]>
Commit | Line | Data |
---|---|---|
997358a6 MW |
1 | <html> |
2 | <head> | |
3 | <title>FreeS/WAN roadmap</title> | |
4 | <meta name="keywords" content="Linux, IPsec, VPN, security, FreeSWAN"> | |
5 | ||
6 | <!-- | |
7 | ||
8 | Written by Sandy Harris for the Linux FreeS/WAN project | |
9 | Freely distributable under the GNU General Public License | |
10 | ||
11 | More information at www.freeswan.org | |
12 | Feedback to users@lists.freeswan.org | |
13 | ||
14 | CVS information: | |
15 | RCS ID: $Id: roadmap.html,v 1.1 2004/03/15 20:35:24 as Exp $ | |
16 | Last changed: $Date: 2004/03/15 20:35:24 $ | |
17 | Revision number: $Revision: 1.1 $ | |
18 | ||
19 | CVS revision numbers do not correspond to FreeS/WAN release numbers. | |
20 | --> | |
21 | </head> | |
22 | ||
23 | <body> | |
24 | <h1><a name="roadmap">Distribution Roadmap: What's Where in Linux FreeS/WAN</a></h1> | |
25 | ||
26 | <p> | |
27 | This file is a guide to the locations of files within the FreeS/WAN | |
28 | distribution. Everything described here should be on your system once you | |
29 | download, gunzip, and untar the distribution.</p> | |
30 | ||
31 | <p>This distribution contains two major subsystems | |
32 | </p> | |
33 | <dl> | |
34 | <dt><a href="#klips.roadmap">KLIPS</a></dt> | |
35 | <dd>the kernel code</dd> | |
36 | <dt><a href="#pluto.roadmap">Pluto</a></dt> | |
37 | <dd>the user-level key-management daemon</dd> | |
38 | </dl> | |
39 | ||
40 | <p>plus assorted odds and ends. | |
41 | </p> | |
42 | <h2><a name="top">Top directory</a></h2> | |
43 | ||
44 | <p>The top directory has essential information in text files:</p> | |
45 | ||
46 | <dl> | |
47 | <dt>README</dt> | |
48 | <dd>introduction to the software</dd> | |
49 | <dt>INSTALL</dt> | |
50 | <dd>short experts-only installation procedures. More detalied procedures are in | |
51 | <a href="install.html">installation</a> and | |
52 | <a href="config.html">configuration</a> HTML documents.</dd> | |
53 | <dt>BUGS</dt> | |
54 | <dd>major known bugs in the current release.</dd> | |
55 | <dt>CHANGES</dt> | |
56 | <dd>changes from previous releases</dd> | |
57 | <dt>CREDITS</dt> | |
58 | <dd>acknowledgement of contributors</dd> | |
59 | <dt>COPYING</dt> | |
60 | <dd>licensing and distribution information</dd> | |
61 | </dl> | |
62 | ||
63 | <h2><a name="doc">Documentation</a></h2> | |
64 | ||
65 | <p> | |
66 | The doc directory contains the bulk of the documentation, most of it in | |
67 | HTML format. See the <a href="index.html">index file</a> for details. | |
68 | </p> | |
69 | ||
70 | <h2><a name="klips.roadmap">KLIPS: kernel IP security</a></h2> | |
71 | </a> | |
72 | <p> | |
73 | <a href="glossary.html#KLIPS">KLIPS</a> is <strong>K</strong>erne<strong>L</strong> | |
74 | <strong>IP</strong> <strong>S</strong>ecurity. It lives in the klips | |
75 | directory, of course. | |
76 | </p> | |
77 | <dl> | |
78 | <dt>klips/doc</dt> | |
79 | <dd>documentation</dd> | |
80 | <dt>klips/patches</dt> | |
81 | <dd>patches for existing kernel files</dd> | |
82 | <dt>klips/test</dt> | |
83 | <dd>test stuff</dd> | |
84 | <dt>klips/utils</dt> | |
85 | <dd>low-level user utilities</dd> | |
86 | <dt>klips/net/ipsec</dt> | |
87 | <dd>actual klips kernel files</dd> | |
88 | <dt>klips/src</dt> | |
89 | <dd>symbolic link to klips/net/ipsec | |
90 | <p>The "make insert" step of installation installs the patches and makes | |
91 | a symbolic link from the kernel tree to klips/net/ipsec. The odd name of | |
92 | klips/net/ipsec is dictated by some annoying limitations of the scripts | |
93 | which build the Linux kernel. The symbolic-link business is a bit | |
94 | messy, but all the alternatives are worse.</p> | |
95 | <p></p> | |
96 | </dd> | |
97 | <dt>klips/utils</dt> | |
98 | <dd>Utility programs: | |
99 | <p></p> | |
100 | <dl> | |
101 | <dt>eroute</dt> | |
102 | <dd>manipulate IPsec extended routing tables</dd> | |
103 | <dt>klipsdebug</dt> | |
104 | <dd>set Klips (kernel IPsec support) debug features and level</dd> | |
