[strongSwan-dev] IPSEC counters
sima hooshyar
sima.hooshyar at gmail.com
Fri Aug 30 11:24:33 CEST 2013
Hi,
It was a bit of confusion in the previous mail about InPkts (as they have
nothing to do with IKE). But I was wondering about those tunnel counters
that can be also counted in IKE, for e.g. OutDiscNoSa, where each packet
that does not find a outgoing SA is reported to IKE stack for starting a
new child SA negotiation.
BR,
/Sima
On Fri, Aug 30, 2013 at 10:24 AM, sima hooshyar <sima.hooshyar at gmail.com>wrote:
> Hi Strong Swan:)
>
> I am a new to SS and have a question regarding the counters.
> I could find the IKE counters in stroke_counter.h in libcharon.
>
> enum stroke_counter_type_t {
> /** initiated IKE_SA rekeyings */
> COUNTER_INIT_IKE_SA_REKEY,
> /** responded IKE_SA rekeyings */
> COUNTER_RESP_IKE_SA_REKEY,
> /** completed CHILD_SA rekeyings */
> COUNTER_CHILD_SA_REKEY,
> /** messages with invalid types, length, or a value out of range */
> COUNTER_IN_INVALID,
> /** messages with an invalid IKE SPI */
> COUNTER_IN_INVALID_IKE_SPI,
> ....
>
> But I am wondering where I can find IPSEC tunnel related counters. Such as
> OutDiscNoSa, the number of outgoing packets that are discarded because SA
> is not present, or InPkts, the number of incoming packets for a particular
> tunnel.
>
> --
> Best regards
> Sima Hooshyar
>
>
--
Best regards
Sima Hooshyar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20130830/79e77699/attachment.html>
More information about the Dev
mailing list