diff options
-rw-r--r-- | cmake/config.cmake | 1 | ||||
-rw-r--r-- | src/config.c | 5 | ||||
-rw-r--r-- | src/config.y | 7 | ||||
-rw-r--r-- | src/fastd.h | 1 | ||||
-rw-r--r-- | src/fastd_config.h.in | 1 | ||||
-rw-r--r-- | src/lex.c | 2 | ||||
-rw-r--r-- | src/socket.c | 9 |
7 files changed, 26 insertions, 0 deletions
diff --git a/cmake/config.cmake b/cmake/config.cmake index 110ad1a..96b39bc 100644 --- a/cmake/config.cmake +++ b/cmake/config.cmake @@ -8,6 +8,7 @@ endif() set(USE_BINDTODEVICE ${LINUX}) set(USE_PMTU ${LINUX}) set(USE_PKTINFO ${LINUX}) +set(USE_PACKET_MARK ${LINUX}) if(${CMAKE_SYSTEM_NAME} MATCHES "OpenBSD") set(USE_MULTIAF_BIND FALSE) diff --git a/src/config.c b/src/config.c index 9e04299..66b69c7 100644 --- a/src/config.c +++ b/src/config.c @@ -554,6 +554,11 @@ void fastd_config_check(fastd_context_t *ctx, fastd_config_t *conf) { exit_error(ctx, "config error: setting pmtu is not supported on this system"); #endif +#ifndef USE_PACKET_MARK + if (conf->packet_mark) + exit_error(ctx, "config error: setting a packet mark is not supported on this system"); +#endif + if (!conf->method_list) { pr_warn(ctx, "no encryption method configured, falling back to method `null' (unencrypted)"); fastd_config_method(ctx, conf, "null"); diff --git a/src/config.y b/src/config.y index 94d8320..a14794f 100644 --- a/src/config.y +++ b/src/config.y @@ -95,11 +95,13 @@ %token TOK_LIMIT %token TOK_LOG %token TOK_MAC +%token TOK_MARK %token TOK_METHOD %token TOK_MODE %token TOK_MTU %token TOK_NO %token TOK_ON +%token TOK_PACKET %token TOK_PEER %token TOK_PEERS %token TOK_PMTU @@ -175,6 +177,7 @@ statement: peer_group_statement | TOK_HIDE hide ';' | TOK_INTERFACE interface ';' | TOK_BIND bind ';' + | TOK_PACKET TOK_MARK packet_mark ';' | TOK_MTU mtu ';' | TOK_PMTU pmtu ';' | TOK_MODE mode ';' @@ -328,6 +331,10 @@ bind_default: } ; +packet_mark: TOK_UINT { + conf->packet_mark = $1; + } + mtu: TOK_UINT { if ($1 < 576 || $1 > 65535) { fastd_config_error(&@$, ctx, conf, filename, depth, "invalid MTU"); diff --git a/src/fastd.h b/src/fastd.h index 268c2c7..f713841 100644 --- a/src/fastd.h +++ b/src/fastd.h @@ -172,6 +172,7 @@ struct fastd_config { uint16_t mtu; fastd_mode_t mode; + uint32_t packet_mark; bool forward; fastd_tristate_t pmtu; bool secure_handshakes_set; diff --git a/src/fastd_config.h.in b/src/fastd_config.h.in index 8a6ae22..29384cd 100644 --- a/src/fastd_config.h.in +++ b/src/fastd_config.h.in @@ -35,6 +35,7 @@ #cmakedefine USE_BINDTODEVICE #cmakedefine USE_PMTU #cmakedefine USE_PKTINFO +#cmakedefine USE_PACKET_MARK #cmakedefine USE_MULTIAF_BIND @@ -82,11 +82,13 @@ static const keyword_t keywords[] = { { "limit", TOK_LIMIT }, { "log", TOK_LOG }, { "mac", TOK_MAC }, + { "mark", TOK_MARK }, { "method", TOK_METHOD }, { "mode", TOK_MODE }, { "mtu", TOK_MTU }, { "no", TOK_NO }, { "on", TOK_ON }, + { "packet", TOK_PACKET }, { "peer", TOK_PEER }, { "peers", TOK_PEERS }, { "pmtu", TOK_PMTU }, diff --git a/src/socket.c b/src/socket.c index 06d270d..af99894 100644 --- a/src/socket.c +++ b/src/socket.c @@ -96,6 +96,15 @@ static int bind_socket(fastd_context_t *ctx, const fastd_bind_address_t *addr, b } #endif +#ifdef USE_PACKET_MARK + if (ctx->conf->packet_mark) { + if (setsockopt(fd, SOL_SOCKET, SO_MARK, &ctx->conf->packet_mark, sizeof(ctx->conf->packet_mark))) { + pr_error_errno(ctx, "setsockopt: unable to set packet mark"); + goto error; + } + } +#endif + fastd_peer_address_t bind_address = addr->addr; if (bind_address.sa.sa_family == AF_UNSPEC) { |