Hi Paul,
Thanks for responding, much appreciated.
It is part of the kernel, and is created by enabling
CONFIG_XFRM_STATISTICS.
Acknowledged and understood.
Does your system have /proc/sys/net/core/xfrm_acq_expires ? Maybe we
need to switch to that to test whether XFRM support is available.
Apparently so:
ls -al /proc/sys/net/core/xfrm_acq_expires
-rw-r--r-- 1 root root 0 May 27 17:24 /proc/sys/net/core/xfrm_acq_expires
So, did I find a real problem, or am I just in need of someone to
point out a glaringly obvious error on my part?
It's not you, it's us :)
Phew, not that I am happy to pass my troubles to others or anything ;)
Although, /proc/net/xfrm_stat is your _only_ way of getting any
debugging of the kernel level IPsec related events, so you really
do want it enabled in your custom kernels too :)
Okay, so custom kernels are within my skill set, but I don't really want
to be creating a new custom kernel for every firewall I have under my
thumb. Pretty sure one of the happiest days in my computing career was
finding linux-image in the apt repos. Is there an immediate workaround
short of installing an older version? can I change the _stackmanager.in
file to look for this /proc/sys/net/core/xfrm_acq_expires file instead?
or will that just move me to the next problem?
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
