From: Eyal Birger Date: Thu, 30 Nov 2017 08:47:01 +0000 (+0200) Subject: ipsec-types: Don't mask the mark value if it is one of the 'unique' values X-Git-Tag: 5.6.2dr2~4 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=23891683885bd13db80c4e172327d01dc68a4ffe;p=thirdparty%2Fstrongswan.git ipsec-types: Don't mask the mark value if it is one of the 'unique' values Support for mark=%unique/%unique-dir is implemented by using designated magic mark values. Use of masks is orthogonal to the 'unique' feature, as it is useful to be able to designate portions of the packet mark for other purposes, while still using different marks for different connections. When these magic values are masked, their magic meaning is lost. Perform masking only on explicit mark values. Closes strongswan/strongswan#87. --- diff --git a/src/libstrongswan/ipsec/ipsec_types.c b/src/libstrongswan/ipsec/ipsec_types.c index 68c3935b9d..c992eb5add 100644 --- a/src/libstrongswan/ipsec/ipsec_types.c +++ b/src/libstrongswan/ipsec/ipsec_types.c @@ -104,7 +104,10 @@ bool mark_from_string(const char *value, mark_t *mark) { mark->mask = 0xffffffff; } - /* apply the mask to ensure the value is in range */ - mark->value &= mark->mask; + if (!MARK_IS_UNIQUE(mark->value)) + { + /* apply the mask to ensure the value is in range */ + mark->value &= mark->mask; + } return TRUE; } diff --git a/src/libstrongswan/tests/suites/test_utils.c b/src/libstrongswan/tests/suites/test_utils.c index 353010aaf1..b423d7d2d3 100644 --- a/src/libstrongswan/tests/suites/test_utils.c +++ b/src/libstrongswan/tests/suites/test_utils.c @@ -877,8 +877,23 @@ static struct { {"/0xff", TRUE, { 0, 0xff }}, {"/x", FALSE, { 0 }}, {"x/x", FALSE, { 0 }}, - {"0xffffffff/0x0000ffff", TRUE, { 0x0000ffff, 0x0000ffff }}, - {"0xffffffff/0xffffffff", TRUE, { 0xffffffff, 0xffffffff }}, + {"0xfffffff0/0x0000ffff", TRUE, { 0x0000fff0, 0x0000ffff }}, + {"%unique", TRUE, { MARK_UNIQUE, 0xffffffff }}, + {"%unique/", TRUE, { MARK_UNIQUE, 0 }}, + {"%unique/0x0000ffff", TRUE, { MARK_UNIQUE, 0x0000ffff }}, + {"%unique/0xffffffff", TRUE, { MARK_UNIQUE, 0xffffffff }}, + {"%unique0xffffffffff", FALSE, { 0, 0 }}, + {"0xffffffff/0x0000ffff", TRUE, { MARK_UNIQUE, 0x0000ffff }}, + {"0xffffffff/0xffffffff", TRUE, { MARK_UNIQUE, 0xffffffff }}, + {"%unique-dir", TRUE, { MARK_UNIQUE_DIR, 0xffffffff }}, + {"%unique-dir/", TRUE, { MARK_UNIQUE_DIR, 0 }}, + {"%unique-dir/0x0000ffff", TRUE, { MARK_UNIQUE_DIR, 0x0000ffff }}, + {"%unique-dir/0xffffffff", TRUE, { MARK_UNIQUE_DIR, 0xffffffff }}, + {"%unique-dir0xffffffff", FALSE, { 0, 0 }}, + {"0xfffffffe/0x0000ffff", TRUE, { MARK_UNIQUE_DIR, 0x0000ffff }}, + {"0xfffffffe/0xffffffff", TRUE, { MARK_UNIQUE_DIR, 0xffffffff }}, + {"%unique-/0xffffffff", FALSE, { 0, 0 }}, + {"%unique-foo/0xffffffff", FALSE, { 0, 0 }}, }; START_TEST(test_mark_from_string)