vici: Document kernel requirements for set_mark_in/set_mark_out options

author Martin Willi <martin@strongswan.org>

Mon, 14 May 2018 10:55:27 +0000 (12:55 +0200)

committer Tobias Brunner <tobias@strongswan.org>

Fri, 31 Aug 2018 10:26:40 +0000 (12:26 +0200)
author Martin Willi <martin@strongswan.org>
Mon, 14 May 2018 10:55:27 +0000 (12:55 +0200)
committer Tobias Brunner <tobias@strongswan.org>
Fri, 31 Aug 2018 10:26:40 +0000 (12:26 +0200)
diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt

index 8cdd66c3fa1d60346b778aef8e01009130bf1087..79655ed357372bc8e1ea3ca56cf79ea2c42e9182 100644 (file)
--- a/src/swanctl/swanctl.opt
+++ b/src/swanctl/swanctl.opt
@@ -921,6 +921,8 @@ connections.<conn>.children.<child>.set_mark_in = 0/0x00000000
         An additional mask may be appended to the mark, separated by _/_. The
         default mask if omitted is 0xffffffff.
  
+       Setting marks in XFRM input requires Linux 4.19 or higher.
+
  connections.<conn>.children.<child>.set_mark_out = 0/0x00000000
         Netfilter mark applied to packets after the outbound IPsec SA processed
         them.
@@ -932,6 +934,9 @@ connections.<conn>.children.<child>.set_mark_out = 0/0x00000000
         An additional mask may be appended to the mark, separated by _/_. The
         default mask if omitted is 0xffffffff.
  
+       Setting marks in XFRM output is supported since Linux 4.14. Setting a mask
+       requires at least Linux 4.19.
+
  connections.<conn>.children.<child>.tfc_padding = 0
         Traffic Flow Confidentiality padding.
author	Martin Willi <martin@strongswan.org>
	Mon, 14 May 2018 10:55:27 +0000 (12:55 +0200)
committer	Tobias Brunner <tobias@strongswan.org>
	Fri, 31 Aug 2018 10:26:40 +0000 (12:26 +0200)