Configuring IPsec within a user application?

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Stuart Longland <redhatter@gentoo.org>
To: netdev@vger.kernel.org
Subject: Configuring IPsec within a user application?
Date: Fri, 04 Feb 2011 19:58:07 +1000	[thread overview]
Message-ID: <4D4BCDAF.6000705@gentoo.org> (raw)

Hi all,

I'm not sure if this is the right list or not, if not I'd appreciate a
referral to a more appropriate list.

I've been toying with the idea of a small multicast VoIP/digital comms
protocol¹ for use over wireless radio links.  The typical use case might
be to replace UHF FM radio transceivers with modern smart phones, using
multicast IPv6 networking over 802.11b.  (It will have other modes too,
transmission over amateur radio bands for instance.)

In some commercial settings, or over the Internet, it'd be great for
traffic to be authenticated using HMAC-SHA1 or even encrypted.  Looking
at IPsec, I see it provides exactly this.  My thought, why re-invent the
wheel when a solution may already exist?

The question though:  Is it possible for a userspace application
(non-privileged) to request that the UDP packets it generates/receives
from/to a particular address be encrypted or hashed against a specified key?

i.e. if I decide to communicate with someone on the same wireless link,
and by means of asymmetric crypto at higher layers we establish a shared
AES key, can I configure the stack for traffic between these two hosts
on-the-fly and without root privileges?

Regards,
-- 
Stuart Longland (aka Redhatter, VK4MSL)      .'''.
Gentoo Linux/MIPS Cobalt and Docs Developer  '.'` :
. . . . . . . . . . . . . . . . . . . . . .   .'.'
http://dev.gentoo.org/~redhatter             :.'

I haven't lost my mind...
  ...it's backed up on a tape somewhere.

1. http://wongi.longlandclan.yi.org

                 reply	other threads:[~2011-02-04 10:25 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4D4BCDAF.6000705@gentoo.org \
    --to=redhatter@gentoo.org \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).