ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
strongswan/src/libcharon/plugins
History
Martin Willi b8973b2661 connmark: Add CONNMARK rules to select correct output SA based on conntrack 
Currently supports transport mode connections using IPv4 only, and requires
a unique mark configured on the connection.

To select the correct outbound SA when multiple connections match (i.e.
multiple peers connected from the same IP address / NAT router) marks must be
configured. This mark should usually be unique, which can be configured in
ipsec.conf using mark=0xffffffff.

The plugin inserts CONNMARK netfilter target rules: Any peer-initiated flow
is tagged with the assigned mark as connmark. On the return path, the mark
gets restored from the conntrack entry to select the correct outbound SA.
 		2015-02-20 16:34:53 +01:00
..
addrblock plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
android_dns attribute-handler: Pass full IKE_SA to handler backends 2015-02-20 13:34:56 +01:00
android_log plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
attr attribute-provider: Pass full IKE_SA to provider backends 2015-02-20 13:34:56 +01:00
attr_sql attribute-provider: Pass full IKE_SA to provider backends 2015-02-20 13:34:56 +01:00
certexpire plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
connmark connmark: Add CONNMARK rules to select correct output SA based on conntrack 2015-02-20 16:34:53 +01:00
coupling plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
dhcp attribute-provider: Pass full IKE_SA to provider backends 2015-02-20 13:34:56 +01:00
dnscert plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
duplicheck plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
eap_aka plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
eap_aka_3gpp2 plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
eap_dynamic plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
eap_gtc payload: Use common prefixes for all payload type identifiers 2014-06-04 15:53:03 +02:00
eap_identity plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
eap_md5 plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
eap_mschapv2 plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
eap_peap plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
eap_radius attribute-provider: Pass full IKE_SA to provider backends 2015-02-20 13:34:56 +01:00
eap_sim plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
eap_sim_file plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
eap_sim_pcsc plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
eap_simaka_pseudonym plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
eap_simaka_reauth plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
eap_simaka_sql plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
eap_tls plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
eap_tnc plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
eap_ttls plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
error_notify plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
ext_auth ext-auth: Add an ext-auth plugin invoking an external authorization script 2014-10-06 18:30:46 +02:00
farp plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
ha attribute-provider: Pass full IKE_SA to provider backends 2015-02-20 13:34:56 +01:00
ipseckey plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
kernel_iph kernel-interface: Add destination prefix to get_nexthop() 2014-06-19 14:33:40 +02:00
kernel_libipsec kernel-interface: Raise expires with a proto/SPI/dst tuple instead of reqid 2015-02-20 13:34:50 +01:00
kernel_wfp kernel-interface: Raise expires with a proto/SPI/dst tuple instead of reqid 2015-02-20 13:34:50 +01:00
led plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
load_tester load-tester: Support initiating XAuth authentication 2015-02-20 14:04:23 +01:00
lookip plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
maemo plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
medcli plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
medsrv plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
osx_attr attribute-handler: Pass full IKE_SA to handler backends 2015-02-20 13:34:56 +01:00
radattr payload: Use common prefixes for all payload type identifiers 2014-06-04 15:53:03 +02:00
resolve attribute-handler: Pass full IKE_SA to handler backends 2015-02-20 13:34:56 +01:00
smp plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
socket_default Fixed some typos, courtesy of codespell 2014-12-15 17:11:14 +01:00
socket_dynamic packet: Define a global default maximum size for IKE packets 2014-10-10 09:32:42 +02:00
socket_win packet: Define a global default maximum size for IKE packets 2014-10-10 09:32:42 +02:00
sql plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
stroke mem-pool: Pass the remote IKE address, to re-acquire() an address during reauth 2015-02-20 13:34:57 +01:00
systime_fix libcharon: Use lib->ns instead of charon->name 2014-02-12 14:34:32 +01:00
tnc_ifmap plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
tnc_pdp plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
uci plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
unity attribute-handler: Pass full IKE_SA to handler backends 2015-02-20 13:34:56 +01:00
updown attribute-handler: Pass full IKE_SA to handler backends 2015-02-20 13:34:56 +01:00
vici mem-pool: Pass the remote IKE address, to re-acquire() an address during reauth 2015-02-20 13:34:57 +01:00
whitelist plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
xauth_eap payload: Use common prefixes for all payload type identifiers 2014-06-04 15:53:03 +02:00
xauth_generic payload: Use common prefixes for all payload type identifiers 2014-06-04 15:53:03 +02:00
xauth_noauth plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
xauth_pam xauth-pam: Add workaround for null-terminated passwords 2014-07-07 11:14:02 +02:00