b8973b2661
Currently supports transport mode connections using IPv4 only, and requires a unique mark configured on the connection. To select the correct outbound SA when multiple connections match (i.e. multiple peers connected from the same IP address / NAT router) marks must be configured. This mark should usually be unique, which can be configured in ipsec.conf using mark=0xffffffff. The plugin inserts CONNMARK netfilter target rules: Any peer-initiated flow is tagged with the assigned mark as connmark. On the return path, the mark gets restored from the conntrack entry to select the correct outbound SA. |
||
|---|---|---|
| .. | ||
| attributes | ||
| bus | ||
| config | ||
| control | ||
| encoding | ||
| kernel | ||
| network | ||
| plugins | ||
| processing/jobs | ||
| sa | ||
| tests | ||
| Android.mk | ||
| Makefile.am | ||
| daemon.c | ||
| daemon.h | ||
| debug | ||