Add a ikedscp ipsec.conf option to set DSCP value on outgoing IKE packets
This commit is contained in:
Martin Willi
parent
5b15bd5f9d
commit
7fbe516f88
7 changed files with 23 additions and 4 deletions
|
|
@ -235,7 +235,7 @@ static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg
|
|||
msg->add_conn.other.allow_any,
|
||||
msg->add_conn.other.ikeport,
|
||||
msg->add_conn.fragmentation,
|
||||
0);
|
||||
msg->add_conn.ikedscp);
|
||||
add_proposals(this, msg->add_conn.algorithms.ike, ike_cfg, NULL);
|
||||
return ike_cfg;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -33,6 +33,7 @@ typedef enum {
|
|||
ARG_TIME,
|
||||
ARG_ULNG,
|
||||
ARG_ULLI,
|
||||
ARG_UBIN,
|
||||
ARG_PCNT,
|
||||
ARG_STR,
|
||||
ARG_LST,
|
||||
|
|
@ -146,6 +147,7 @@ static const token_info_t token_info[] =
|
|||
{ ARG_MISC, 0, NULL /* KW_MOBIKE */ },
|
||||
{ ARG_MISC, 0, NULL /* KW_FORCEENCAPS */ },
|
||||
{ ARG_ENUM, offsetof(starter_conn_t, fragmentation), LST_fragmentation },
|
||||
{ ARG_UBIN, offsetof(starter_conn_t, ikedscp), NULL },
|
||||
{ ARG_TIME, offsetof(starter_conn_t, sa_ike_life_seconds), NULL },
|
||||
{ ARG_TIME, offsetof(starter_conn_t, sa_ipsec_life_seconds), NULL },
|
||||
{ ARG_TIME, offsetof(starter_conn_t, sa_rekey_margin), NULL },
|
||||
|
|
@ -399,6 +401,21 @@ bool assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base,
|
|||
}
|
||||
}
|
||||
break;
|
||||
case ARG_UBIN:
|
||||
{
|
||||
char *endptr;
|
||||
u_int *u = (u_int *)p;
|
||||
|
||||
*u = strtoul(kw->value, &endptr, 2);
|
||||
|
||||
if (*endptr != '\0')
|
||||
{
|
||||
DBG1(DBG_APP, "# bad binary value: %s=%s", kw->entry->name,
|
||||
kw->value);
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
break;
|
||||
case ARG_TIME:
|
||||
{
|
||||
char *endptr;
|
||||
|
|
|
|||
|
|
@ -148,6 +148,7 @@ struct starter_conn {
|
|||
ipsec_mode_t mode;
|
||||
bool proxy_mode;
|
||||
fragmentation_t fragmentation;
|
||||
u_int ikedscp;
|
||||
sa_option_t options;
|
||||
time_t sa_ike_life_seconds;
|
||||
time_t sa_ipsec_life_seconds;
|
||||
|
|
@ -246,4 +247,3 @@ extern starter_config_t *confread_load(const char *file);
|
|||
extern void confread_free(starter_config_t *cfg);
|
||||
|
||||
#endif /* _IPSEC_CONFREAD_H_ */
|
||||
|
||||
|
|
|
|||
|
|
@ -43,6 +43,7 @@ typedef enum {
|
|||
KW_MOBIKE,
|
||||
KW_FORCEENCAPS,
|
||||
KW_FRAGMENTATION,
|
||||
KW_IKEDSCP,
|
||||
KW_IKELIFETIME,
|
||||
KW_KEYLIFE,
|
||||
KW_REKEYMARGIN,
|
||||
|
|
@ -186,4 +187,3 @@ typedef enum {
|
|||
} kw_token_t;
|
||||
|
||||
#endif /* _KEYWORDS_H_ */
|
||||
|
||||
|
|
|
|||
|
|
@ -41,6 +41,7 @@ aaa_identity, KW_AAA_IDENTITY
|
|||
mobike, KW_MOBIKE
|
||||
forceencaps, KW_FORCEENCAPS
|
||||
fragmentation, KW_FRAGMENTATION
|
||||
ikedscp, KW_IKEDSCP,
|
||||
ikelifetime, KW_IKELIFETIME
|
||||
lifetime, KW_KEYLIFE
|
||||
keylife, KW_KEYLIFE
|
||||
|
|
|
|||
|
|
@ -181,6 +181,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
|
|||
msg.add_conn.mobike = conn->options & SA_OPTION_MOBIKE;
|
||||
msg.add_conn.force_encap = conn->options & SA_OPTION_FORCE_ENCAP;
|
||||
msg.add_conn.fragmentation = conn->fragmentation;
|
||||
msg.add_conn.ikedscp = conn->ikedscp;
|
||||
msg.add_conn.ipcomp = conn->options & SA_OPTION_COMPRESS;
|
||||
msg.add_conn.install_policy = conn->install_policy;
|
||||
msg.add_conn.aggressive = conn->aggressive;
|
||||
|
|
@ -330,4 +331,3 @@ int starter_stroke_configure(starter_config_t *cfg)
|
|||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -262,6 +262,7 @@ struct stroke_msg_t {
|
|||
int close_action;
|
||||
u_int32_t reqid;
|
||||
u_int32_t tfc;
|
||||
u_int8_t ikedscp;
|
||||
|
||||
crl_policy_t crl_policy;
|
||||
int unique;
|
||||
|
|
|
|||
Loading…
Reference in a new issue