
<p>
The utils directory contains a growing collection of higher-level user
utilities, the commands that administer and control the software. Most of the
things that you will actually have to run yourself are in there.
</p>
<dl>
<dt>ipsec</dt>
<dd>invoke IPsec utilities
<p>ipsec(8) is normally the only program installed in a standard
directory, /usr/local/sbin. It is used to invoke the others, both those
listed below and the ones in klips/utils mentioned above.</p>
<p></p>
</dd>
<dt>auto</dt>
<dd>control automatically-keyed IPsec connections</dd>
<dt>manual</dt>
<dd>take manually-keyed IPsec connections up and down</dd>
<dt>barf</dt>
<dd>generate copious debugging output</dd>
<dt>look</dt>
<dd>generate moderate amounts of debugging output</dd>
</dl>
<p>
There are .8 manual pages for these. look is covered in barf.8. The man pages
have an "ipsec_" prefix so your man command should be something like:
<pre>
man 8 ipsec_auto
</pre>
<p>
Examples are in various files with names utils/*.eg</p>
<h2><a name="lib">Libraries</a></h2>
<h3><a name="fswanlib">FreeS/WAN Library</a></h3>
<p>
The lib directory is the FreeS/WAN library, also steadily growing, used by
both user-level and kernel code.<br />
It includes section 3 <a href="manpages.html">man pages</a> for the library routines.
</p>
<h3><a name="otherlib">Imported Libraries</a></h3>
<h4>LibDES</h4>
The libdes library, originally from SSLeay, is used by both Klips and Pluto
for <a href="glossary.html#3DES">Triple DES</a> encryption. Single DES is not
used because <a href="politics.html#desnotsecure">it is
insecure</a>.
<p>
Note that this library has its own license, different from the
<a href="glossary.html#GPL">GPL</a> used for other code in FreeS/WAN.
</p>
<p>
The library includes its own documentation.
<h4>GMP</h4>
The GMP (GNU multi-precision) library is used for multi-precision arithmetic
in Pluto's key-exchange code and public key code.
<p>
Older versions (up to 1.7) of FreeS/WAN included a copy of this library in
the FreeS/WAN distribution.
<p>
Since 1.8, we have begun to rely on the system copy of GMP.
</p>
</body>
</html>
|
