Add a DSCP configuration value to IKE configs

diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c
index eb187496d505f3f3d707598f161dbd25047f8d77..b96ab418b38d7eedcbc389706f4d5deb52bb0370 100644 (file)
--- a/src/charon-nm/nm/nm_service.c
+++ b/src/charon-nm/nm/nm_service.c
@@ -501,7 +501,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
        ike_cfg = ike_cfg_create(IKEV2, TRUE, encap, "0.0.0.0", FALSE,
                                                         charon->socket->get_port(charon->socket, FALSE),
                                                        (char*)address, FALSE, IKEV2_UDP_PORT,
-                                                        FRAGMENTATION_NO);
+                                                        FRAGMENTATION_NO, 0);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
        peer_cfg = peer_cfg_create(priv->name, ike_cfg,
                                        CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */
@@ -718,4 +718,3 @@ NMStrongswanPlugin *nm_strongswan_plugin_new(nm_creds_t *creds,
        }
        return plugin;
 }
-

diff --git a/src/conftest/config.c b/src/conftest/config.c
index ae0d93460556751569d6ab99f3d20aecdcb022ed..10b773de2c227acd7cac4fd0dcd6d5a60284691d 100644 (file)
--- a/src/conftest/config.c
+++ b/src/conftest/config.c
@@ -107,7 +107,7 @@ static ike_cfg_t *load_ike_config(private_config_t *this,
                settings->get_int(settings, "configs.%s.lport", 500, config),
                settings->get_str(settings, "configs.%s.rhost", "%any", config), FALSE,
                settings->get_int(settings, "configs.%s.rport", 500, config),
-               FRAGMENTATION_NO);
+               FRAGMENTATION_NO, 0);
        token = settings->get_str(settings, "configs.%s.proposal", NULL, config);
        if (token)
        {

diff --git a/src/frontends/android/jni/libandroidbridge/backend/android_service.c b/src/frontends/android/jni/libandroidbridge/backend/android_service.c
index cce5ff0d4d7ed6835d6d2fa64cc511637e4bf47a..2f13be93c7c7c698cbc22dc881164af698eae7c5 100644 (file)
--- a/src/frontends/android/jni/libandroidbridge/backend/android_service.c
+++ b/src/frontends/android/jni/libandroidbridge/backend/android_service.c
@@ -472,7 +472,7 @@ static job_requeue_t initiate(private_android_service_t *this)
        ike_cfg = ike_cfg_create(IKEV2, TRUE, TRUE, "0.0.0.0", FALSE,
                                                         charon->socket->get_port(charon->socket, FALSE),
                                                         this->gateway, FALSE, IKEV2_UDP_PORT,
-                                                        FRAGMENTATION_NO);
+                                                        FRAGMENTATION_NO, 0);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
 
        peer_cfg = peer_cfg_create("android", ike_cfg, CERT_SEND_IF_ASKED,

diff --git a/src/libcharon/config/ike_cfg.c b/src/libcharon/config/ike_cfg.c
index 5e5fbba42e75b9c6d0a4a8e90531044ffaa17d8c..54a054e405519402f9e8b56269ab4b107a7e5ac6 100644 (file)
--- a/src/libcharon/config/ike_cfg.c
+++ b/src/libcharon/config/ike_cfg.c
@@ -94,6 +94,11 @@ struct private_ike_cfg_t {
         */
        fragmentation_t fragmentation;
 
+       /**
+        * DSCP value to use on sent IKE packets
+        */
+       u_int8_t dscp;
+
        /**
         * List of proposals to use
         */
@@ -156,6 +161,12 @@ METHOD(ike_cfg_t, get_other_port, u_int16_t,
        return this->other_port;
 }
 
+METHOD(ike_cfg_t, get_dscp, u_int8_t,
+       private_ike_cfg_t *this)
+{
+       return this->dscp;
+}
+
 METHOD(ike_cfg_t, add_proposal, void,
        private_ike_cfg_t *this, proposal_t *proposal)
 {
@@ -312,7 +323,7 @@ METHOD(ike_cfg_t, destroy, void,
 ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap,
                                                  char *me, bool my_allow_any, u_int16_t my_port,
                                                  char *other, bool other_allow_any, u_int16_t other_port,
-                                                 fragmentation_t fragmentation)
+                                                 fragmentation_t fragmentation, u_int8_t dscp)
 {
        private_ike_cfg_t *this;
 
