[Openswan Users] What is PLUTO_PEER_REF and how does OpenSwan define it?
Paul Wouters
paul at xelerance.com
Tue Nov 9 09:50:39 EST 2010
On Tue, 9 Nov 2010, Danilo Godec wrote:
> I'm looking into some scripts regarding QoS and OpenSwan and need to
> figure out FW marks...
>
> I'm not quite sure what PLUTO_PEER_REF is and how OpenSwan get's it - is
> it always the same?
>
> For example - on my test system I see 'ref=3' and 'refhim=1' - all the
> time...
>
> But is this always the case? Can I count on that or will there be times
> when this two values will be different?
Those are the SArefs. They wil be different after a rekey or restart, or if
the order of the tunnel establishing changes. You just see 1 and 3 on a fresh
start of openswan.
SAref's are used with the protostack=mast stack, and requires a small kernel patch
(see patches/kernel/) Note that SArefs are put in the skb using NFMARK. If the highest
bit is set, we assume it is an SAref. We use the lower half of the bits to set the SAref.
The higher half of the bits are ignored (except for the highest one) and free for other
uses.
Paul
More information about the Users
mailing list