[strongSwan] liveness mechanism for BITW IPsec
Martin Willi
martin at strongswan.org
Mon Aug 4 11:36:15 CEST 2014
Hi Mugur,
> There is any way to "tell" to strongSwan that there is traffic in order
> to avoid sending INFORMATIONAL messages in this case?
strongSwan queries the kernel-interface for SA usage. If you are using
kernel-netlink as backend, Linux usually provides this information when
querying the SA/SP state.
> In our Bump In The Wire IPsec implementation
I assume you are using a custom kernel backend for ESP processing? If
yes, you may consider adding the appropriate information in your kernel
interface when quering usage statistics with query_sa() or
query_policy().
Regards
Martin
More information about the Users
mailing list