@@ -326,6 +337,7 @@ ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap,
                        .get_other_addr = _get_other_addr,
                        .get_my_port = _get_my_port,
                        .get_other_port = _get_other_port,
+                       .get_dscp = _get_dscp,
                        .add_proposal = _add_proposal,
                        .get_proposals = _get_proposals,
                        .select_proposal = _select_proposal,
@@ -345,6 +357,7 @@ ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap,
                .other_allow_any = other_allow_any,
                .my_port = my_port,
                .other_port = other_port,
+               .dscp = dscp,
                .proposals = linked_list_create(),
        );
 

diff --git a/src/libcharon/config/ike_cfg.h b/src/libcharon/config/ike_cfg.h
index 5a7fae1e90bffa21682fc82c218a2b3d99ba704b..719ceb9dd516f418f6e29f80d1c86cb8c1f18631 100644 (file)
--- a/src/libcharon/config/ike_cfg.h
+++ b/src/libcharon/config/ike_cfg.h
@@ -107,6 +107,13 @@ struct ike_cfg_t {
         */
        u_int16_t (*get_other_port)(ike_cfg_t *this);
 
+       /**
+        * Get the DSCP value to use for IKE packets send from connections.
+        *
+        * @return                              DSCP value
+        */
+       u_int8_t (*get_dscp)(ike_cfg_t *this);
+
        /**
         * Adds a proposal to the list.
         *
@@ -205,11 +212,12 @@ struct ike_cfg_t {
  * @param other_allow_any      allow override of remote address by any address
  * @param other_port           IKE port to use as dest, 500 uses IKEv2 port floating
  * @param fragmentation                use IKEv1 fragmentation
+ * @param dscp                         DSCP value to send IKE packets with
  * @return                                     ike_cfg_t object.
  */
 ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap,
                                                  char *me, bool my_allow_any, u_int16_t my_port,
                                                  char *other, bool other_allow_any, u_int16_t other_port,
-                                                 fragmentation_t fragmentation);
+                                                 fragmentation_t fragmentation, u_int8_t dscp);
 
 #endif /** IKE_CFG_H_ @}*/

diff --git a/src/libcharon/plugins/android/android_service.c b/src/libcharon/plugins/android/android_service.c
index 6af35e5df7cce949bce2fdee253e64b10e9a996d..9b9bcc3f51490508190b156cc5d0baa62d562bdf 100644 (file)
--- a/src/libcharon/plugins/android/android_service.c
+++ b/src/libcharon/plugins/android/android_service.c
@@ -266,7 +266,8 @@ static job_requeue_t initiate(private_android_service_t *this)
 
        ike_cfg = ike_cfg_create(IKEV2, TRUE, FALSE, "0.0.0.0", FALSE,
                                                         charon->socket->get_port(charon->socket, FALSE),
-                                                        hostname, FALSE, IKEV2_UDP_PORT, FRAGMENTATION_NO);
+                                                        hostname, FALSE, IKEV2_UDP_PORT, FRAGMENTATION_NO,
+                                                        0);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
 
        peer_cfg = peer_cfg_create("android", ike_cfg, CERT_SEND_IF_ASKED,
@@ -386,4 +387,3 @@ android_service_t *android_service_create(android_creds_t *creds)
 
        return &this->public;
 }
-

diff --git a/src/libcharon/plugins/ha/ha_tunnel.c b/src/libcharon/plugins/ha/ha_tunnel.c
index 130c86e48df3b8b2680c1143c3a3aa8599a8bedd..e6a09a76e7ca9e2acda01e9f0bbd9acc9d0c7155 100644 (file)
--- a/src/libcharon/plugins/ha/ha_tunnel.c
+++ b/src/libcharon/plugins/ha/ha_tunnel.c
@@ -205,7 +205,7 @@ static void setup_tunnel(private_ha_tunnel_t *this,
        /* create config and backend */
        ike_cfg = ike_cfg_create(IKEV2, FALSE, FALSE, local, FALSE,
                                                         charon->socket->get_port(charon->socket, FALSE),
-                                                        remote, FALSE, IKEV2_UDP_PORT, FRAGMENTATION_NO);
+                                                        remote, FALSE, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
        peer_cfg = peer_cfg_create("ha", ike_cfg, CERT_NEVER_SEND,
                                                UNIQUE_KEEP, 0, 86400, 0, 7200, 3600, FALSE, FALSE, 30,
@@ -288,4 +288,3 @@ ha_tunnel_t *ha_tunnel_create(char *local, char *remote, char *secret)
 
