error-notify Plugin¶
Purpose¶
The error-notify plugin provides an interface to receive notifications about errors that occur in the keying daemon via UNIX socket.
The plugin is disabled by default and can be enabled by adding
--enable-error-notifyto the ./configure options.
Implementation¶
If the plugin is enabled, it opens a UNIX socket and sends error notifications to connected listeners.
Configuration¶
The plugin is configured using the following strongswan.conf options:
| Key | Default | Description |
| charon.plugins.error-notify.socket | unix://${piddir}/charon.enfy | Socket provided by the error-notify plugin |
error-notify tool¶
The error-notify ipsec utility, invoked by
ipsec error-notifydemonstrates how error notifications can be received. It is currently very simple and takes no arguments, and, when invoked, simply lists all received error messages to STDOUT.
Socket interface¶
The socket interface format is defined in source:src/libcharon/plugins/error_notify/error_notify_msg.h. The error-notify CLI utility at source:src/libcharon/plugins/error_notify/error_notify.c demonstrates how it can be used.