[strongSwan] Problem sending a packet out a raw socket over IPsec

Martin Willi martin at strongswan.org
Tue Jun 21 17:56:09 CEST 2011

> Hmm, this was my fear that the Linux kernel simply does not route
> locally generated RAW packets through XFRM.  Is there any other way to
> make a locally-generated IP packet go through XFRM?

It seems that the kernel actually calls ip_route_output_flow() from
raw_sendmsg(), what should be fine. But the flow protocol depends on the
socket protocol and the HDRINCL option. You may play with these to track
this issue down...


More information about the Users mailing list