error-notify Plugin

Purpose

The error-notify plugin for libcharon provides an interface to receive notifications about errors that occur in the keying daemon via UNIX socket.

The plugin is disabled by default and can be enabled with the ./configure option

--enable-error-notify

Implementation

If the plugin is enabled, it opens a UNIX socket and sends error notifications to connected listeners.

Configuration

The error-notify plugin is configured using the following options in the charon.plugins.error-notify section of strongswan.conf:

Key Default Description

Key	Default	Description
socket	[→]	Socket provided by the error-notify plugin. `[unix://${piddir}/charon.enfy]`

socket

[→]

Socket provided by the error-notify plugin. [unix://${piddir}/charon.enfy]

error-notify Tool

The error-notify utility usually invoked by

/usr/libexec/ipsec/error-notify

demonstrates how error notifications can be received. It is currently very simple and takes no arguments and when invoked simply lists all received error messages to STDOUT.

Socket Interface

The error_notify socket interface definition can be found here: src/libcharon/plugins/error_notify/error_notify_msg.h.

The error-notify tool demonstrating how the interface can be used: src/libcharon/plugins/error_notify/error_notify.c