aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
diff options
context:
space:
mode:
authorTobias Brunner <tobias@strongswan.org>2016-08-29 16:39:18 +0200
committerTobias Brunner <tobias@strongswan.org>2016-09-30 15:35:32 +0200
commit33d3ffde25d5354ec36c26b764ab36179ef0fb34 (patch)
treeb8c92f96ff119f7b45218b549a4a023568df342c /src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
parentac9759a53270bfdb26ff73226209ee290320c4d5 (diff)
downloadstrongswan-33d3ffde25d5354ec36c26b764ab36179ef0fb34.tar.bz2
strongswan-33d3ffde25d5354ec36c26b764ab36179ef0fb34.tar.xz
kernel-netlink: Pass zero mark to kernel if mask is set
The kernel will apply the mask to the mark on the packet and then compare it to the configured mark. So to match only unmarked packets we have to be able to set 0/0xffffffff.
Diffstat (limited to 'src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c')
-rw-r--r--src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 6b06c269b..f3846ec07 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -1245,7 +1245,7 @@ METHOD(kernel_ipsec_t, get_cpi, status_t,
*/
static void format_mark(char *buf, int buflen, mark_t mark)
{
- if (mark.value)
+ if (mark.value | mark.mask)
{
snprintf(buf, buflen, " (mark %u/0x%08x)", mark.value, mark.mask);
}
@@ -1256,7 +1256,7 @@ static void format_mark(char *buf, int buflen, mark_t mark)
*/
static bool add_mark(struct nlmsghdr *hdr, int buflen, mark_t mark)
{
- if (mark.value)
+ if (mark.value | mark.mask)
{
struct xfrm_mark *xmrk;
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-18 04:30:30 +0000