[strongSwan] liveness mechanism for BITW IPsec

Martin Willi martin at strongswan.org
Mon Aug 4 13:47:12 CEST 2014

> We are not using a custom kernel backend. Our application uses the
> netlink socket interface and sets-up the cryptographic HW engine with
> SA events from strongSwan.

While you are using the kernel-netlink plugin and the Netlink XFRM
interface, you are probably not using a vanilla Linux XFRM IPsec stack,
are you?

I don't know anything of your kernel-backend, but in the end you'll just
have to respond appropriately to the XFRM_MSG_GETSA/XFRM_MSG_GETPOLICY
requests with SA usage information.


More information about the Users mailing list