Hi Martin, Thanks for your reply!
Yes, I did have a look , and I did modify the replay state by re-using the methods during the update_sa call. I was just wondering if there is a way through ip xfrm or setkey or other, to monitor the ESP sequence? I mean, if I am an administrator and I wish to monitor the ESP counters, how would I do? When you run "ipsec statusall" could you find such information? and if not, is there anyway then? Thanks Daniel 2012/2/3 Martin Willi <[email protected]> > Hello Daniel, > > > how can you ask the kernel what is the value of the ESP sequence > > counter at anytime? > > Have a look at the get_replay_state() function at [1], it gets the > replay state from a kernel SA. We use it to adjust the replay state > after updating addresses of an SA. > > Regards > Martin > > [1] > http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c#l1494 > >
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
