IIRC firewall marks are preserved though kernel encryption xfrm. That is, adding a fwmark to a packet about to be encrypted creates an encrypted packet with the same mark. Maybe this could be used with some iptables magic to do what you desire.
On Fri, 2012-08-24 at 20:29 +0530, Kesava Srinivas wrote: > Guys, > Need some help in understanding how to add Options to the Outer IP > Header (new) while operating Strong-swan in Tunnel Mode. > > Not sure whether Stong-swan is providing the Flexibility to configure > IP Header Options which are to be added in New Header of Tunnel Mode!! > After some Research; it seems to be xfrm4_mode_tunnel.c is adding the > New Header & thought of changing the code in kernel itself to add the > options. > > Please let me know ; what's the right way of adding IP Header > options ?? _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
