Expand description
jkipsec - userspace IKEv2 / IPsec implementation that hands raw IP frames
to jktcp for TCP processing.
The high-level entry point is api::JkispecServer. Lower-level IKE
parser and crypto primitives are exposed in ike and crypto for
advanced use, but most users won’t need them.
Layering:
UDP socket -> ike::Message (parse) -> session state machine
│
▼
esp::Sa (decrypt)
│
▼
AsyncRead/Write IP frames
│
▼
jktcp::AdapterThe crate is split so each layer can be tested in isolation.
Modules§
- api
- Public library API for jkipsec.
- crypto
- IKEv2 cryptographic primitives.
- esp
- ESP (RFC 4303) packet codec for AES-GCM-16-256 child SAs. Operates on UDP-encapsulated ESP (RFC 3948) as sent by iOS on port 4500.
- ike
- IKEv2 message framing per RFC 7296.
- session
- Per-IKE-SA state machine. Internal - drive through
crate::api.