On Wed, 19 Mar 2014, Bob Miller wrote:
I am looking for explanations on how packets traverse iptables using netkey in openswan/libreswan implementations (I am presuming it will be the same for both). Specifically, I want to know how I would trace vpn traffic through the packet flow diagram found at http://l7-filter.sourceforge.net/PacketFlow.png - I wonder where in that model packets get lifted for encryption/decryption, and where those modified packets re-appear, and how the flow of such packets might differ from normally NAT'd traffic. I am particularly not clear on the flow in the direction from unencrypted entry to encrypted exit...
There is no good documentation that I know of, especially because the XFRM hooks where it "steals" and "injects" the packets have no name.
The purpose is that I am trying to track bandwidth usage and I want to know where the count is/isn't being increased by both the unencrypted and encrypted packet, as well as differentiate between overall egress/ingress, regularly NAT'd traffic, and vpn usage.
I see the RX packets and TX packets counters increase on the interface. However, it is easier to ask pluto itself because it will ask the kernel for how much traffic there has happened on an IPsec SA so far: # ipsec status |grep Traffic 000 #2: "redhat" [email protected] [email protected] [email protected] [email protected] ref=0 refhim=4294901761 Traffic: ESPin=92KB ESPout=1MB! ESPmax=4194303B XAUTHuser=pwouters I've received 92k and send 1MB since this tunnel came up. This is also logged on shutdown of the tunnel: "redhat": terminating SAs using this connection "redhat" #2: deleting state (STATE_QUICK_I2) "redhat" #2: ESP traffic information: in=92KB out=1MB XAUTHuser=pwouters Note that these are libreswan functions. AFAIK, those have not been backported yet by openswan. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
