HP Tru64 UNIX Technical Updates for the Version 5.1B and Higher Operating System and Patches (February 2010)
Select any optional parameters.a.
b. Select an IKE group number for initial Diffie-Hellman exchanges, if it is different from
the IKE proposals.
c. If using Perfect Forward Secrecy (PFS), select a group number future for Diffie-Hellman
exchanges.
d. Select a default lifetime if the proposal does not specify a lifetime.
e. Select Finish to accept the data and close the Add/Modify Connection: Optional IKE
Parameters dialog box.
20. An informational dialog box is displayed that tells you the connection has been created.
Select OK to close this dialog box.
21. If you need to specify additional public-key certificates, select Add in the Public-Key
Certificates field to display an Add/Modify Certificates dialog box into which you can enter
information for the certificate. Do the following:
a. Enter the certificate name, select a certificate encoding method, and enter a local path
to the certificate file.
b. If the certificate authenticates your system, select a private key encoding method and
enter a local path to the private key file.
c. If the certificate is trusted to sign other certificates, select CA Certificate. Otherwise, go
to step f.
d. If a Certificate Revocation List (CRL) is not available, select No Certificate Revocation
List (CRL) Available. Go to step f.
e. Select an encoding method for the CRL and enter a local path to the CRL file.
f. Select OK to accept the data and close the Add/Modify Certificates dialog box.
22. Select OK in the IPsec main window to save the configuration information. Whether or not
IPsec is already running on your system, the Restart IPsec? dialog box is displayed. If you
want to start or restart IPsec, select OK; otherwise, select No. If you select No, you can reboot
the system to start or restart IPsec, or start or reload the ipsecd daemon (see the Network
Administration: Connections manual).
See the Network Administration: Connections manual for information on solving possible
interoperability problems.
Adding Callout Functions for IP Processing (Jan. 2004)
The fr_checkp global variable is a callout hook in the kernel IP processing code. You can use
this hook to call out to a customized routine to filter or verify IP packets.
To add a callout in the IP input and output processing, create a module that performs an
assignment of fr_checkp during the initialization or configuration of the custom filter module,
as follows:
(*fr_checkp) (struct ip *ip, int hlen, struct ifnet *rcvif, int direction, struct **mbuf bufp)
Where:
ip
Points to the IP header.
hlen
Is the length of the header.
rcvif
Is a pointer to the receiving or sending interface.
direction
0 for input; 1 for output.
bufp Is a pointer to the mbuf message chain.
If the routine returns a zero, IP processing continues using the mbuf pointer returned in the
bufp field. If a nonzero value is returned or if the mbuf pointer is zero, IP processing is terminated.
If the callout function returns a nonzero value, the callout routine must free the mbuf chain using
m_freem.
30