diff options
author | Tobias Brunner <tobias@strongswan.org> | 2016-11-11 10:40:53 +0100 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2017-02-16 19:23:31 +0100 |
commit | 44fcc83310ed7a032d2cf0fa315f3f7bd36c0f69 (patch) | |
tree | d75fcf8aeb5bd93d9b1f09559d75c9d5ac130d3b /src | |
parent | d460ab2bff5c49cc2e5fbffe79f59d9a1d9918a6 (diff) | |
download | strongswan-44fcc83310ed7a032d2cf0fa315f3f7bd36c0f69.tar.bz2 strongswan-44fcc83310ed7a032d2cf0fa315f3f7bd36c0f69.tar.xz |
vici: Add missing dscp setting for IKE_SAs
Fixes #2170.
Diffstat (limited to 'src')
-rw-r--r-- | src/libcharon/plugins/vici/vici_config.c | 44 | ||||
-rw-r--r-- | src/swanctl/swanctl.opt | 8 |
2 files changed, 47 insertions, 5 deletions
diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c index 2110fd31d..ff706be46 100644 --- a/src/libcharon/plugins/vici/vici_config.c +++ b/src/libcharon/plugins/vici/vici_config.c @@ -295,6 +295,7 @@ typedef struct { uint64_t rekey_time; uint64_t over_time; uint64_t rand_time; + uint8_t dscp; } peer_data_t; /** @@ -370,6 +371,7 @@ static void log_peer_data(peer_data_t *data) DBG2(DBG_CFG, " send_cert = %N", cert_policy_names, data->send_cert); DBG2(DBG_CFG, " mobike = %u", data->mobike); DBG2(DBG_CFG, " aggressive = %u", data->aggressive); + DBG2(DBG_CFG, " dscp = 0x%.2x", data->dscp); DBG2(DBG_CFG, " encap = %u", data->encap); DBG2(DBG_CFG, " dpd_delay = %llu", data->dpd_delay); DBG2(DBG_CFG, " dpd_timeout = %llu", data->dpd_timeout); @@ -814,10 +816,9 @@ CALLBACK(parse_action, bool, } /** - * Parse a uint32_t + * Parse a uint32_t with the given base */ -CALLBACK(parse_uint32, bool, - uint32_t *out, chunk_t v) +static bool parse_uint32_base(uint32_t *out, chunk_t v, int base) { char buf[16], *end; u_long l; @@ -826,7 +827,7 @@ CALLBACK(parse_uint32, bool, { return FALSE; } - l = strtoul(buf, &end, 0); + l = strtoul(buf, &end, base); if (*end == 0) { *out = l; @@ -836,6 +837,24 @@ CALLBACK(parse_uint32, bool, } /** + * Parse a uint32_t + */ +CALLBACK(parse_uint32, bool, + uint32_t *out, chunk_t v) +{ + return parse_uint32_base(out, v, 0); +} + +/** + * Parse a uint32_t in binary encoding + */ +CALLBACK(parse_uint32_bin, bool, + uint32_t *out, chunk_t v) +{ + return parse_uint32_base(out, v, 2); +} + +/** * Parse a uint64_t */ CALLBACK(parse_uint64, bool, @@ -984,6 +1003,20 @@ CALLBACK(parse_tfc, bool, } /** + * Parse 6-bit DSCP value + */ +CALLBACK(parse_dscp, bool, + uint8_t *out, chunk_t v) +{ + if (parse_uint32_bin(out, v)) + { + *out = *out & 0x3f; + return TRUE; + } + return FALSE; +} + +/** * Parse authentication config */ CALLBACK(parse_auth, bool, @@ -1417,6 +1450,7 @@ CALLBACK(peer_kv, bool, { "version", parse_uint32, &peer->version }, { "aggressive", parse_bool, &peer->aggressive }, { "pull", parse_bool, &peer->pull }, + { "dscp", parse_dscp, &peer->dscp }, { "encap", parse_bool, &peer->encap }, { "mobike", parse_bool, &peer->mobike }, { "dpd_delay", parse_time, &peer->dpd_delay }, @@ -2085,7 +2119,7 @@ CALLBACK(config_sn, bool, ike_cfg = ike_cfg_create(peer.version, peer.send_certreq, peer.encap, peer.local_addrs, peer.local_port, peer.remote_addrs, peer.remote_port, - peer.fragmentation, 0); + peer.fragmentation, peer.dscp); cfg = (peer_cfg_create_t){ .cert_policy = peer.send_cert, diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt index a7d6d9fc3..e882e60ba 100644 --- a/src/swanctl/swanctl.opt +++ b/src/swanctl/swanctl.opt @@ -102,6 +102,14 @@ connections.<conn>.pull = yes Push mode is currently supported for IKEv1, but not in IKEv2. It is used by a few implementations only, pull mode is recommended. +connections.<conn>.dscp = 000000 + Differentiated Services Field Codepoint to set on outgoing IKE packets (six + binary digits). + + Differentiated Services Field Codepoint to set on outgoing IKE packets for + this connection. The value is a six digit binary encoded string specifying + the Codepoint to set, as defined in RFC 2474. + connections.<conn>.encap = no Enforce UDP encapsulation by faking NAT-D payloads. |