[Openswan Users] XFRM policy Update event for Inbound Policy

krishna murthy j s krishnamurthyjs at gmail.com
Wed May 6 08:43:09 EDT 2009


Hi Herbert,Thanks for the update. Can you please let me know what is that
change in the Outbound policy for which we need an update to make the
Openswan work on Linux. It would be great if you point me to the part of the
pluto / openswan code which actually does the policy update.

thanks and Regards,
Krishna



On Wed, May 6, 2009 at 10:32 AM, Herbert Xu <herbert at gondor.apana.org.au>wrote:

> On Tue, May 05, 2009 at 11:45:56AM -0400, Paul Wouters wrote:
> > On Tue, 5 May 2009, krishna murthy wrote:
> >
> > (CC:ed Herbert, since he probably knows this code best, and bumping to
> dev at openswan.org)
> >
> > > I am looking for Policy update notifications from the XFRM during the
> IPSec Re-keying. I look for the "XFRM_MSG_UPDPOLICY" event. The issue I see
> is that i Only get Policy updates for the Outbound Policies and not for the
> Inbound. Below is the dump of " ip xfrm monitor"
> > >
> > > Updated src 9.1.1.0/24 dst 11.0.0.0/8
> > > dir out priority 2360
> > > tmpl src 192.168.10.1 dst 192.168.10.2
> > > proto esp reqid 16385 mode tunnel
> > >
> > > never i see a policy update for the "dir=in". Please let me know if i
> am missing something.
>
> We don't need to update policies when rekeying since the policies
> haven't changed.  The outbound policy gets updated only because
> that was the easiest way of getting Openswan to work on Linu.x
>
> Cheers,
> --
> Visit Openswan at http://www.openswan.org/
> Email: Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090506/afae821f/attachment.html 


More information about the Users mailing list