X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=debian%2Fopenvswitch-ipsec.init;h=a39dd40e686d32886947ceff02cd83aa1ce02f99;hb=7849d3e4cab657eb42b513b0d9ad656fc38259bd;hp=8e5c7b2fa4e82a84d0e93f15f44cc223be33e616;hpb=64ca9472f0b0f40b94abe2adf5d397bdf3d5e7b3;p=sliver-openvswitch.git

diff --git a/debian/openvswitch-ipsec.init b/debian/openvswitch-ipsec.init
index 8e5c7b2fa..a39dd40e6 100755
--- a/debian/openvswitch-ipsec.init
+++ b/debian/openvswitch-ipsec.init
@@ -70,11 +70,23 @@ running() {
     return 0
 }
 
+uninstall_mark_rule() {
+    iptables -D INPUT -t mangle $1 -j MARK --set-mark 1/1 || return 0
+}
+
+install_mark_rule() {
+    if ( ! iptables -C INPUT -t mangle $1 -j MARK --set-mark 1/1 2> /dev/null); then
+        iptables -A INPUT -t mangle $1 -j MARK --set-mark 1/1
+    fi
+}
+
 start_server() {
     if [ ! -d /var/run/openvswitch ]; then
         install -d -m 755 -o root -g root /var/run/openvswitch
     fi
 
+    install_mark_rule "-p esp"
+    install_mark_rule "-p udp --dport 4500"
     /usr/share/openvswitch/scripts/ovs-monitor-ipsec \
            --pidfile=$PIDFILE --log-file --detach --monitor \
            unix:/var/run/openvswitch/db.sock
@@ -86,6 +98,8 @@ stop_server() {
     if [ -e $PIDFILE ]; then
         kill `cat $PIDFILE`
     fi
+    uninstall_mark_rule "-p esp"
+    uninstall_mark_rule "-p udp --dport 4500"
 
     return 0
 }