[strongSwan-dev] DPD action script patch.
Tobias Brunner
tobias at strongswan.org
Tue Nov 3 15:59:32 CET 2015
Hi Pavel,
> For now,
> strongSwan supports some dpd actions such as 'clear', 'hold' and
> 'restart'. The patch implements new dpdaction named 'script'. It means
> that if no activity is detected, strongSwan executes external command
> with the dead peer passed as the argument for the command.
I don't agree with this approach. The actions are things to do with a
particular CHILD_SA/policy not unrelated things like calling a script to
email notifications. Instead, I propose you write a plugin that hooks
the ALERT_RETRANSMIT_SEND_TIMEOUT alert to get notified after the last
retransmit has been sent and the peer is considered dead. The plugin is
then free to do whatever it likes (e.g. calling a script).
Regards,
Tobias
More information about the Dev
mailing list