[strongSwan] Adding IP Options in Tunnel Mode's New Header !!!

Richard Andrews richard.andrews at symstream.com
Mon Aug 27 00:44:28 CEST 2012


IIRC firewall marks are preserved though kernel encryption xfrm. That
is, adding a fwmark to a packet about to be encrypted creates an
encrypted packet with the same mark. Maybe this could be used with some
iptables magic to do what you desire.


On Fri, 2012-08-24 at 20:29 +0530, Kesava Srinivas wrote:
> Guys,
> Need some help in understanding how to add Options to the Outer IP
> Header (new) while operating Strong-swan in Tunnel Mode.
> 
> Not sure whether Stong-swan is providing the Flexibility to configure
> IP Header Options which are to be added in New Header of Tunnel Mode!!
> After some Research; it seems to be xfrm4_mode_tunnel.c is adding the
> New Header & thought of changing the code in kernel itself to add the
> options.
> 
> Please let me know ; what's the right way of adding IP Header
> options ??







More information about the Users mailing list