[strongSwan-dev] XFRM netlink protocol explained?
philipp_subx at redfish-solutions.com
Sat Mar 14 01:26:35 CET 2015
I'm working on some tools that watch IPsec activity in the kernel
out-of-band by opening an Netlink socket and watching for XFRM messages.
I'm trying to understand which messages (XFRM_MSG_NEWSA, XFRM_MSG_UPDSA,
XFRM_MSG_EXPIRE, XFRM_MSG_DELSA) occur when, and how to deconstruct the
messages and grovel out the interesting fields.
Is there a useful writeup on the messages and when/how they are generated?
I tried running "ip xfrm monitor" while bringing up/taking down some
tunnels, but it wasn't as straight-forward as I had hoped.
Any useful pointers appreciated.
More information about the Dev