Hi Martin, > I assume you are using a custom kernel backend for ESP processing?
We are not using a custom kernel backend. Our application uses the netlink socket interface and sets-up the cryptographic HW engine with SA events from strongSwan. The Linux parameters disable_xfrm and disable_policy are set to 1. Best Regards Mugur -----Original Message----- From: Martin Willi [mailto:[email protected]] Sent: lundi 4 août 2014 11:36 To: ABULIUS, MUGUR (MUGUR) Cc: [email protected]; SCARAZZINI, FABRICE (FABRICE); DIMA, CIPRIAN (CIPRIAN); WASNIEWSKI, ALAIN (ALAIN) Subject: Re: [strongSwan] liveness mechanism for BITW IPsec Hi Mugur, > There is any way to "tell" to strongSwan that there is traffic in > order to avoid sending INFORMATIONAL messages in this case? strongSwan queries the kernel-interface for SA usage. If you are using kernel-netlink as backend, Linux usually provides this information when querying the SA/SP state. > In our Bump In The Wire IPsec implementation I assume you are using a custom kernel backend for ESP processing? If yes, you may consider adding the appropriate information in your kernel interface when quering usage statistics with query_sa() or query_policy(). Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
