mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-20 12:02:28 +02:00
add --mark option to set SO_MARK sockopt
Signed-off-by: Heiko Hund <heiko.hund@sophos.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
This commit is contained in:
parent
82167eb2ec
commit
d90428d141
1
init.c
1
init.c
@ -2640,6 +2640,7 @@ do_init_socket_1 (struct context *c, const int mode)
|
||||
c->options.mtu_discover_type,
|
||||
c->options.rcvbuf,
|
||||
c->options.sndbuf,
|
||||
c->options.mark,
|
||||
sockflags);
|
||||
}
|
||||
|
||||
|
@ -1371,6 +1371,12 @@ Set the TCP/UDP socket receive buffer size.
|
||||
Currently defaults to 65536 bytes.
|
||||
.\"*********************************************************
|
||||
.TP
|
||||
.B \-\-mark value
|
||||
Mark encrypted packets being sent with value. The mark value can be
|
||||
matched in policy routing and packetfilter rules. This option is
|
||||
only supported in Linux and does nothing on other operating systems.
|
||||
.\"*********************************************************
|
||||
.TP
|
||||
.B \-\-socket-flags flags...
|
||||
Apply the given flags to the OpenVPN transport socket.
|
||||
Currently, only
|
||||
|
14
options.c
14
options.c
@ -280,6 +280,10 @@ static const char usage_message[] =
|
||||
" or --fragment max value, whichever is lower.\n"
|
||||
"--sndbuf size : Set the TCP/UDP send buffer size.\n"
|
||||
"--rcvbuf size : Set the TCP/UDP receive buffer size.\n"
|
||||
#ifdef TARGET_LINUX
|
||||
"--mark value : Mark encrypted packets being sent with value. The mark value\n"
|
||||
" can be matched in policy routing and packetfilter rules.\n"
|
||||
#endif
|
||||
"--txqueuelen n : Set the tun/tap TX queue length to n (Linux only).\n"
|
||||
"--mlock : Disable Paging -- ensures key material and tunnel\n"
|
||||
" data will never be written to disk.\n"
|
||||
@ -1473,6 +1477,9 @@ show_settings (const struct options *o)
|
||||
#endif
|
||||
SHOW_INT (rcvbuf);
|
||||
SHOW_INT (sndbuf);
|
||||
#ifdef TARGET_LINUX
|
||||
SHOW_INT (mark);
|
||||
#endif
|
||||
SHOW_INT (sockflags);
|
||||
|
||||
SHOW_BOOL (fast_io);
|
||||
@ -4520,6 +4527,13 @@ add_option (struct options *options,
|
||||
VERIFY_PERMISSION (OPT_P_SOCKBUF);
|
||||
options->sndbuf = positive_atoi (p[1]);
|
||||
}
|
||||
else if (streq (p[0], "mark") && p[1])
|
||||
{
|
||||
#ifdef TARGET_LINUX
|
||||
VERIFY_PERMISSION (OPT_P_GENERAL);
|
||||
options->mark = atoi(p[1]);
|
||||
#endif
|
||||
}
|
||||
else if (streq (p[0], "socket-flags"))
|
||||
{
|
||||
int j;
|
||||
|
@ -342,6 +342,9 @@ struct options
|
||||
int rcvbuf;
|
||||
int sndbuf;
|
||||
|
||||
/* mark value */
|
||||
int mark;
|
||||
|
||||
/* socket flags */
|
||||
unsigned int sockflags;
|
||||
|
||||
|
13
socket.c
13
socket.c
@ -779,6 +779,15 @@ socket_set_tcp_nodelay (int sd, int state)
|
||||
#endif
|
||||
}
|
||||
|
||||
static void
|
||||
socket_set_mark (int sd, int mark)
|
||||
{
|
||||
#ifdef TARGET_LINUX
|
||||
if (mark && setsockopt (sd, SOL_SOCKET, SO_MARK, &mark, sizeof (mark)) != 0)
|
||||
msg (M_WARN, "NOTE: setsockopt SO_MARK=%d failed", mark);
|
||||
#endif
|
||||
}
|
||||
|
||||
static bool
|
||||
socket_set_flags (int sd, unsigned int sockflags)
|
||||
{
|
||||
@ -1599,6 +1608,7 @@ link_socket_init_phase1 (struct link_socket *sock,
|
||||
int mtu_discover_type,
|
||||
int rcvbuf,
|
||||
int sndbuf,
|
||||
int mark,
|
||||
unsigned int sockflags)
|
||||
{
|
||||
ASSERT (sock);
|
||||
@ -1716,6 +1726,9 @@ link_socket_init_phase1 (struct link_socket *sock,
|
||||
/* set socket buffers based on --sndbuf and --rcvbuf options */
|
||||
socket_set_buffers (sock->sd, &sock->socket_buffer_sizes);
|
||||
|
||||
/* set socket to --mark packets with given value */
|
||||
socket_set_mark (sock->sd, mark);
|
||||
|
||||
resolve_bind_local (sock);
|
||||
resolve_remote (sock, 1, NULL, NULL);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user