105 | <dt>spi</dt> | |
106 | <dd>manage IPsec Security Associations</dd> | |
107 | <dt>spigrp</dt> | |
108 | <dd>group/ungroup IPsec Security Associations</dd> | |
109 | <dt>tncfg</dt> | |
110 | <dd>associate IPsec virtual interface with real interface</dd> | |
111 | </dl> | |
112 | <p>These are all normally invoked by ipsec(8) with commands such as</p> | |
113 | <pre> ipsec tncfg <var>arguments</var></pre> | |
114 | There are section 8 man pages for all of these; the names have "ipsec_" | |
115 | as a prefix, so your man command should be something like: | |
116 | <pre> man 8 ipsec_tncfg</pre> | |
117 | </dd> | |
118 | </dl> | |
119 | ||
120 | <h2><a name="pluto.roadmap">Pluto key and connection management daemon</a></h2> | |
121 | ||
122 | <p> | |
123 | <a href="glossary.html#Pluto">Pluto</a> is our key management and negotiation daemon. It | |
124 | lives in the pluto directory, along with its low-level user utility, | |
125 | whack. | |
126 | </p> | |
127 | <p> | |
128 | There are no subdirectories. Documentation is a man page, | |
129 | <a href="manpage.d/ipsec_pluto.8.html">pluto.8</a>. This covers whack as well. | |
130 | </p> | |
131 | ||
132 | <h2><a name="utils">Utils</a></h2> | |
133 | ||
134 | <p> | |
135 | The utils directory contains a growing collection of higher-level user | |
136 | utilities, the commands that administer and control the software. Most of the | |
137 | things that you will actually have to run yourself are in there. | |
138 | </p> | |
139 | <dl> | |
140 | <dt>ipsec</dt> | |
141 | <dd>invoke IPsec utilities | |
142 | <p>ipsec(8) is normally the only program installed in a standard | |
143 | directory, /usr/local/sbin. It is used to invoke the others, both those | |
144 | listed below and the ones in klips/utils mentioned above.</p> | |
145 | <p></p> | |
146 | </dd> | |
147 | <dt>auto</dt> | |
148 | <dd>control automatically-keyed IPsec connections</dd> | |
149 | <dt>manual</dt> | |
150 | <dd>take manually-keyed IPsec connections up and down</dd> | |
151 | <dt>barf</dt> | |
152 | <dd>generate copious debugging output</dd> | |
153 | <dt>look</dt> | |
154 | <dd>generate moderate amounts of debugging output</dd> | |
155 | </dl> | |
156 | <p> | |
157 | There are .8 manual pages for these. look is covered in barf.8. The man pages | |
158 | have an "ipsec_" prefix so your man command should be something like: | |
159 | <pre> | |
160 | man 8 ipsec_auto | |
161 | </pre> | |
162 | <p> | |
163 | Examples are in various files with names utils/*.eg</p> | |
164 | ||
165 | <h2><a name="lib">Libraries</a></h2> | |
166 | ||
167 | <h3><a name="fswanlib">FreeS/WAN Library</a></h3> | |
168 | ||
169 | <p> | |
170 | The lib directory is the FreeS/WAN library, also steadily growing, used by | |
171 | both user-level and kernel code.<br /> | |
172 | It includes section 3 <a href="manpages.html">man pages</a> for the library routines. | |
173 | </p> | |
174 | <h3><a name="otherlib">Imported Libraries</a></h3> | |
175 | ||
176 | <h4>LibDES</h4> | |
177 | ||
178 | The libdes library, originally from SSLeay, is used by both Klips and Pluto | |
179 | for <a href="glossary.html#3DES">Triple DES</a> encryption. Single DES is not | |
180 | used because <a href="politics.html#desnotsecure">it is | |
181 | insecure</a>. | |
182 | <p> | |
183 | Note that this library has its own license, different from the | |
184 | <a href="glossary.html#GPL">GPL</a> used for other code in FreeS/WAN. | |
185 | </p> | |
186 | <p> | |
187 | The library includes its own documentation. | |
188 | ||
189 | ||
190 | <h4>GMP</h4> | |
191 | ||
192 | The GMP (GNU multi-precision) library is used for multi-precision arithmetic | |
193 | in Pluto's key-exchange code and public key code. | |
194 | <p> | |
195 | Older versions (up to 1.7) of FreeS/WAN included a copy of this library in | |
196 | the FreeS/WAN distribution. | |
197 | <p> | |
198 | Since 1.8, we have begun to rely on the system copy of GMP. | |
199 | </p> | |
200 | ||
201 | </body> | |
202 | </html> | |
203 |