[strongSwan] Question of get_use_time to trigger dpd from libcharon

Tobias Brunner tobias at strongswan.org
Fri Jan 18 14:11:50 CET 2019

Hi Venu,

> The above get_usestats funtion above gets called with packets, bytes as

There are lots of places where they are not NULL.  But yes, for DPDs
that's currently the case.

> In that case is it intended that we first do update_usetime {
> which sends policy query to kernel } , if that fails do update_usebytes
> { which send sa query to kernel } ?
> 2) why is the order policy first if fail query sa important ? why not
> just query sa ?

Did you read the comment?  On Linux via XFRM (the most common use case),
the latter is actually useless to determine a use time as no timestamps
are updated on the SA for each packet.  But some platforms where PF_KEY
is used the reverse is true (i.e. no timestamp on the policy, but one on
the SA).  So only if we didn't already query the SA (i.e. if both
arguments are NULL) and the policy query failed, is the SA queried.


More information about the Users mailing list