wiki:UsingTfc

Tutorial on using thn TFC Kernel

Kernel Compiling

The reader of this document should be familiar with kernel compiling. In this document we explain how to compile our modified kernel sources to run a regular Linux Box

First way: download our kernel sources

First download the kernel sources from our repository

cd /home/utente
svn co https://minerva.netgroup.uniroma2.it/svn/discreet/tfcproject/trunk/linux-2.6.16.19-TFC myKernel
cd myKernel

Now we are ready to compile the sources. Proceed like if it was a regular 2.6 Kernel, modify your Grub or Lilo and so on.

This links might be useful (especially if you run a Linux Box): http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=1&chap=7 http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=1&chap=10

Second way: patch your own sources

TODO

Load the TFC kernel modules

We have to load the AH kernel module because our TFC runs on top of AH

modprobe ah4

Load the TFC modules

modprobe tfc_hook_in
modprobe tfc_hook_out

The tfc module is loaded automagically You can check the correctness of the loaded modules with lsmod

Setting up an example AH/TFC transport between two hosts

Now you have to set the security associations and the security policy Please refer to http://www.ipsec-howto.org/ for the complete documentation on IPSec

Here is an example file for host1:

flush;
spdflush;

spdadd  10.0.0.2 10.0.0.3 any
        -P in ipsec
        ah/transport//require;

add 10.0.0.2 10.0.0.3 ah 0x0001 -m transport
        -A hmac-md5 0x0123456789abcdef0123456789abcdef;

spdadd  10.0.0.3 10.0.0.2 any
        -P out ipsec
        ah/transport//require;

add 10.0.0.3 10.0.0.2  ah 0x0002 -m transport
        -A hmac-md5 0x0123456789abcdef0123456789abcdef;

you can load this file using

setkey -f filename

here is an example file for host2

flush;
spdflush;

spdadd  10.0.0.2 10.0.0.3 any
        -P out ipsec
        ah/transport//require;

add 10.0.0.2 10.0.0.3 ah 0x0001 -m transport
        -A hmac-md5 0x0123456789abcdef0123456789abcdef;

spdadd  10.0.0.3 10.0.0.2 any
        -P in ipsec
        ah/transport//require;

add 10.0.0.3 10.0.0.2  ah 0x0002 -m transport
        -A hmac-md5 0x0123456789abcdef0123456789abcdef;

Last modified 11 years ago Last modified on Apr 17, 2007, 11:18:27 PM