[strongSwan-dev] ESP Sequence
Daniel Palomares
palomaresdaniel at gmail.com
Fri Feb 3 15:09:48 CET 2012
Hi Martin,
Thanks for your reply!
Yes, I did have a look , and I did modify the replay state by re-using the
methods during the update_sa call.
I was just wondering if there is a way through ip xfrm or setkey or other,
to monitor the ESP sequence?
I mean, if I am an administrator and I wish to monitor the ESP counters,
how would I do?
When you run "ipsec statusall" could you find such information? and if not,
is there anyway then?
Thanks
Daniel
2012/2/3 Martin Willi <martin at strongswan.org>
> Hello Daniel,
>
> > how can you ask the kernel what is the value of the ESP sequence
> > counter at anytime?
>
> Have a look at the get_replay_state() function at [1], it gets the
> replay state from a kernel SA. We use it to adjust the replay state
> after updating addresses of an SA.
>
> Regards
> Martin
>
> [1]
> http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c#l1494
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20120203/328b8642/attachment.html>
More information about the Dev
mailing list