| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | libhydra: Remove empty unused library | Tobias Brunner | 2016-03-03 | 1 | -1/+0 |
| | | |||||
| * | connmark: Fix alignment when adding rules | Tobias Brunner | 2016-03-03 | 1 | -160/+172 |
| | | | | | | | | | The structs that make up a message sent to the kernel have all to be aligned with XT_ALIGN. That was not necessarily the case when initializing the complete message as struct. Fixes #1212. | ||||
| * | configure: Use pkg-config to detect libiptc used by connmark/forecast | Tobias Brunner | 2015-02-23 | 1 | -2/+2 |
| | | | | | | This ensures the library is available. On Debian/Ubuntu it is a dynamic library provided by the iptables-dev package. | ||||
| * | connmark: Add CONNMARK rules to select correct output SA based on conntrack | Martin Willi | 2015-02-20 | 4 | -0/+611 |
| | | | | | | | | | | | | | | | Currently supports transport mode connections using IPv4 only, and requires a unique mark configured on the connection. To select the correct outbound SA when multiple connections match (i.e. multiple peers connected from the same IP address / NAT router) marks must be configured. This mark should usually be unique, which can be configured in ipsec.conf using mark=0xffffffff. The plugin inserts CONNMARK netfilter target rules: Any peer-initiated flow is tagged with the assigned mark as connmark. On the return path, the mark gets restored from the conntrack entry to select the correct outbound SA. | ||||
| * | connmark: Add a plugin stub | Martin Willi | 2015-02-20 | 3 | -0/+143 |
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |