[Swan-dev] IPSEC Active Tunnels Status using 'ipsec whack --status'

Paul Wouters paul at nohats.ca
Mon Jan 9 20:01:15 EET 2023

On Mon, 9 Jan 2023, Praveen Chavan wrote:

> Thanks for the clarification. 
> Follow up: 
> 1. Could you share some examples for "ipsec trafficstatus" output?  

See git grep "ipsec traffic" testing/pluto/

you can also see the test output on testing.libreswan.org

eg from https://testing.libreswan.org/v4.9-648-g0c35714ef7-main/basic-pluto-02/west.console.txt

west #
  ipsec trafficstatus
006 #2: "westnet-all", type=ESP, add_time=1234567890, inBytes=84, outBytes=84, maxBytes=2^63B, id='@east'

> 2. Can I assume 'established Child SA' remains the same, in the output for whack --status even if other things could change every
> couple releases? 

We give no guarantees on the whack API. It is considered "internal only"
at the moment. Once we have a json/yang output, we will give guarantees
on it.


More information about the Swan-dev mailing list