kernel-pfkey: Report packet counts of IPsec SAs
authorTobias Brunner <tobias@strongswan.org>
Fri, 18 Jul 2014 16:19:46 +0000 (18:19 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 9 Sep 2014 08:56:15 +0000 (10:56 +0200)
Seems that packet counts can be retrieved after all. At least the Linux
and FreeBSD kernels treat the number of allocations as number of packets.
We actually installed packet limits in that field already.

src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c

index e1a58aa..00ab5ab 100644 (file)
@@ -1978,8 +1978,8 @@ METHOD(kernel_ipsec_t, query_sa, status_t,
        }
        if (packets)
        {
-               /* not supported by PF_KEY */
-               *packets = 0;
+               /* at least on Linux and FreeBSD this contains the number of packets */
+               *packets = response.lft_current->sadb_lifetime_allocations;
        }
        if (time)
        {