doc: Remove obsolete architecture description and empty known bugs list
This commit is contained in:
parent
0909bf6c0a
commit
01e48ddd59
|
@ -1,5 +0,0 @@
|
|||
Known bugs in charon
|
||||
======================
|
||||
|
||||
|
||||
|
|
@ -1,56 +0,0 @@
|
|||
/** @mainpage
|
||||
|
||||
@section design strongSwans overall design
|
||||
|
||||
IKEv1 and IKEv2 is handled in different keying daemons. The ole IKEv1 stuff is
|
||||
completely handled in pluto, as it was all the times. IKEv2 is handled in the
|
||||
new keying daemon, which is called #charon.
|
||||
Daemon control is done over unix sockets. Pluto uses whack, as it did for years.
|
||||
Charon uses another socket interface, called stroke. Stroke uses another
|
||||
format as whack and therefore is not compatible to whack. The starter utility,
|
||||
which does fast configuration parsing, speaks both the protocols, whack and
|
||||
stroke. It also handles daemon startup and termination.
|
||||
Pluto uses starter for some commands, for other it uses the whack utility. To be
|
||||
as close to pluto as possible, charon has the same split up of commands to
|
||||
starter and stroke. All commands are wrapped together in the ipsec script, which
|
||||
allows transparent control of both daemons.
|
||||
@verbatim
|
||||
|
||||
+-----------------------------------------+
|
||||
| ipsec |
|
||||
+-----+--------------+---------------+----+
|
||||
| | |
|
||||
| | |
|
||||
| +-----+-----+ |
|
||||
+-----+----+ | | +-----+----+
|
||||
| | | starter | | |
|
||||
| stroke | | | | whack |
|
||||
| | +---+--+----+ | |
|
||||
+------+---+ | | +--+-------+
|
||||
| | | |
|
||||
+---+------+ | | +------+--+
|
||||
| | | | | |
|
||||
| charon +----+ +----+ pluto |
|
||||
| | | |
|
||||
+-----+----+ +----+----+
|
||||
| |
|
||||
+-----+----+ |
|
||||
| LSF | |
|
||||
+-----+----+ |
|
||||
| |
|
||||
+-----+----+ +----+----+
|
||||
| RAW Sock | | UDP/500 |
|
||||
+----------+ +---------+
|
||||
|
||||
@endverbatim
|
||||
Since IKEv2 uses the same port as IKEv1, both daemons must listen to UDP port
|
||||
500. Under Linux, there is no clean way to set up two sockets at the same port.
|
||||
To reslove this problem, charon uses a RAW socket, as they are used in network
|
||||
sniffers. An installed Linux Socket Filter (LSF) filters out all none-IKEv2
|
||||
traffic. Pluto receives any IKE message, independent of charon's behavior.
|
||||
Therefore plutos behavior is changed to discard any IKEv2 traffic silently.
|
||||
|
||||
To gain some reusability of the code, generic crypto and utility functions are
|
||||
separeted in a shared library, libstrongswan.
|
||||
|
||||
*/
|
Loading…
Reference in New Issue