Security associations and SA_FLAG_REPLACED

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: catalin visinescu <catalinvisinescu@...>

To: <misc@...>

Subject: Security associations and SA_FLAG_REPLACED

Date: Tuesday, January 29, 2008 - 2:38 pm

Hi,

I have GW1 and GW2 redundant firewalls (isakmpd+pf+carp+sasyncd)

Is there a way to see which security associations are marked as "replaced" on the backup GW?
"ipsecctl -s all -v -v" shows a lot but it does not seem to show that.

On the master (let's say GW1)
echo "S" > /var/run/isakmpd.fifo then
vi isakmpd.report
shows the flags, but I'm interested in the SAs from the backup GW2 which were created by sasyncd.

Basically after the old SAs soft time expired and new SAs are created I want to see the old ones marked as SA_FLAG_REPLACED and the new ones SA_FLAG_ALIVE on the backup firewall.

Is there a way.

Thank you,
Catalin

---------------------------------
Ask a question on any topic and get answers from real people. Go to Yahoo! Answers.

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Security associations and SA_FLAG_REPLACED, catalin visinescu, (Tue Jan 29, 2:38 pm)


linux-kernel:
David Miller	Re: Slow DOWN, please!!!
Greg Kroah-Hartman	[PATCH 001/196] Chinese: Add the known_regression URI to the HOWTO
Bart Van Assche	Integration of SCST in the mainstream Linux kernel
Heiko Carstens	Re: -mm merge plans for 2.6.23 -- sys_fallocate
git:

linux-netdev:
Jarek Poplawski	[PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
David Miller	[GIT]: Networking
Jan Engelhardt	Re: iptables very slow after commit 784544739a25c30637397ace5489eeb6e15d7d49
openbsd-misc:

Security associations and SA_FLAG_REPLACED

Online users