/*
- * Copyright (C) 2008-2017 Tobias Brunner
+ * Copyright (C) 2008-2018 Tobias Brunner
* Copyright (C) 2016 Andreas Steffen
* Copyright (C) 2005-2007 Martin Willi
* Copyright (C) 2005 Jan Hutter
*/
mark_t mark_out;
+ /**
+ * Optional mark to set to packets after inbound processing
+ */
+ mark_t set_mark_in;
+
+ /**
+ * Optional mark to set to packets after outbound processing
+ */
+ mark_t set_mark_out;
+
/**
* Traffic Flow Confidentiality padding, if enabled
*/
return inbound ? this->mark_in : this->mark_out;
}
+METHOD(child_cfg_t, get_set_mark, mark_t,
+ private_child_cfg_t *this, bool inbound)
+{
+ return inbound ? this->set_mark_in : this->set_mark_out;
+}
+
METHOD(child_cfg_t, get_tfc, uint32_t,
private_child_cfg_t *this)
{
this->mark_in.mask == other->mark_in.mask &&
this->mark_out.value == other->mark_out.value &&
this->mark_out.mask == other->mark_out.mask &&
+ this->set_mark_in.value == other->set_mark_in.value &&
+ this->set_mark_in.mask == other->set_mark_in.mask &&
+ this->set_mark_out.value == other->set_mark_out.value &&
+ this->set_mark_out.mask == other->set_mark_out.mask &&
this->tfc == other->tfc &&
this->manual_prio == other->manual_prio &&
this->replay_window == other->replay_window &&
.get_inactivity = _get_inactivity,
.get_reqid = _get_reqid,
.get_mark = _get_mark,
+ .get_set_mark = _get_set_mark,
.get_tfc = _get_tfc,
.get_manual_prio = _get_manual_prio,
.get_interface = _get_interface,
.close_action = data->close_action,
.mark_in = data->mark_in,
.mark_out = data->mark_out,
+ .set_mark_in = data->set_mark_in,
+ .set_mark_out = data->set_mark_out,
.lifetime = data->lifetime,
.inactivity = data->inactivity,
.tfc = data->tfc,
/*
- * Copyright (C) 2008-2017 Tobias Brunner
+ * Copyright (C) 2008-2018 Tobias Brunner
* Copyright (C) 2016 Andreas Steffen
* Copyright (C) 2005-2007 Martin Willi
* Copyright (C) 2005 Jan Hutter
uint32_t (*get_reqid)(child_cfg_t *this);
/**
- * Optional mark for CHILD_SA.
+ * Optional mark to set on policies/SAs.
*
* @param inbound TRUE for inbound, FALSE for outbound
* @return mark
*/
mark_t (*get_mark)(child_cfg_t *this, bool inbound);
+ /**
+ * Optional mark the SAs should apply after processing packets.
+ *
+ * @param inbound TRUE for inbound, FALSE for outbound
+ * @return mark
+ */
+ mark_t (*get_set_mark)(child_cfg_t *this, bool inbound);
+
/**
* Get the TFC padding value to use for CHILD_SA.
*
mark_t mark_in;
/** Optional outbound mark */
mark_t mark_out;
+ /** Optional inbound mark the SA should apply to traffic */
+ mark_t set_mark_in;
+ /** Optional outbound mark the SA should apply to traffic */
+ mark_t set_mark_out;
/** Mode to propose for CHILD_SA */
ipsec_mode_t mode;
/** TFC padding size, 0 to disable, -1 to pad to PMTU */
projects / thirdparty / strongswan.git / commitdiff
