]> git.ipfire.org Git - people/ms/strongswan.git/commitdiff
projects / people / ms / strongswan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ac9759a)
kernel-netlink: Pass zero mark to kernel if mask is set
authorTobias Brunner <tobias@strongswan.org>
Mon, 29 Aug 2016 14:39:18 +0000 (16:39 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 30 Sep 2016 13:35:32 +0000 (15:35 +0200)
The kernel will apply the mask to the mark on the packet and then
compare it to the configured mark.  So to match only unmarked packets we
have to be able to set 0/0xffffffff.

src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c patch | blob | blame | history

diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 6b06c269b37e252d394634cc578155bd4b0f7cda..f3846ec07573e0e087a989cc77578ca4154c8f08 100644 (file)
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -1245,7 +1245,7 @@ METHOD(kernel_ipsec_t, get_cpi, status_t,
  */
 static void format_mark(char *buf, int buflen, mark_t mark)
 {
-       if (mark.value)
+       if (mark.value | mark.mask)
        {
                snprintf(buf, buflen, " (mark %u/0x%08x)", mark.value, mark.mask);
        }
@@ -1256,7 +1256,7 @@ static void format_mark(char *buf, int buflen, mark_t mark)
  */
 static bool add_mark(struct nlmsghdr *hdr, int buflen, mark_t mark)
 {
-       if (mark.value)
+       if (mark.value | mark.mask)
        {
                struct xfrm_mark *xmrk;
 
Michael's strongswan development tree