[Swan] hidetos with NETKEY & VTI
Paul Wouters
paul at nohats.ca
Fri Dec 1 23:31:48 UTC 2017
On Mon, 30 Oct 2017, Craig Marker wrote:
>> It's not supported by our code. I'm not sure if XFRM has a way of
>> communicating this IPsec SA property to the kernel. If it does,
>> then we can surely add support for it.
>
> What about the decap-dscp ip xfrm flag?
I just pushed a patch to support decap-dscp. This will be released with
version 3.23 (and will appear in a pre-release when we do 3.23rc2)
Or you can apply the patch yourself:
https://github.com/libreswan/libreswan/commit/0addb31fb509d2946aac83fe654f9b2d61108768
I have not tested this other then confirming the flag shows up in the
output of "ip xfrm state".
Paul
More information about the Swan
mailing list