[Openswan dev] RFC: Changes to whack's --status output
Herbert Xu
herbert at gondor.apana.org.au
Thu Dec 2 20:31:38 CET 2004
mcr at xelerance.com wrote:
>
> Systems with ipsecX devices can trivially get tunnel stats by looking
> at the ipsecX stats. (that's one of the reasons to have this device!)
>
> ipsec0 Link encap:Ethernet HWaddr 00:E0:63:81:F7:D7
> inet addr:192.168.0.137 Mask:255.255.255.0
> inet6 addr: fe80::2e0:63ff:fe81:f7d7/64 Scope:Link
> UP RUNNING NOARP MTU:1400 Metric:1
> RX packets:106 errors:0 dropped:4 overruns:0 frame:0
> ^- decryption/authentication errors
Systems without ipsecX can get even more granular stats by running
ip(8) or setkey(8):
# ip -s x s
src 10.20.30.40 dst 10.40.30.20
proto esp spi 0x9c213f08(2619424520) reqid 597609(0x00091e69) mode tunnel
replay-window 64 seq 0x00000000
auth md5 0xdce305284f68694dfb64ad3b2397083e (128 bits)
enc des3_ede 0x65f327a63fcb3fa377336c62f2c436566f567d3d9762449c (192 bits)
sel src 192.168.1.1/12 dst 192.168.2.1/32 uid 0
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
248384(bytes), 804(packets)
add 2004-12-02 14:40:30 use 2004-12-02 14:41:10
stats:
replay-window 0 replay 0 failed 0
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
More information about the Dev
mailing list