[strongSwan] LIST_SA child_sa bytes-in values for passive connections
Tobias Brunner
tobias at strongswan.org
Wed Jun 8 15:09:40 CEST 2022
Hi Philip,
> 1. How can I detect whether a LIST_SA is reporting an active or passive
> IKE_SA (Child_SA) connection?
The IKE_SA should have state PASSIVE set on the passive host and state
ESTABLISHED on the active one.
> 2. Are the Child_SA byte and packet counters always set to zero for a
> passive connection?
I guess that depends on the direction and on whether the kernel is
patched (see [1] for details). But they will definitely not be accurate.
Regards,
Tobias
[1]
https://docs.strongswan.org/docs/5.9/features/highAvailability.html#_kernel_implementation
More information about the Users
mailing list