[Openswan Users] XFRM policy Update event for Inbound Policy

Herbert Xu herbert at gondor.apana.org.au
Wed May 6 05:32:12 EDT 2009


On Tue, May 05, 2009 at 11:45:56AM -0400, Paul Wouters wrote:
> On Tue, 5 May 2009, krishna murthy wrote:
> 
> (CC:ed Herbert, since he probably knows this code best, and bumping to dev at openswan.org)
> 
> > I am looking for Policy update notifications from the XFRM during the IPSec Re-keying. I look for the "XFRM_MSG_UPDPOLICY" event. The issue I see is that i Only get Policy updates for the Outbound Policies and not for the Inbound. Below is the dump of " ip xfrm monitor"
> > 
> > Updated src 9.1.1.0/24 dst 11.0.0.0/8
> > dir out priority 2360
> > tmpl src 192.168.10.1 dst 192.168.10.2
> > proto esp reqid 16385 mode tunnel
> > 
> > never i see a policy update for the "dir=in". Please let me know if i am missing something.

We don't need to update policies when rekeying since the policies
haven't changed.  The outbound policy gets updated only because
that was the easiest way of getting Openswan to work on Linu.x

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt


More information about the Users mailing list