[strongSwan] liveness mechanism for BITW IPsec
martin at strongswan.org
Mon Aug 4 13:47:12 CEST 2014
> We are not using a custom kernel backend. Our application uses the
> netlink socket interface and sets-up the cryptographic HW engine with
> SA events from strongSwan.
While you are using the kernel-netlink plugin and the Netlink XFRM
interface, you are probably not using a vanilla Linux XFRM IPsec stack,
I don't know anything of your kernel-backend, but in the end you'll just
have to respond appropriately to the XFRM_MSG_GETSA/XFRM_MSG_GETPOLICY
requests with SA usage information.
More information about the Users