IPSec item - RE: [cgl_discussion] POC 9/24 Cancelled

Zhao, Forrest forrest.zhao at intel.com
Wed Oct 15 18:40:56 PDT 2003

Hi, Venkat

Thanks for your reply, that's very helpful.
I found that in the recent release Redhat had included ipsec-tools in
its RPM package. You may find the package from the following URL:

So we may not need to worry about this IPSec-tools project. Reahat may port or maintain it internally.

Best wishes

-----Original Message-----
From: Venkata Jagana [mailto:jagana at us.ibm.com] 
Sent: 2003年10月15日 23:40
To: Zhao, Forrest
Cc: cgl_discussion at osdl.org; Fleischer, Julie N
Subject: RE: IPSec item - RE: [cgl_discussion] POC 9/24 Cancelled

Hi Forrest,

Quite a while ago, the fixes are made to KAME/Racoon by one of
my team members, who posted the patch directly to KAME/Racoon.
The patches were applied in Racoon by the KAME team.

I believe, according to my team member, the changes from Racoon
are ported to IPSec utilities project at sourceforge by its maintainer.

As far as we know, Suse/UL is using KAME/Racoon/setkey tools but not sure
about Redhat. If Redhat is also not picking up the tools from this
site, then I'm not sure who else is using.

If you are using the tools from this project, then which distro are you
using against.


                      "Zhao, Forrest"                                                                                                 
                      <forrest.zhao at int        To:       Venkata Jagana/Beaverton/IBM at IBMUS                                           
                      el.com>                  cc:       "Fleischer, Julie N" <julie.n.fleischer at intel.com>,                          
                                                <cgl_discussion at osdl.org>                                                             
                      10/07/2003 11:33         Subject:  RE: IPSec item -  RE: [cgl_discussion] POC 9/24 Cancelled                    

Hi, Venkat

You mentioned that you found some issues in IP-sec tools and fixed them.
I'd like to know which IP-sec tool utility are you concerned about. Is it
KAME/racoon, setkey? Did you fix the bugs locally or post patches to some
mailing list?
The maintainer of IP-sec tools on source-forge has disappeared for long
time, so there is no progress for this project in open source community
until now. If we can find the maintainer for this project, maybe we can
make this project evolve into stable state as soon as we expect.


-----Original Message-----
From: cgl_discussion-bounces at lists.osdl.org
[mailto:cgl_discussion-bounces at lists.osdl.org] On Behalf Of Venkata Jagana
Sent: 2003年10月3日 3:22
To: Fleischer, Julie N
Cc: Shureih, Tariq; cgl_discussion at osdl.org; sdake at mvista.com
Subject: IPSec item - RE: [cgl_discussion] POC 9/24 Cancelled

Note: Modified the subject

   >- IPSec -> This one we just recently added.  See note with Forrest and
   Mika's comments on what needs to be >done to the user space portion of

   >- Per input at the F2F:  Of the two implementations, FreeSWAN is known
   >be stable, but will not become part of the kernel for the foreseeable
   >future.  The implementation that is part of the kernel needs someone to

   >test to see how useful it is.  The tools aren't user-friendly or usable

   We have validated the IPSec v4 implementation currently in 2.6.x
   kernel around 2.5.70 or 2.5.71 time frame and found that the
   implementation is highly stable from both functional and
   stree testing standpoint.

   We have used TAHI IPv4 tests for functional validation and found that
   the results are really good. This validation is done for both transport
   and tunnel mode operations.

   Bottomline: IPsec v4 in 2.6.x kernels is as stable the other
   As far as the tools are concerned, they are in usable condition. We have
   some issues and fixed them. Ofcourse, they have been evolving since
   Not sure about user-friendliness, every one's views are different.


                      "Fleischer, Julie N"

                      <julie.n.fleischer at intel.c        To:       "Shureih,
Tariq" <tariq.shureih at intel.com>, <sdake at mvista.com>,
<cgl_discussion at osdl.org>

                      Sent by:                          cc:

                      cgl_discussion-bounces at lis        Subject:  RE:
[cgl_discussion] POC 9/24 Cancelled

                      09/30/2003 02:37 PM

> -----Original Message-----
> From: Shureih, Tariq
> Steven:
> I'd like to add the following to the next meeting's agenda:
> The definition of CGL 2.0 requirement fulfillment for openhpi.

Steve -
I can't make it to tomorrow's POC (or I may be able to make it, but late).
I had some questions/tracking items from the top-10 that I wanted to bring
to the POC, though:

(from http://www.osdl.org/docs/cgl_poc_top_10_projects.txt)
- Asynchronous Events -> We haven't discussed in a meeting since finding
that epoll+libevent may implement this requirement.  Do we think
epoll+libevent meets the full requirement (and this no longer needs to be
top-10)?  If not, which one(s) do we want to ask steering for resources
for:  AEM or epoll+libevent?

- PKI CA -> Is there additional analysis CGL needs to do to be able to get
distro input on this one?

- IPSec -> This one we just recently added.  See note with Forrest and
Mika's comments on what needs to be done to the user space portion of this.

For the others, there are just status questions:
- Persistent Device Naming: status on uSDE
- TIPC status
- message passing status

- Julie

**These views are not necessarily those of my employer.**

cgl_discussion mailing list
cgl_discussion at lists.osdl.org

cgl_discussion mailing list
cgl_discussion at lists.osdl.org

More information about the cgl_discussion mailing list