How to send a packet out a raw socket over IPsec?
I am trying to send an IP packet out a raw socket, and I would like the packet to traverse an existing IPsec tunnel (which I have set up using strongSwan). However, when I send the packet out the raw socket, the packet does not appear to get routed through the kernel's XFRM subsystem that does the IPsec encapsulation. Instead, the packet ends up being sent out the Ethernet interface as a plain (non-encapsulated) IP packet.
In contrast, if I send a packet out a UDP socket instead of a raw socket (using the same source and destination addresses), the packet DOES get encapsulated by IPsec and transmitted, as expected.
Does anybody know why the raw IP packets are not going through XFRM? Is there any way to make this happen?
For reference, I am setting up the raw socket using the following command:
int fd = socket(PF_INET, SOCK_RAW, IPPROTO_RAW);
Any help would be appreciated. Thanks!