That makes sense to me; the restriction about which you inquire is a
practical one rather than a philosophical one, which I will be happy
to see lifted.
With the new set_mark, a non-zero mask will indicate that the caller
has a set an "explicit" zero mark, which sidesteps the
currently-ambiguous s
Hi Nathan,
On Wed, 9 May 2018 13:46:26 -0700
Nathan Harold wrote:
> Allow UPDSA to change output_mark to permit
> policy separation of packet routing decisions from
> SA keying in systems that use mark-based routing.
>
> In the output_mark, used as a routing and firewall
> mark for outbound pa
Allow UPDSA to change output_mark to permit
policy separation of packet routing decisions from
SA keying in systems that use mark-based routing.
In the output_mark, used as a routing and firewall
mark for outbound packets, is made update-able which
allows routing decisions to be handled independen
