From: Martin Willi Date: Wed, 6 Feb 2013 14:19:32 +0000 (+0100) Subject: Add a ikedscp ipsec.conf option to set DSCP value on outgoing IKE packets X-Git-Tag: 5.0.3dr2~18^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7fbe516f881fa9b1ddcb16d935f3be21c5f925dc;p=thirdparty%2Fstrongswan.git Add a ikedscp ipsec.conf option to set DSCP value on outgoing IKE packets --- diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index 0f40356d2e..7bca94d432 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -235,7 +235,7 @@ static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg msg->add_conn.other.allow_any, msg->add_conn.other.ikeport, msg->add_conn.fragmentation, - 0); + msg->add_conn.ikedscp); add_proposals(this, msg->add_conn.algorithms.ike, ike_cfg, NULL); return ike_cfg; } diff --git a/src/starter/args.c b/src/starter/args.c index 390062a99e..5fbf51856b 100644 --- a/src/starter/args.c +++ b/src/starter/args.c @@ -33,6 +33,7 @@ typedef enum { ARG_TIME, ARG_ULNG, ARG_ULLI, + ARG_UBIN, ARG_PCNT, ARG_STR, ARG_LST, @@ -146,6 +147,7 @@ static const token_info_t token_info[] = { ARG_MISC, 0, NULL /* KW_MOBIKE */ }, { ARG_MISC, 0, NULL /* KW_FORCEENCAPS */ }, { ARG_ENUM, offsetof(starter_conn_t, fragmentation), LST_fragmentation }, + { ARG_UBIN, offsetof(starter_conn_t, ikedscp), NULL }, { ARG_TIME, offsetof(starter_conn_t, sa_ike_life_seconds), NULL }, { ARG_TIME, offsetof(starter_conn_t, sa_ipsec_life_seconds), NULL }, { ARG_TIME, offsetof(starter_conn_t, sa_rekey_margin), NULL }, @@ -399,6 +401,21 @@ bool assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base, } } break; + case ARG_UBIN: + { + char *endptr; + u_int *u = (u_int *)p; + + *u = strtoul(kw->value, &endptr, 2); + + if (*endptr != '\0') + { + DBG1(DBG_APP, "# bad binary value: %s=%s", kw->entry->name, + kw->value); + return FALSE; + } + } + break; case ARG_TIME: { char *endptr; diff --git a/src/starter/confread.h b/src/starter/confread.h index a0f6234f9d..8dd56080d0 100644 --- a/src/starter/confread.h +++ b/src/starter/confread.h @@ -148,6 +148,7 @@ struct starter_conn { ipsec_mode_t mode; bool proxy_mode; fragmentation_t fragmentation; + u_int ikedscp; sa_option_t options; time_t sa_ike_life_seconds; time_t sa_ipsec_life_seconds; @@ -246,4 +247,3 @@ extern starter_config_t *confread_load(const char *file); extern void confread_free(starter_config_t *cfg); #endif /* _IPSEC_CONFREAD_H_ */ - diff --git a/src/starter/keywords.h b/src/starter/keywords.h index f776f33c97..4a96a418cd 100644 --- a/src/starter/keywords.h +++ b/src/starter/keywords.h @@ -43,6 +43,7 @@ typedef enum { KW_MOBIKE, KW_FORCEENCAPS, KW_FRAGMENTATION, + KW_IKEDSCP, KW_IKELIFETIME, KW_KEYLIFE, KW_REKEYMARGIN, @@ -186,4 +187,3 @@ typedef enum { } kw_token_t; #endif /* _KEYWORDS_H_ */ - diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt index 1f1641287a..cd964b0e3a 100644 --- a/src/starter/keywords.txt +++ b/src/starter/keywords.txt @@ -41,6 +41,7 @@ aaa_identity, KW_AAA_IDENTITY mobike, KW_MOBIKE forceencaps, KW_FORCEENCAPS fragmentation, KW_FRAGMENTATION +ikedscp, KW_IKEDSCP, ikelifetime, KW_IKELIFETIME lifetime, KW_KEYLIFE keylife, KW_KEYLIFE diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c index 4f9e8fb145..9d096453aa 100644 --- a/src/starter/starterstroke.c +++ b/src/starter/starterstroke.c @@ -181,6 +181,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn) msg.add_conn.mobike = conn->options & SA_OPTION_MOBIKE; msg.add_conn.force_encap = conn->options & SA_OPTION_FORCE_ENCAP; msg.add_conn.fragmentation = conn->fragmentation; + msg.add_conn.ikedscp = conn->ikedscp; msg.add_conn.ipcomp = conn->options & SA_OPTION_COMPRESS; msg.add_conn.install_policy = conn->install_policy; msg.add_conn.aggressive = conn->aggressive; @@ -330,4 +331,3 @@ int starter_stroke_configure(starter_config_t *cfg) } return 0; } - diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h index e972a5984e..b2df887ae6 100644 --- a/src/stroke/stroke_msg.h +++ b/src/stroke/stroke_msg.h @@ -262,6 +262,7 @@ struct stroke_msg_t { int close_action; u_int32_t reqid; u_int32_t tfc; + u_int8_t ikedscp; crl_policy_t crl_policy; int unique;