diff options
Diffstat (limited to 'src/libcharon/config')
| -rw-r--r-- | src/libcharon/config/child_cfg.c | 38 | ||||
| -rw-r--r-- | src/libcharon/config/child_cfg.h | 23 |
2 files changed, 58 insertions, 3 deletions
diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c index a33502eff..d3f688a5d 100644 --- a/src/libcharon/config/child_cfg.c +++ b/src/libcharon/config/child_cfg.c @@ -114,11 +114,20 @@ struct private_child_cfg_t { u_int32_t inactivity; /** - * Reqid to install CHIL_SA with + * Reqid to install CHILD_SA with */ u_int32_t reqid; /** + * Optional mark to install inbound CHILD_SA with + */ + mark_t mark_in; + + /** + * Optional mark to install outbound CHILD_SA with + */ + mark_t mark_out; + /** * set up IPsec transport SA in MIPv6 proxy mode */ bool proxy_mode; @@ -461,6 +470,14 @@ static u_int32_t get_reqid(private_child_cfg_t *this) } /** + * Implementation of child_cfg_t.get_mark. + */ +static mark_t get_mark(private_child_cfg_t *this, bool inbound) +{ + return inbound ? this->mark_in : this->mark_out; +} + +/** * Implementation of child_cfg_t.set_mipv6_options. */ static void set_mipv6_options(private_child_cfg_t *this, bool proxy_mode, @@ -521,7 +538,8 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, char *updown, bool hostaccess, ipsec_mode_t mode, action_t dpd_action, action_t close_action, bool ipcomp, - u_int32_t inactivity, u_int32_t reqid) + u_int32_t inactivity, u_int32_t reqid, + mark_t *mark) { private_child_cfg_t *this = malloc_thing(private_child_cfg_t); @@ -542,6 +560,7 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, this->public.use_ipcomp = (bool (*) (child_cfg_t *))use_ipcomp; this->public.get_inactivity = (u_int32_t (*) (child_cfg_t *))get_inactivity; this->public.get_reqid = (u_int32_t (*) (child_cfg_t *))get_reqid; + this->public.get_mark = (mark_t (*) (child_cfg_t *,bool))get_mark; this->public.use_proxy_mode = (bool (*) (child_cfg_t *))use_proxy_mode; this->public.install_policy = (bool (*) (child_cfg_t *))install_policy; this->public.get_ref = (child_cfg_t* (*) (child_cfg_t*))get_ref; @@ -556,6 +575,21 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, this->use_ipcomp = ipcomp; this->inactivity = inactivity; this->reqid = reqid; + + /* TODO configure separate inbound and outbound marks */ + if (mark) + { + this->mark_in = *mark; + this->mark_out = *mark; + } + else + { + this->mark_in.value = 0; + this->mark_in.mask = 0; + this->mark_out.value = 0; + this->mark_out.mask = 0; + } + this->proxy_mode = FALSE; this->install_policy = TRUE; this->refcount = 1; diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h index db86cd6aa..a40191829 100644 --- a/src/libcharon/config/child_cfg.h +++ b/src/libcharon/config/child_cfg.h @@ -26,6 +26,7 @@ typedef enum action_t action_t; typedef enum ipcomp_transform_t ipcomp_transform_t; typedef struct lifetime_cfg_t lifetime_cfg_t; +typedef struct mark_t mark_t; typedef struct child_cfg_t child_cfg_t; #include <library.h> @@ -83,6 +84,16 @@ struct lifetime_cfg_t { }; /** + * A mark_t defines an optional mark in a CHILD_SA. + */ +struct mark_t { + /** Mark value */ + u_int32_t value; + /** Mark mask */ + u_int32_t mask; +}; + +/** * A child_cfg_t defines the config template for a CHILD_SA. * * After creation, proposals and traffic selectors may be added to the config. @@ -246,6 +257,14 @@ struct child_cfg_t { u_int32_t (*get_reqid)(child_cfg_t *this); /** + * Optional mark for CHILD_SA + * + * @param inbound TRUE for inbound, FALSE for outbound + * @return mark + */ + mark_t (*get_mark)(child_cfg_t *this, bool inbound); + + /** * Sets two options needed for Mobile IPv6 interoperability * * @param proxy_mode use IPsec transport proxy mode (default FALSE) @@ -307,12 +326,14 @@ struct child_cfg_t { * @param ipcomp use IPComp, if peer supports it * @param inactivity inactivity timeout in s before closing a CHILD_SA * @param reqid specific reqid to use for CHILD_SA, 0 for auto assign + * @param mark optional mark (can be NULL) * @return child_cfg_t object */ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, char *updown, bool hostaccess, ipsec_mode_t mode, action_t dpd_action, action_t close_action, bool ipcomp, - u_int32_t inactivity, u_int32_t reqid); + u_int32_t inactivity, u_int32_t reqid, + mark_t *mark); #endif /** CHILD_CFG_H_ @}*/ |