c->options.mtu_discover_type,
c->options.rcvbuf,
c->options.sndbuf,
+ c->options.mark,
sockflags);
}
Currently defaults to 65536 bytes.
.\"*********************************************************
.TP
+.B \-\-mark value
+Mark encrypted packets being sent with value. The mark value can be
+matched in policy routing and packetfilter rules. This option is
+only supported in Linux and does nothing on other operating systems.
+.\"*********************************************************
+.TP
.B \-\-socket-flags flags...
Apply the given flags to the OpenVPN transport socket.
Currently, only
" or --fragment max value, whichever is lower.\n"
"--sndbuf size : Set the TCP/UDP send buffer size.\n"
"--rcvbuf size : Set the TCP/UDP receive buffer size.\n"
+#ifdef TARGET_LINUX
+ "--mark value : Mark encrypted packets being sent with value. The mark value\n"
+ " can be matched in policy routing and packetfilter rules.\n"
+#endif
"--txqueuelen n : Set the tun/tap TX queue length to n (Linux only).\n"
"--mlock : Disable Paging -- ensures key material and tunnel\n"
" data will never be written to disk.\n"
#endif
SHOW_INT (rcvbuf);
SHOW_INT (sndbuf);
+#ifdef TARGET_LINUX
+ SHOW_INT (mark);
+#endif
SHOW_INT (sockflags);
SHOW_BOOL (fast_io);
VERIFY_PERMISSION (OPT_P_SOCKBUF);
options->sndbuf = positive_atoi (p[1]);
}
+ else if (streq (p[0], "mark") && p[1])
+ {
+#ifdef TARGET_LINUX
+ VERIFY_PERMISSION (OPT_P_GENERAL);
+ options->mark = atoi(p[1]);
+#endif
+ }
else if (streq (p[0], "socket-flags"))
{
int j;
int rcvbuf;
int sndbuf;
+ /* mark value */
+ int mark;
+
/* socket flags */
unsigned int sockflags;
#endif
}
+static void
+socket_set_mark (int sd, int mark)
+{
+#ifdef TARGET_LINUX
+ if (mark && setsockopt (sd, SOL_SOCKET, SO_MARK, &mark, sizeof (mark)) != 0)
+ msg (M_WARN, "NOTE: setsockopt SO_MARK=%d failed", mark);
+#endif
+}
+
static bool
socket_set_flags (int sd, unsigned int sockflags)
{
int mtu_discover_type,
int rcvbuf,
int sndbuf,
+ int mark,
unsigned int sockflags)
{
ASSERT (sock);
/* set socket buffers based on --sndbuf and --rcvbuf options */
socket_set_buffers (sock->sd, &sock->socket_buffer_sizes);
+ /* set socket to --mark packets with given value */
+ socket_set_mark (sock->sd, mark);
+
resolve_bind_local (sock);
resolve_remote (sock, 1, NULL, NULL);
}
int mtu_discover_type,
int rcvbuf,
int sndbuf,
+ int mark,
unsigned int sockflags);
void link_socket_init_phase2 (struct link_socket *sock,
projects / thirdparty / openvpn.git / commitdiff