        return &this->public;
 }
-

diff --git a/src/libcharon/plugins/load_tester/load_tester_config.c b/src/libcharon/plugins/load_tester/load_tester_config.c
index c6288c5d9167102a7b9548d6c91b7fc9f27ab65a..18794657959ac7ef4a2b886e416a765c22095fbb 100644 (file)
--- a/src/libcharon/plugins/load_tester/load_tester_config.c
+++ b/src/libcharon/plugins/load_tester/load_tester_config.c
@@ -491,7 +491,7 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num)
                ike_cfg = ike_cfg_create(this->version, TRUE, FALSE,
                                                                 local, FALSE, this->port + num - 1,
                                                                 remote, FALSE, IKEV2_NATT_PORT,
-                                                                FRAGMENTATION_NO);
+                                                                FRAGMENTATION_NO, 0);
        }
        else
        {
@@ -499,7 +499,7 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num)
                                                                 local, FALSE,
                                                                 charon->socket->get_port(charon->socket, FALSE),
                                                                 remote, FALSE, IKEV2_UDP_PORT,
-                                                                FRAGMENTATION_NO);
+                                                                FRAGMENTATION_NO, 0);
        }
        ike_cfg->add_proposal(ike_cfg, this->proposal->clone(this->proposal));
        peer_cfg = peer_cfg_create("load-test", ike_cfg,

diff --git a/src/libcharon/plugins/maemo/maemo_service.c b/src/libcharon/plugins/maemo/maemo_service.c
index 806e4cd65286fb4bf2357883f728dcb8b71e5f27..d7539c2da877757a793e964edeab35ebb692259b 100644 (file)
--- a/src/libcharon/plugins/maemo/maemo_service.c
+++ b/src/libcharon/plugins/maemo/maemo_service.c
@@ -325,7 +325,8 @@ static gboolean initiate_connection(private_maemo_service_t *this,
 
        ike_cfg = ike_cfg_create(IKEV2, TRUE, FALSE, "0.0.0.0", FALSE,
                                                         charon->socket->get_port(charon->socket, FALSE),
-                                                        hostname, FALSE, IKEV2_UDP_PORT, FRAGMENTATION_NO);
+                                                        hostname, FALSE, IKEV2_UDP_PORT, FRAGMENTATION_NO,
+                                                        0);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
 
        peer_cfg = peer_cfg_create(this->current, ike_cfg,
@@ -524,4 +525,3 @@ maemo_service_t *maemo_service_create()
 
        return &this->public;
 }
-

diff --git a/src/libcharon/plugins/medcli/medcli_config.c b/src/libcharon/plugins/medcli/medcli_config.c
index 4be3dea026b60df9ef52d4574096c77d6232c2c1..d3bd29a1bdb80397d1830c7b20d7c35ce22dbf60 100644 (file)
--- a/src/libcharon/plugins/medcli/medcli_config.c
+++ b/src/libcharon/plugins/medcli/medcli_config.c
@@ -105,7 +105,7 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
        ike_cfg = ike_cfg_create(IKEV2, FALSE, FALSE,
                                                         "0.0.0.0", FALSE,
                                                         charon->socket->get_port(charon->socket, FALSE),
-                                                        address, FALSE, IKEV2_UDP_PORT, FRAGMENTATION_NO);
+                                                        address, FALSE, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
        med_cfg = peer_cfg_create(
                "mediation", ike_cfg,
@@ -381,7 +381,7 @@ medcli_config_t *medcli_config_create(database_t *db)
                                                          "0.0.0.0", FALSE,
                                                          charon->socket->get_port(charon->socket, FALSE),
                                                          "0.0.0.0", FALSE, IKEV2_UDP_PORT,
-                                                         FRAGMENTATION_NO),
+                                                         FRAGMENTATION_NO, 0),
        );
        this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));
 
