Ludo Stellingwerff schrieb:
> Hi All,
>
> I was wondering if someone has been working on and/or has a patch
> which implement's the use of Netfilter Marks for ipsec spd matching
> under the linux kernel 2.6. This would be similar to the NetBSD
> "tagged" option of 'setkey':
>
> spdadd tagged "ssh" -P out esp/transport//require
>
> But then something like:
>
> ~     spdadd tagged 1 -P out esp/transport//require
> or  spdadd mark 1 -P out esp/transport//require
>
> Thank in advance,
> greetings,
>
> Ludo Stellingwerff.
>
> --
> Ludo Stellingwerff
>
> V&S B.V. The Netherlands
> ProTactive firewall solution.
> Tel: +31 172 416116
> Fax: +31 172 416124
>
> site: www.protactive.nl
> demo: http://www.protactive.nl:81/netview.html

Taken from the policy match from p-o-m: "This patch adds the policy
match to netfilter.

The policy match is used to match the IPsec policy
used for handling a packet."

Perhaps what you are looking for.


--

PGP-ID 0xF8EAF138