From 25fcbab6789c9c8839d898a6527e0017dfac4322 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Fri, 18 Jul 2014 18:19:46 +0200 Subject: kernel-pfkey: Report packet counts of IPsec SAs Seems that packet counts can be retrieved after all. At least the Linux and FreeBSD kernels treat the number of allocations as number of packets. We actually installed packet limits in that field already. --- src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c') diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index e1a58aa94..00ab5ab5a 100644 --- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -1978,8 +1978,8 @@ METHOD(kernel_ipsec_t, query_sa, status_t, } if (packets) { - /* not supported by PF_KEY */ - *packets = 0; + /* at least on Linux and FreeBSD this contains the number of packets */ + *packets = response.lft_current->sadb_lifetime_allocations; } if (time) { -- cgit v1.2.3