Project Home
Project Home		 Wiki
Wiki		 Discussion Forums
Discussions		 Project Information
Project Info
Networking/Discussion/Technology/ipsec requirements/List of Posts
BroadcastCommunity.qnx.com will be offline from May 31 6:00pm until June 2 12:00AM for upcoming system upgrades. For more information please go to https://community.qnx.com/sf/discussion/do/listPosts/projects.bazaar/discussion.bazaar.topc28418
Forum Topic - ipsec requirements: (3 Items)
   
Update
Jared Roundy
09/06/2019 6:55 PM
post119882
ipsec requirements   
I am trying to create a UDPv6 connection using ipsec.  Is there more infrastructure I need to start up for ipsec other 
then the network stack (io-pkt-v6-hc)?  Do I need to add any specific options to startup of the stack?

I am getting errno 22 from the setsocketopt() call with the following code

            const char* outPolicyText = "out ipsec esp/transport//require";
            ipsec_policy_t outPolicy = ipsec_set_policy(outPolicyText, strlen(outPolicyText));

            if (setsockopt(mySocketHandle, IPPROTO_IP, IP_IPSEC_POLICY, outPolicy, ipsec_get_policylen(outPolicy))) {
               zError("setsockopt Error for outPolicy %d %s", errno, ipsec_strerror());
            } else {
               zError("setsockopt Success for outPolicy");
            }

            free(outPolicy);

I get errno 247 from the socket() call with the following call
               int pfSocket = socket(PF_KEY, SOCK_RAW, PF_KEY_V2);

I am running io-pkt-v6-hc on 6.5.0SP1.  I can switch to 6.6 or 7.0 if that makes a difference.

Thanks
Dean Denter
09/09/2019 8:03 AM
post119883
Re: ipsec requirements   
Did you start io-pkt with the ipsec option?

io-pkt-v6-hc -d<driver> -ptcpip ipsec

Also, check for any errors in the slog output (in 7.0: "slog2info -biopkt,io_pkt_v6_hc")
Jared Roundy
09/09/2019 11:05 AM
post119884
Re: ipsec requirements   
I was not starting the ipsec option.  I am doing that and see 
Sep 09 09:11:42    5    14     0 initializing IPsec... done
Sep 09 09:11:42    5    14     0 IPsec: Initialized Security Association Processing.

So thanks for that help.  

I am still seeing the same issues as before though (errno 22 and 247).  Any other ideas?  I can switch my code to QNX 7 
to see if I have any more messages from sloginfo, but that may not be completed until later in the week.

Return


  A subsidiary of BlackBerry             All content ©2004-2013, QNX Software Systems