[strongSwan-dev] XFRM netlink protocol explained?

Philip Prindeville philipp_subx at redfish-solutions.com
Sat Mar 14 01:26:35 CET 2015


I'm working on some tools that watch IPsec activity in the kernel 
out-of-band by opening an Netlink socket and watching for XFRM messages.

I'm trying to understand which messages (XFRM_MSG_NEWSA, XFRM_MSG_UPDSA, 
XFRM_MSG_EXPIRE, XFRM_MSG_DELSA) occur when, and how to deconstruct the 
messages and grovel out the interesting fields.

Is there a useful writeup on the messages and when/how they are generated?

I tried running "ip xfrm monitor" while bringing up/taking down some 
tunnels, but it wasn't as straight-forward as I had hoped.

Any useful pointers appreciated.



More information about the Dev mailing list