Hello all;<br><br>I continue experiencing troubles when getting the ESP Sequence Counter. <br><br>I have reused code from the get_replay_state() function as Willi told me.<br><br>Unfortunately, once through the SWITCH statement of this function, the xfrm message that I'm getting is NLMSG_ERROR of the type "No such process (3)" for SPI ..." <br>
During this error I noticed that the displayed SPI in the LOG is correct.<br><br>Does the "No such process(3)" means that an SA is not found or that the message I'm sending to kernel is not the appropriate one? <br>
<br>To uniquely identify the SA I'm using the spi, the protocol (50 for ESP) and and the destination source; as well as the family of the destination address in xfrm_aevent_id.<br><br>Any help will be sincerely appreciate! <br>
<br>Thanks again,<br><br>Daniel <br><br><br>
<br><br><div class="gmail_quote">2012/2/3 Daniel Palomares <span dir="ltr"><<a href="mailto:palomaresdaniel@gmail.com">palomaresdaniel@gmail.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi Martin,<br><br>Thanks for your reply! <br><br>Yes, I did have a look , and I did modify the replay state by re-using the methods during the update_sa call.<br>I was just wondering if there is a way through ip xfrm or setkey or other, to monitor the ESP sequence?<br>
<br>I mean, if I am an administrator and I wish to monitor the ESP counters, how would I do? <br>When you run "ipsec statusall" could you find such information? and if not, is there anyway then? <br><br>Thanks<span class="HOEnZb"><font color="#888888"><br>
<br clear="all">Daniel</font></span><div class="HOEnZb"><div class="h5"><br><br><br><div class="gmail_quote">2012/2/3 Martin Willi <span dir="ltr"><<a href="mailto:martin@strongswan.org" target="_blank">martin@strongswan.org</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hello Daniel,<br>
<div><br>
> how can you ask the kernel what is the value of the ESP sequence<br>
> counter at anytime?<br>
<br>
</div>Have a look at the get_replay_state() function at [1], it gets the<br>
replay state from a kernel SA. We use it to adjust the replay state<br>
after updating addresses of an SA.<br>
<br>
Regards<br>
Martin<br>
<br>
[1]<a href="http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c#l1494" target="_blank">http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c#l1494</a><br>
<br>
</blockquote></div><br>
</div></div></blockquote></div><br>