aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins/connmark
Commit message (Collapse)AuthorAgeFilesLines
* configure: Use pkg-config to detect libiptc used by connmark/forecastTobias Brunner2015-02-231-2/+2
| | | | | This ensures the library is available. On Debian/Ubuntu it is a dynamic library provided by the iptables-dev package.
* connmark: Add CONNMARK rules to select correct output SA based on conntrackMartin Willi2015-02-204-0/+611
| | | | | | | | | | | | | | Currently supports transport mode connections using IPv4 only, and requires a unique mark configured on the connection. To select the correct outbound SA when multiple connections match (i.e. multiple peers connected from the same IP address / NAT router) marks must be configured. This mark should usually be unique, which can be configured in ipsec.conf using mark=0xffffffff. The plugin inserts CONNMARK netfilter target rules: Any peer-initiated flow is tagged with the assigned mark as connmark. On the return path, the mark gets restored from the conntrack entry to select the correct outbound SA.
* connmark: Add a plugin stubMartin Willi2015-02-203-0/+143
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 07:14:33 +0000