Thanks Richard for the response. Yeah. I agree that we can Pickup the Packet in POST_ROUTING hook after encryption was done and can add IP Options by expanding the Socket Buffer's Data Space. But let us say; if this results in Fragmentation, IPSEC packet need to suffer. Hence, thought of doing it along with encryption. So, was that only possible by manipulating code in the file *xfrm4_mode_tunnel.c* ?? This is the file that I came across while digging the things. Please let me know if thats not the one !!!
-Thnx, VKS. On Mon, Aug 27, 2012 at 4:14 AM, Richard Andrews < [email protected]> wrote: > IIRC firewall marks are preserved though kernel encryption xfrm. That > is, adding a fwmark to a packet about to be encrypted creates an > encrypted packet with the same mark. Maybe this could be used with some > iptables magic to do what you desire. > > > On Fri, 2012-08-24 at 20:29 +0530, Kesava Srinivas wrote: > > Guys, > > Need some help in understanding how to add Options to the Outer IP > > Header (new) while operating Strong-swan in Tunnel Mode. > > > > Not sure whether Stong-swan is providing the Flexibility to configure > > IP Header Options which are to be added in New Header of Tunnel Mode!! > > After some Research; it seems to be xfrm4_mode_tunnel.c is adding the > > New Header & thought of changing the code in kernel itself to add the > > options. > > > > Please let me know ; what's the right way of adding IP Header > > options ?? > > > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
