xfrm to implement IPsec

Question

In my project it is required to implement IPsec to packets programatically. Currently my system captures packets utilizing netfilter queue and readies the packet to be mangled. From this point on I am clueless on how to implement IPsec to these packets.

During my research I came across a linux kernel library names xfrm however this lacks documentation to get a firm grip on it (https://www.google.com/search?client=ubuntu&channel=fs&q=how+to+use+xfrm+c&ie=utf-8&oe=utf-8#channel=fs&q=linux+ipsec+xfrm+example). I would really appreciate if any of you experts would provide me with some examples to perform IPsec with xfrm or any alternative methods to implement IPsec.

Thank you very much

Answer 1

In kernel space look at this files

[Sasi@localhost linux]$ ls -l net/ipv4/xfrm4_*
-rw-r--r--. 1 root root 3957 Apr 19 20:09 net/ipv4/xfrm4_input.c
-rw-r--r--. 1 root root 3773 Apr 19 20:09 net/ipv4/xfrm4_mode_beet.c
-rw-r--r--. 1 root root 2135 Apr 19 20:09 net/ipv4/xfrm4_mode_transport.c
-rw-r--r--. 1 root root 3024 Apr 19 20:09 net/ipv4/xfrm4_mode_tunnel.c
-rw-r--r--. 1 root root 2494 Apr 19 20:09 net/ipv4/xfrm4_output.c
-rw-r--r--. 1 root root 7530 Apr 19 20:09 net/ipv4/xfrm4_policy.c
-rw-r--r--. 1 root root 6523 Apr 19 20:09 net/ipv4/xfrm4_protocol.c
-rw-r--r--. 1 root root 2494 Apr 19 20:09 net/ipv4/xfrm4_state.c
-rw-r--r--. 1 root root 2765 Apr 19 20:09 net/ipv4/xfrm4_tunnel.c

[Sasi@localhost linux]$ ls -l net/xfrm/*
-rw-r--r--. 1 root root  2246 Apr 19 20:09 net/xfrm/Kconfig
-rw-r--r--. 1 root root   342 Apr 19 20:09 net/xfrm/Makefile
-rw-r--r--. 1 root root 14094 Apr 19 20:09 net/xfrm/xfrm_algo.c
-rw-r--r--. 1 root root   766 Apr 19 20:09 net/xfrm/xfrm_hash.c
-rw-r--r--. 1 root root  3179 Apr 19 20:09 net/xfrm/xfrm_hash.h
-rw-r--r--. 1 root root  8683 Apr 19 20:09 net/xfrm/xfrm_input.c
-rw-r--r--. 1 root root  7816 Apr 19 20:09 net/xfrm/xfrm_ipcomp.c
-rw-r--r--. 1 root root  4874 Apr 19 20:09 net/xfrm/xfrm_output.c
-rw-r--r--. 1 root root 78405 Apr 19 20:09 net/xfrm/xfrm_policy.c
-rw-r--r--. 1 root root  3364 Apr 19 20:09 net/xfrm/xfrm_proc.c
-rw-r--r--. 1 root root 14582 Apr 19 20:09 net/xfrm/xfrm_replay.c
-rw-r--r--. 1 root root 56892 Apr 19 20:09 net/xfrm/xfrm_state.c
-rw-r--r--. 1 root root  1877 Apr 19 20:09 net/xfrm/xfrm_sysctl.c
-rw-r--r--. 1 root root 73048 Apr 19 20:09 net/xfrm/xfrm_user.c