.BR charon.plugins.kernel-klips.ipsec_dev_mtu " [0]"
Set MTU of ipsecN device
.TP
+.BR charon.plugins.kernel-netlink.fwmark
+Firewall mark to set on the routing rule that directs traffic to our own routing
+table. The format is [!]mark[/mask], where the optional exclamation mark inverts
+the meaning (i.e. the rule only applies to packets that don't match the mark).
+.TP
.BR charon.plugins.kernel-netlink.roam_events " [yes]"
Whether to trigger roam events when interfaces, addresses or routes change
.TP
#include <unistd.h>
#include <errno.h>
#include <net/if.h>
+#include <linux/fib_rules.h>
#include "kernel_netlink_net.h"
#include "kernel_netlink_shared.h"
struct nlmsghdr *hdr;
struct rtmsg *msg;
chunk_t chunk;
+ char *fwmark;
+ mark_t mark;
memset(&request, 0, sizeof(request));
hdr = (struct nlmsghdr*)request;
chunk = chunk_from_thing(prio);
netlink_add_attribute(hdr, RTA_PRIORITY, chunk, sizeof(request));
+ fwmark = lib->settings->get_str(lib->settings,
+ "%s.plugins.kernel-netlink.fwmark", NULL, hydra->daemon);
+ if (fwmark)
+ {
+ if (fwmark[0] == '!')
+ {
+ msg->rtm_flags |= FIB_RULE_INVERT;
+ fwmark++;
+ }
+ if (mark_from_string(fwmark, &mark))
+ {
+ chunk = chunk_from_thing(mark.value);
+ netlink_add_attribute(hdr, FRA_FWMARK, chunk, sizeof(request));
+ chunk = chunk_from_thing(mark.mask);
+ netlink_add_attribute(hdr, FRA_FWMASK, chunk, sizeof(request));
+ }
+ }
return this->socket->send_ack(this->socket, hdr);
}
projects / thirdparty / strongswan.git / commitdiff
