Add the ability to set a firewall mark on sockets.

[tinc] / src / net_socket.c

diff --git a/src/net_socket.c b/src/net_socket.c
index cd6a5c2..2da6253 100644 (file)
--- a/src/net_socket.c
+++ b/src/net_socket.c
@@ -42,6 +42,7 @@ int seconds_till_retry = 5;
 int udp_rcvbuf = 1024 * 1024;
 int udp_sndbuf = 1024 * 1024;
 int max_connection_burst = 100;
+int fwmark;
 
 listen_socket_t listen_socket[MAXSOCKETS];
 int listen_sockets;
@@ -85,6 +86,14 @@ static void configure_tcp(connection_t *c) {
        option = IPTOS_LOWDELAY;
        setsockopt(c->socket, IPPROTO_IPV6, IPV6_TCLASS, (void *)&option, sizeof(option));
 #endif
+
+#if defined(SO_MARK)
+
+       if(fwmark) {
+               setsockopt(c->socket, SOL_SOCKET, SO_MARK, (void *)&fwmark, sizeof(fwmark));
+       }
+
+#endif
 }
 
 static bool bind_to_interface(int sd) {
@@ -184,6 +193,14 @@ int setup_listen_socket(const sockaddr_t *sa) {
 
 #else
 #warning IPV6_V6ONLY not defined
+#endif
+
+#if defined(SO_MARK)
+
+       if(fwmark) {
+               setsockopt(nfd, SOL_SOCKET, SO_MARK, (void *)&fwmark, sizeof(fwmark));
+       }
+
 #endif
 
        if(get_config_string
@@ -316,6 +333,14 @@ int setup_vpn_in_socket(const sockaddr_t *sa) {
                setsockopt(nfd, IPPROTO_IPV6, IPV6_DONTFRAG, (void *)&option, sizeof(option));
        }
 
+#endif
+
+#if defined(SO_MARK)
+
+       if(fwmark) {
+               setsockopt(nfd, SOL_SOCKET, SO_MARK, (void *)&fwmark, sizeof(fwmark));
+       }
+
 #endif
 
        if(!bind_to_interface(nfd)) {