]> git.ipfire.org Git - thirdparty/strongswan.git/commit
projects / thirdparty / strongswan.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a505f4b) | patch
connmark: Ignore per-CPU CHILD_SAs
authorTobias Brunner <tobias@strongswan.org>
Mon, 31 May 2021 13:06:41 +0000 (15:06 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 28 May 2025 14:35:26 +0000 (16:35 +0200)
commit5faf88428561e935b517505cb1065e140655a923
treef8d2cac52f787e8756fa018762bf2fa0991c1a5btree
parenta505f4b9b007c2fb8a86961d2e8e4513a19b4aedcommit | diff
connmark: Ignore per-CPU CHILD_SAs

The combination probably doesn't make much sense.

The OUTPUT rules would definitely only be required once, while the INPUT
and PREROUTING rules list individual SPIs and/or UDP ports, which would
be necessary for all SAs.

By the way, the rules in PREROUTING might actually not be necessary
anymore if the set_mark_in option was used for such SAs.
src/libcharon/plugins/connmark/connmark_listener.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.