diff options
-rw-r--r-- | src/libcharon/plugins/vici/README.md | 4 | ||||
-rw-r--r-- | src/libcharon/plugins/vici/vici_query.c | 15 |
2 files changed, 19 insertions, 0 deletions
diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md index 18a3ef7b5..4e53d7cc9 100644 --- a/src/libcharon/plugins/vici/README.md +++ b/src/libcharon/plugins/vici/README.md @@ -689,6 +689,10 @@ command. spi-out = <hex encoded outbound SPI> cpi-in = <hex encoded inbound CPI, if using compression> cpi-out = <hex encoded outbound CPI, if using compression> + mark-in = <hex encoded inbound Netfilter mark value> + mark-mask-in = <hex encoded inbound Netfilter mark mask> + mark-out = <hex encoded outbound Netfilter mark value> + mark-mask-out = <hex encoded outbound Netfilter mark mask> encr-alg = <ESP encryption algorithm name, if any> encr-keysize = <ESP encryption key size, if applicable> integ-alg = <ESP or AH integrity algorithm name, if any> diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c index 828b61927..e3a16f5ea 100644 --- a/src/libcharon/plugins/vici/vici_query.c +++ b/src/libcharon/plugins/vici/vici_query.c @@ -79,6 +79,19 @@ struct private_vici_query_t { time_t uptime; }; +static void add_mark(vici_builder_t *b, mark_t mark, + char *label, char *mask_label) +{ + if (mark.value | mark.mask) + { + b->add_kv(b, label, "%.8x", mark.value); + if (~mark.mask) + { + b->add_kv(b, mask_label, "%.8x", mark.mask); + } + } +} + /** * List details of a CHILD_SA */ @@ -114,6 +127,8 @@ static void list_child(private_vici_query_t *this, vici_builder_t *b, b->add_kv(b, "cpi-in", "%.4x", ntohs(child->get_cpi(child, TRUE))); b->add_kv(b, "cpi-out", "%.4x", ntohs(child->get_cpi(child, FALSE))); } + add_mark(b, child->get_mark(child, TRUE), "mark-in", "mark-mask-in"); + add_mark(b, child->get_mark(child, FALSE), "mark-out", "mark-mask-out"); proposal = child->get_proposal(child); if (proposal) { |