[strongSwan] Problem sending a packet out a raw socket over IPsec

[Martin Willi]

> Hmm, this was my fear that the Linux kernel simply does not route
> locally generated RAW packets through XFRM.  Is there any other way to
> make a locally-generated IP packet go through XFRM?

It seems that the kernel actually calls ip_route_output_flow() from
raw_sendmsg(), what should be fine. But the flow protocol depends on the
socket protocol and the HDRINCL option. You may play with these to track
this issue down...

Regards
Martin