From 52a05d7f6c39c2a794d4ece6cd32d46f08a5bd6c Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 21 Dec 2021 11:22:36 +0100
Subject: [PATCH] kernel-interface: Optionally pass security label with an
 acquire

---
 src/libcharon/kernel/kernel_listener.h      | 2 ++
 src/libcharon/processing/jobs/acquire_job.c | 6 +++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/libcharon/kernel/kernel_listener.h b/src/libcharon/kernel/kernel_listener.h
index 6534921c24..226b32f1ea 100644
--- a/src/libcharon/kernel/kernel_listener.h
+++ b/src/libcharon/kernel/kernel_listener.h
@@ -37,6 +37,8 @@ struct kernel_acquire_data_t {
 	traffic_selector_t *src;
 	/** Optional destination of the triggering packet */
 	traffic_selector_t *dst;
+	/** Optional security label of the triggering packet */
+	sec_label_t *label;
 };
 
 /**
diff --git a/src/libcharon/processing/jobs/acquire_job.c b/src/libcharon/processing/jobs/acquire_job.c
index 0f06fcfcd4..5142bb297e 100644
--- a/src/libcharon/processing/jobs/acquire_job.c
+++ b/src/libcharon/processing/jobs/acquire_job.c
@@ -45,6 +45,7 @@ METHOD(job_t, destroy, void,
 {
 	DESTROY_IF(this->data.src);
 	DESTROY_IF(this->data.dst);
+	DESTROY_IF(this->data.label);
 	free(this);
 }
 
@@ -88,7 +89,10 @@ acquire_job_t *acquire_job_create(uint32_t reqid, kernel_acquire_data_t *data)
 	{
 		this->data.dst = this->data.dst->clone(this->data.dst);
 	}
+	if (this->data.label)
+	{
+		this->data.label = this->data.label->clone(this->data.label);
+	}
 
 	return &this->public;
 }
-
-- 
2.47.2