From: Tobias Brunner Date: Fri, 20 Apr 2018 12:02:57 +0000 (+0200) Subject: child-cfg: Add properties for in-/outbound mark the SA should set X-Git-Tag: 5.7.0rc1~28^2~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fa4d4012aeb78fc34b08b10c284af0862778b87b;p=thirdparty%2Fstrongswan.git child-cfg: Add properties for in-/outbound mark the SA should set --- diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c index 98c15782b4..14148ed037 100644 --- a/src/libcharon/config/child_cfg.c +++ b/src/libcharon/config/child_cfg.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2017 Tobias Brunner + * Copyright (C) 2008-2018 Tobias Brunner * Copyright (C) 2016 Andreas Steffen * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -123,6 +123,16 @@ struct private_child_cfg_t { */ mark_t mark_out; + /** + * Optional mark to set to packets after inbound processing + */ + mark_t set_mark_in; + + /** + * Optional mark to set to packets after outbound processing + */ + mark_t set_mark_out; + /** * Traffic Flow Confidentiality padding, if enabled */ @@ -547,6 +557,12 @@ METHOD(child_cfg_t, get_mark, mark_t, return inbound ? this->mark_in : this->mark_out; } +METHOD(child_cfg_t, get_set_mark, mark_t, + private_child_cfg_t *this, bool inbound) +{ + return inbound ? this->set_mark_in : this->set_mark_out; +} + METHOD(child_cfg_t, get_tfc, uint32_t, private_child_cfg_t *this) { @@ -620,6 +636,10 @@ METHOD(child_cfg_t, equals, bool, this->mark_in.mask == other->mark_in.mask && this->mark_out.value == other->mark_out.value && this->mark_out.mask == other->mark_out.mask && + this->set_mark_in.value == other->set_mark_in.value && + this->set_mark_in.mask == other->set_mark_in.mask && + this->set_mark_out.value == other->set_mark_out.value && + this->set_mark_out.mask == other->set_mark_out.mask && this->tfc == other->tfc && this->manual_prio == other->manual_prio && this->replay_window == other->replay_window && @@ -676,6 +696,7 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data) .get_inactivity = _get_inactivity, .get_reqid = _get_reqid, .get_mark = _get_mark, + .get_set_mark = _get_set_mark, .get_tfc = _get_tfc, .get_manual_prio = _get_manual_prio, .get_interface = _get_interface, @@ -698,6 +719,8 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data) .close_action = data->close_action, .mark_in = data->mark_in, .mark_out = data->mark_out, + .set_mark_in = data->set_mark_in, + .set_mark_out = data->set_mark_out, .lifetime = data->lifetime, .inactivity = data->inactivity, .tfc = data->tfc, diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h index f552dae71f..e3b59e656a 100644 --- a/src/libcharon/config/child_cfg.h +++ b/src/libcharon/config/child_cfg.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2017 Tobias Brunner + * Copyright (C) 2008-2018 Tobias Brunner * Copyright (C) 2016 Andreas Steffen * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -227,13 +227,21 @@ struct child_cfg_t { uint32_t (*get_reqid)(child_cfg_t *this); /** - * Optional mark for CHILD_SA. + * Optional mark to set on policies/SAs. * * @param inbound TRUE for inbound, FALSE for outbound * @return mark */ mark_t (*get_mark)(child_cfg_t *this, bool inbound); + /** + * Optional mark the SAs should apply after processing packets. + * + * @param inbound TRUE for inbound, FALSE for outbound + * @return mark + */ + mark_t (*get_set_mark)(child_cfg_t *this, bool inbound); + /** * Get the TFC padding value to use for CHILD_SA. * @@ -346,6 +354,10 @@ struct child_cfg_create_t { mark_t mark_in; /** Optional outbound mark */ mark_t mark_out; + /** Optional inbound mark the SA should apply to traffic */ + mark_t set_mark_in; + /** Optional outbound mark the SA should apply to traffic */ + mark_t set_mark_out; /** Mode to propose for CHILD_SA */ ipsec_mode_t mode; /** TFC padding size, 0 to disable, -1 to pad to PMTU */