Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
... | ... |
@@ -1371,6 +1371,12 @@ Set the TCP/UDP socket receive buffer size. |
1371 | 1371 |
Currently defaults to 65536 bytes. |
1372 | 1372 |
.\"********************************************************* |
1373 | 1373 |
.TP |
1374 |
+.B \-\-mark value |
|
1375 |
+Mark encrypted packets being sent with value. The mark value can be |
|
1376 |
+matched in policy routing and packetfilter rules. This option is |
|
1377 |
+only supported in Linux and does nothing on other operating systems. |
|
1378 |
+.\"********************************************************* |
|
1379 |
+.TP |
|
1374 | 1380 |
.B \-\-socket-flags flags... |
1375 | 1381 |
Apply the given flags to the OpenVPN transport socket. |
1376 | 1382 |
Currently, only |
... | ... |
@@ -280,6 +280,10 @@ static const char usage_message[] = |
280 | 280 |
" or --fragment max value, whichever is lower.\n" |
281 | 281 |
"--sndbuf size : Set the TCP/UDP send buffer size.\n" |
282 | 282 |
"--rcvbuf size : Set the TCP/UDP receive buffer size.\n" |
283 |
+#ifdef TARGET_LINUX |
|
284 |
+ "--mark value : Mark encrypted packets being sent with value. The mark value\n" |
|
285 |
+ " can be matched in policy routing and packetfilter rules.\n" |
|
286 |
+#endif |
|
283 | 287 |
"--txqueuelen n : Set the tun/tap TX queue length to n (Linux only).\n" |
284 | 288 |
"--mlock : Disable Paging -- ensures key material and tunnel\n" |
285 | 289 |
" data will never be written to disk.\n" |
... | ... |
@@ -1473,6 +1477,9 @@ show_settings (const struct options *o) |
1473 | 1473 |
#endif |
1474 | 1474 |
SHOW_INT (rcvbuf); |
1475 | 1475 |
SHOW_INT (sndbuf); |
1476 |
+#ifdef TARGET_LINUX |
|
1477 |
+ SHOW_INT (mark); |
|
1478 |
+#endif |
|
1476 | 1479 |
SHOW_INT (sockflags); |
1477 | 1480 |
|
1478 | 1481 |
SHOW_BOOL (fast_io); |
... | ... |
@@ -4520,6 +4527,13 @@ add_option (struct options *options, |
4520 | 4520 |
VERIFY_PERMISSION (OPT_P_SOCKBUF); |
4521 | 4521 |
options->sndbuf = positive_atoi (p[1]); |
4522 | 4522 |
} |
4523 |
+ else if (streq (p[0], "mark") && p[1]) |
|
4524 |
+ { |
|
4525 |
+#ifdef TARGET_LINUX |
|
4526 |
+ VERIFY_PERMISSION (OPT_P_GENERAL); |
|
4527 |
+ options->mark = atoi(p[1]); |
|
4528 |
+#endif |
|
4529 |
+ } |
|
4523 | 4530 |
else if (streq (p[0], "socket-flags")) |
4524 | 4531 |
{ |
4525 | 4532 |
int j; |
... | ... |
@@ -779,6 +779,15 @@ socket_set_tcp_nodelay (int sd, int state) |
779 | 779 |
#endif |
780 | 780 |
} |
781 | 781 |
|
782 |
+static void |
|
783 |
+socket_set_mark (int sd, int mark) |
|
784 |
+{ |
|
785 |
+#ifdef TARGET_LINUX |
|
786 |
+ if (mark && setsockopt (sd, SOL_SOCKET, SO_MARK, &mark, sizeof (mark)) != 0) |
|
787 |
+ msg (M_WARN, "NOTE: setsockopt SO_MARK=%d failed", mark); |
|
788 |
+#endif |
|
789 |
+} |
|
790 |
+ |
|
782 | 791 |
static bool |
783 | 792 |
socket_set_flags (int sd, unsigned int sockflags) |
784 | 793 |
{ |
... | ... |
@@ -1599,6 +1608,7 @@ link_socket_init_phase1 (struct link_socket *sock, |
1599 | 1599 |
int mtu_discover_type, |
1600 | 1600 |
int rcvbuf, |
1601 | 1601 |
int sndbuf, |
1602 |
+ int mark, |
|
1602 | 1603 |
unsigned int sockflags) |
1603 | 1604 |
{ |
1604 | 1605 |
ASSERT (sock); |
... | ... |
@@ -1716,6 +1726,9 @@ link_socket_init_phase1 (struct link_socket *sock, |
1716 | 1716 |
/* set socket buffers based on --sndbuf and --rcvbuf options */ |
1717 | 1717 |
socket_set_buffers (sock->sd, &sock->socket_buffer_sizes); |
1718 | 1718 |
|
1719 |
+ /* set socket to --mark packets with given value */ |
|
1720 |
+ socket_set_mark (sock->sd, mark); |
|
1721 |
+ |
|
1719 | 1722 |
resolve_bind_local (sock); |
1720 | 1723 |
resolve_remote (sock, 1, NULL, NULL); |
1721 | 1724 |
} |