[strongSwan] deprecated hidetos config option

Martin Willi martin at strongswan.org
Mon Nov 10 10:55:14 CET 2014


> I'm in the process of upgrading a strongswan 4.5.2 to 5.2 and I found
> that the hidetos option field has been deprecated. 

AFAIK, the hidetos option had no effect with 4.5.2. Possible that it was
supported by the old KLIPS stack. In XFRM, there is such an option since
Linux 3.10 [1], but we currently don't support it.

> We use the option so the clear packet DSCP set with iptables doesn't
> get removed when the packet gets encrypted.

With XFRM, this is the default, so this might just work.



More information about the Users mailing list