On Thu, 20 Mar 2014, Bob Miller wrote:
I see the RX packets and TX packets counters increase on the interface.
Just in case you are referring to something I don't know about, you mean
the stats found at
/sys/class/net/eth*/statistics/{rx_bytes,tx_bytes}
I used "ifconfig" bu I assume so yes :)
# ipsec status |grep Traffic
000 #2: "redhat" [email protected] [email protected]
[email protected] [email protected] ref=0 refhim=4294901761 Traffic: ESPin=92KB
ESPout=1MB! ESPmax=4194303B XAUTHuser=pwouters
This is interesting. Is this data stored somewhere in /proc or /sys
such that I can query it regularly?
I don't know. If so, it would be in "ip xfrm policy" or "ip xfrm state"
with some additional verbosity options (and a lack of documentation :)
Can any more information besides
direction of the traffic be figured out (ie dst for LAN vs dst for web)?
or am I still having to rely on iptables to track that level of detail?
No, but you could setup separate tunnels per port, eg:
conn port80
leftprotoport=tcp/80
rightprotoport=tcp
also=baseconn
conn port443
leftprotoport=tcp/443
rightprotoport=tcp
also=baseconn
conn baseconn
yourregularstuffhere
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
