kernel-interface: Optionally pass security label with an acquire

diff --git a/src/libcharon/kernel/kernel_listener.h b/src/libcharon/kernel/kernel_listener.h
index 6534921c24477869b826234b9f7c2d32fb4ad7bf..226b32f1ea6a25806811665e62074f8aabc12073 100644 (file)
--- a/src/libcharon/kernel/kernel_listener.h
+++ b/src/libcharon/kernel/kernel_listener.h
@@ -37,6 +37,8 @@ struct kernel_acquire_data_t {
        traffic_selector_t *src;
        /** Optional destination of the triggering packet */
        traffic_selector_t *dst;
+       /** Optional security label of the triggering packet */
+       sec_label_t *label;
 };
 
 /**

diff --git a/src/libcharon/processing/jobs/acquire_job.c b/src/libcharon/processing/jobs/acquire_job.c
index 0f06fcfcd44f792e03ef5c24467eb256016d56fe..5142bb297e073546feb62544b49b923579946f13 100644 (file)
--- a/src/libcharon/processing/jobs/acquire_job.c
+++ b/src/libcharon/processing/jobs/acquire_job.c
@@ -45,6 +45,7 @@ METHOD(job_t, destroy, void,
 {
        DESTROY_IF(this->data.src);
        DESTROY_IF(this->data.dst);
+       DESTROY_IF(this->data.label);
        free(this);
 }
 
@@ -88,7 +89,10 @@ acquire_job_t *acquire_job_create(uint32_t reqid, kernel_acquire_data_t *data)
        {
                this->data.dst = this->data.dst->clone(this->data.dst);
        }
+       if (this->data.label)
+       {
+               this->data.label = this->data.label->clone(this->data.label);
+       }
 
        return &this->public;
 }
-