[strongSwan-dev] [PATCH mark-inbound-sa 2/2] stroke: Make setting mark on inbound SA configurable
Christophe Gouault
christophe.gouault at 6wind.com
Wed Aug 23 18:16:33 CEST 2017
---
src/libcharon/plugins/stroke/stroke_config.c | 3 ++-
src/starter/args.c | 1 +
src/starter/confread.h | 1 +
src/starter/keywords.h | 1 +
src/starter/keywords.txt | 1 +
src/starter/starterstroke.c | 2 ++
src/stroke/stroke_msg.h | 1 +
7 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
index ac01292104da..0d7cc88b7089 100644
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@@ -1090,7 +1090,8 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this,
(msg->add_conn.ipcomp ? OPT_IPCOMP : 0) |
(msg->add_conn.me.hostaccess ? OPT_HOSTACCESS : 0) |
(msg->add_conn.install_policy ? 0 : OPT_NO_POLICIES) |
- (msg->add_conn.sha256_96 ? OPT_SHA256_96 : 0),
+ (msg->add_conn.sha256_96 ? OPT_SHA256_96 : 0) |
+ (msg->add_conn.mark_in_sa ? OPT_MARK_IN_SA : 0),
.tfc = msg->add_conn.tfc,
.inactivity = msg->add_conn.inactivity,
.dpd_action = map_action(msg->add_conn.dpd.action),
diff --git a/src/starter/args.c b/src/starter/args.c
index 477a52082d85..af2b55c65e1b 100644
--- a/src/starter/args.c
+++ b/src/starter/args.c
@@ -178,6 +178,7 @@ static const token_info_t token_info[] =
{ ARG_MISC, 0, NULL /* KW_MARK */ },
{ ARG_MISC, 0, NULL /* KW_MARK_IN */ },
{ ARG_MISC, 0, NULL /* KW_MARK_OUT */ },
+ { ARG_ENUM, offsetof(starter_conn_t, mark_in_sa), LST_bool },
{ ARG_MISC, 0, NULL /* KW_TFC */ },
{ ARG_MISC, 0, NULL /* KW_PFS_DEPRECATED */ },
{ ARG_MISC, 0, NULL /* KW_CONN_DEPRECATED */ },
diff --git a/src/starter/confread.h b/src/starter/confread.h
index 8ee730daa078..3e3f215a64f5 100644
--- a/src/starter/confread.h
+++ b/src/starter/confread.h
@@ -143,6 +143,7 @@ struct starter_conn {
uint32_t reqid;
mark_t mark_in;
mark_t mark_out;
+ bool mark_in_sa;
uint32_t replay_window;
uint32_t tfc;
bool install_policy;
diff --git a/src/starter/keywords.h b/src/starter/keywords.h
index 0cb46a7401c9..85f626c98875 100644
--- a/src/starter/keywords.h
+++ b/src/starter/keywords.h
@@ -77,6 +77,7 @@ enum kw_token_t {
KW_MARK,
KW_MARK_IN,
KW_MARK_OUT,
+ KW_MARK_IN_SA,
KW_TFC,
KW_PFS_DEPRECATED,
KW_CONN_DEPRECATED,
diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt
index 3f92dc83f50f..7699245c1399 100644
--- a/src/starter/keywords.txt
+++ b/src/starter/keywords.txt
@@ -74,6 +74,7 @@ replay_window, KW_REPLAY_WINDOW
mark, KW_MARK
mark_in, KW_MARK_IN
mark_out, KW_MARK_OUT
+mark_in_sa, KW_MARK_IN_SA
tfc, KW_TFC
cacert, KW_CACERT
crluri, KW_CRLURI
diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c
index 90af9372ac06..a43e3424076c 100644
--- a/src/starter/starterstroke.c
+++ b/src/starter/starterstroke.c
@@ -229,8 +229,10 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
msg->add_conn.replay_window = conn->replay_window;
msg->add_conn.mark_in.value = conn->mark_in.value;
msg->add_conn.mark_in.mask = conn->mark_in.mask;
+ msg->add_conn.mark_in.mask = conn->mark_in.mask;
msg->add_conn.mark_out.value = conn->mark_out.value;
msg->add_conn.mark_out.mask = conn->mark_out.mask;
+ msg->add_conn.mark_in_sa = conn->mark_in_sa;
msg->add_conn.tfc = conn->tfc;
add_end(&msg, offsetof(stroke_msg_t, add_conn.me), &conn->left);
diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h
index 60ea0028d8b9..d31a4cfe0765 100644
--- a/src/stroke/stroke_msg.h
+++ b/src/stroke/stroke_msg.h
@@ -300,6 +300,7 @@ struct stroke_msg_t {
uint32_t value;
uint32_t mask;
} mark_in, mark_out;
+ bool mark_in_sa;
stroke_end_t me, other;
uint32_t replay_window;
bool sha256_96;
--
2.1.4
More information about the Dev
mailing list