@@ -389,4 +389,3 @@ medcli_config_t *medcli_config_create(database_t *db)
 
        return &this->public;
 }
-

diff --git a/src/libcharon/plugins/medsrv/medsrv_config.c b/src/libcharon/plugins/medsrv/medsrv_config.c
index be14380ea65fb5fdd529399a072f3c98fcf49a65..06339220a6177eb891a453f6fc7297dd534287e5 100644 (file)
--- a/src/libcharon/plugins/medsrv/medsrv_config.c
+++ b/src/libcharon/plugins/medsrv/medsrv_config.c
@@ -143,10 +143,9 @@ medsrv_config_t *medsrv_config_create(database_t *db)
                                                          "0.0.0.0", FALSE,
                                                          charon->socket->get_port(charon->socket, FALSE),
                                                          "0.0.0.0", FALSE, IKEV2_UDP_PORT,
-                                                         FRAGMENTATION_NO),
+                                                         FRAGMENTATION_NO, 0),
        );
        this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));
 
        return &this->public;
 }
-

diff --git a/src/libcharon/plugins/sql/sql_config.c b/src/libcharon/plugins/sql/sql_config.c
index 37bd86671f7c6f62629a30f942ae6425965436b3..c3471a07862125336478b956efbb5e4fdc0af742 100644 (file)
--- a/src/libcharon/plugins/sql/sql_config.c
+++ b/src/libcharon/plugins/sql/sql_config.c
@@ -262,7 +262,7 @@ static ike_cfg_t *build_ike_cfg(private_sql_config_t *this, enumerator_t *e,
                                                                 local, FALSE,
                                                                 charon->socket->get_port(charon->socket, FALSE),
                                                                 remote, FALSE, IKEV2_UDP_PORT,
-                                                                FRAGMENTATION_NO);
+                                                                FRAGMENTATION_NO, 0);
                add_ike_proposals(this, ike_cfg, id);
                return ike_cfg;
        }
@@ -620,4 +620,3 @@ sql_config_t *sql_config_create(database_t *db)
 
        return &this->public;
 }
-

diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
index 9f6124dc9969bab5e13c1ca0fdfee57ad87b4f21..0f40356d2ec52f8bf31c1b973f6bff09e9b328c5 100644 (file)
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@@ -234,7 +234,8 @@ static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg
                                                         msg->add_conn.other.address,
                                                         msg->add_conn.other.allow_any,
                                                         msg->add_conn.other.ikeport,
-                                                        msg->add_conn.fragmentation);
+                                                        msg->add_conn.fragmentation,
+                                                        0);
        add_proposals(this, msg->add_conn.algorithms.ike, ike_cfg, NULL);
        return ike_cfg;
 }

diff --git a/src/libcharon/plugins/uci/uci_config.c b/src/libcharon/plugins/uci/uci_config.c
index de0bf91af6a7654f59da026c119f7ff59535e670..4d317b6cc33e9af26d66265b22e4c9796456ee4d 100644 (file)
--- a/src/libcharon/plugins/uci/uci_config.c
+++ b/src/libcharon/plugins/uci/uci_config.c
@@ -156,7 +156,7 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool,
                                                                 local_addr, FALSE,
                                                                 charon->socket->get_port(charon->socket, FALSE),
                                                                 remote_addr, FALSE, IKEV2_UDP_PORT,
-                                                                FRAGMENTATION_NO);
+                                                                FRAGMENTATION_NO, 0);
                ike_cfg->add_proposal(ike_cfg, create_proposal(ike_proposal, PROTO_IKE));
                this->peer_cfg = peer_cfg_create(
                                        name, ike_cfg, CERT_SEND_IF_ASKED, UNIQUE_NO,
@@ -255,7 +255,7 @@ METHOD(enumerator_t, ike_enumerator_enumerate, bool,
                                                                local_addr, FALSE,
                                                                charon->socket->get_port(charon->socket, FALSE),
                                                                remote_addr, FALSE, IKEV2_UDP_PORT,
-                                                               FRAGMENTATION_NO);
+                                                               FRAGMENTATION_NO, 0);
                this->ike_cfg->add_proposal(this->ike_cfg,
                                                                        create_proposal(ike_proposal, PROTO_IKE));
 
@@ -343,4 +343,3 @@ uci_config_t *uci_config_create(uci_parser_t *parser)
 
        return &this->public;
 }
-