Internet Key Exchange management libraryLibike is a cross-platform C library for managing IKE negotiations as per RFC 2407, 2408 and 2409. The project is from 2003 and it is no longer maintained.
What it doesThe library implements ISAKMP packet processing, IKE state management and various miscellaneous functions such as handling of packet retransmissions and SA lifetime tracking. In other words...
Libike handles protocol details of the IKE exchange leaving the application to make high-level decisions of the negotiation.The library parses packets passed to it by an application, steps through IKE states based on packets' content, queries the application via callbacks for any information it is missing, formats responses and passes them back to the application for actual transmission.
What it does notLibike does not include any networking code and makes very few assumptions about the actual packet transfer medium. It is an application that does all sending and receiving. This arrangement allows runing IKE exchanges over not just UDP, but virtually any protocol including raw IP, TCP, HTTP or IPC channels.
In the same vein libike does not provide means for creating, managing or querying security policies. When it arrives at point of making a security policy decision - for example, needing to validate peer's credentials or to select one of SA offers - it issues a callback and expects the application to tell it what to do.
Callbacks and portabilityCallbacks are absolutely essential to libike's architecture. This is what keeps the library light and its OS dependencies remarkably small. The API defines 19 callbacks as opposed to just 8 entry points. The CALLBACKS section in the manual.txt has the details.
The library is written in portable C with a tiny "glue" layer that includes a small number of compiler- and platform-specific typedefs, macros and functions. Therefore adapting libike to a new platform translates into just making a new glue layer.