diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2013-08-13 16:53:06 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2013-10-11 15:32:44 +0200 |
| commit | 51fefe460609ff734d702388973d326d3976189f (patch) | |
| tree | a17ad65ca17bd8f83e482d6445dfc097752e2e4f /src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c | |
| parent | 434e530f75411f1153995dde356696f8c1e209a8 (diff) | |
| download | strongswan-51fefe460609ff734d702388973d326d3976189f.tar.bz2 strongswan-51fefe460609ff734d702388973d326d3976189f.tar.xz | |
kernel-netlink: Allow setting firewall marks on routing rule
Diffstat (limited to 'src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c')
| -rw-r--r-- | src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c index 1b9e0f031..04dc22c00 100644 --- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c +++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c @@ -44,6 +44,7 @@ #include <unistd.h> #include <errno.h> #include <net/if.h> +#include <linux/fib_rules.h> #include "kernel_netlink_net.h" #include "kernel_netlink_shared.h" @@ -2096,6 +2097,8 @@ static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type, struct nlmsghdr *hdr; struct rtmsg *msg; chunk_t chunk; + char *fwmark; + mark_t mark; memset(&request, 0, sizeof(request)); hdr = (struct nlmsghdr*)request; @@ -2117,6 +2120,23 @@ static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type, chunk = chunk_from_thing(prio); netlink_add_attribute(hdr, RTA_PRIORITY, chunk, sizeof(request)); + fwmark = lib->settings->get_str(lib->settings, + "%s.plugins.kernel-netlink.fwmark", NULL, hydra->daemon); + if (fwmark) + { + if (fwmark[0] == '!') + { + msg->rtm_flags |= FIB_RULE_INVERT; + fwmark++; + } + if (mark_from_string(fwmark, &mark)) + { + chunk = chunk_from_thing(mark.value); + netlink_add_attribute(hdr, FRA_FWMARK, chunk, sizeof(request)); + chunk = chunk_from_thing(mark.mask); + netlink_add_attribute(hdr, FRA_FWMASK, chunk, sizeof(request)); + } + } return this->socket->send_ack(this->socket, hdr); } |