[strongSwan] LIST_SA child_sa bytes-in values for passive connections

Taylor, Philip (Space & Defence) ph.taylor at cgi.com
Wed Jun 8 14:18:07 CEST 2022 

I have a problem with the VICI LIST_SA (Child_SA) "bytes-in", "bytes-out", "packets-in" and "packets-out" values for a passive connection in a HA enabled two node cluster.


  1.  How can I detect whether a LIST_SA is reporting an active or passive IKE_SA (Child_SA) connection?
  2.  Are the Child_SA byte and packet counters always set to zero for a passive connection?

If my code is not correctly detecting a passive connection, then it is possible that the byte and packet counters are ignored by my code, leaving them set to zero.
The current active / passive determination is made on whether IKE_SA state is "ESTABLISHED" - the code is only reporting on established connections with one or more Child_SA.

I have tried a few searches but not yet found anything that answers my question.

Thank you

Philip Taylor | Technical Consultant | IRIS & SODOR
Space, Defence and Intelligence | CGI
Keats House, The Office Park, Springfield Drive, Leatherhead, Surrey, KT22 7LP | United Kingdom

Please note that I currently work from home Thursday-Friday.

Contactable via MS Teams: video, voice and text

E: ph.taylor at cgi.com<mailto:ph.taylor at logica.com> | www.cgi.com<http://www.logica.com/>
<http://www.logica.com/>
[cid:image001.png at 01D87B38.DFA90250]

[cid:image002.jpg at 01D87B38.DFA90250]  CGI is committed to supporting our Armed Forces
Career Opportunities in CGI Space<http://www.cgi-group.co.uk/careers/experienced-professionals/careers-in-space>




Public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20220608/346396fb/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 625 bytes
Desc: image001.png
URL: <http://lists.strongswan.org/pipermail/users/attachments/20220608/346396fb/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 1143 bytes
Desc: image002.jpg
URL: <http://lists.strongswan.org/pipermail/users/attachments/20220608/346396fb/attachment.jpg>

More information about the Users mailing list