*/
mark_t set_mark_out;
+ /**
+ * Optional security label for policies
+ */
+ sec_label_t *label;
+
+ /**
+ * Optional label mode for policies
+ */
+ sec_label_mode_t label_mode;
+
/**
* Traffic Flow Confidentiality padding, if enabled
*/
return inbound ? this->set_mark_in : this->set_mark_out;
}
+METHOD(child_cfg_t, get_label, sec_label_t*,
+ private_child_cfg_t *this)
+{
+ return this->label;
+}
+
+METHOD(child_cfg_t, get_label_mode, sec_label_mode_t,
+ private_child_cfg_t *this)
+{
+ return this->label_mode;
+}
+
METHOD(child_cfg_t, get_tfc, uint32_t,
private_child_cfg_t *this)
{
this->hw_offload == other->hw_offload &&
this->copy_dscp == other->copy_dscp &&
streq(this->updown, other->updown) &&
- streq(this->interface, other->interface);
+ streq(this->interface, other->interface) &&
+ sec_labels_equal(this->label, other->label) &&
+ this->label_mode == other->label_mode;
}
METHOD(child_cfg_t, get_ref, child_cfg_t*,
this->proposals->destroy_offset(this->proposals, offsetof(proposal_t, destroy));
this->my_ts->destroy_offset(this->my_ts, offsetof(traffic_selector_t, destroy));
this->other_ts->destroy_offset(this->other_ts, offsetof(traffic_selector_t, destroy));
+ DESTROY_IF(this->label);
free(this->updown);
free(this->interface);
free(this->name);
.get_if_id = _get_if_id,
.get_mark = _get_mark,
.get_set_mark = _get_set_mark,
+ .get_label = _get_label,
+ .get_label_mode = _get_label_mode,
.get_tfc = _get_tfc,
.get_manual_prio = _get_manual_prio,
.get_interface = _get_interface,
.mark_out = data->mark_out,
.set_mark_in = data->set_mark_in,
.set_mark_out = data->set_mark_out,
+ .label = data->label ? data->label->clone(data->label) : NULL,
+ .label_mode = data->label_mode != SEC_LABEL_MODE_SYSTEM ?
+ data->label_mode : sec_label_mode_default(),
.lifetime = data->lifetime,
.inactivity = data->inactivity,
.tfc = data->tfc,
*/
mark_t (*get_set_mark)(child_cfg_t *this, bool inbound);
+ /**
+ * Optional security label to be configured on policies.
+ *
+ * @return label or NULL
+ */
+ sec_label_t *(*get_label)(child_cfg_t *this);
+
+ /**
+ * Get the mode in which the security label is used.
+ *
+ * @return label mode (never SEC_LABEL_MODE_SYSTEM)
+ */
+ sec_label_mode_t (*get_label_mode)(child_cfg_t *this);
+
/**
* Get the TFC padding value to use for CHILD_SA.
*
mark_t set_mark_in;
/** Optional outbound mark the SA should apply to traffic */
mark_t set_mark_out;
+ /** Optional security label configured on policies (cloned) */
+ sec_label_t *label;
+ /** Optional security label mode */
+ sec_label_mode_t label_mode;
/** Mode to propose for CHILD_SA */
ipsec_mode_t mode;
/** TFC padding size, 0 to disable, -1 to pad to PMTU */
projects / thirdparty / strongswan.git / commitdiff
