ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

vici: Make interface ID configurable

This commit is contained in:
Tobias Brunner 2019-02-12 12:10:06 +01:00
parent 07166ce25e
commit 18ed5a07db
2 changed files with 37 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/libcharon/plugins/vici/vici_config.c
View File

@ -528,6 +528,8 @@ static void log_child_data(child_data_t *data, char *name)
DBG2(DBG_CFG, " tfc = %d", cfg->tfc);
DBG2(DBG_CFG, " priority = %d", cfg->priority);
DBG2(DBG_CFG, " interface = %s", cfg->interface);
DBG2(DBG_CFG, " if_id_in = %u", cfg->if_id_in);
DBG2(DBG_CFG, " if_id_out = %u", cfg->if_id_out);
DBG2(DBG_CFG, " mark_in = %u/%u",
cfg->mark_in.value, cfg->mark_in.mask);
DBG2(DBG_CFG, " mark_in_sa = %u", has_opt(OPT_MARK_IN_SA));
@ -1220,6 +1222,21 @@ CALLBACK(parse_set_mark, bool,
return mark_from_string(buf, MARK_OP_SAME, out);
}
/**
* Parse interface ID
*/
CALLBACK(parse_if_id, bool,
uint32_t *out, chunk_t v)
{
char buf[32];
if (!vici_stringify(v, buf, sizeof(buf)))
{
return FALSE;
}
return if_id_from_string(buf, out);
}
/**
* Parse TFC padding option
*/
@ -1688,6 +1705,8 @@ CALLBACK(child_kv, bool,
{ "copy_df", parse_opt_copy_df, &child->cfg.options },
{ "copy_ecn", parse_opt_copy_ecn, &child->cfg.options },
{ "copy_dscp", parse_copy_dscp, &child->cfg.copy_dscp },
{ "if_id_in", parse_if_id, &child->cfg.if_id_in },
{ "if_id_out", parse_if_id, &child->cfg.if_id_out },
};
return parse_rules(rules, countof(rules), name, value,

18
src/swanctl/swanctl.opt
View File

@ -916,6 +916,24 @@ connections.<conn>.children.<child>.mark_out = 0/0x00000000
An additional mask may be appended to the mark, separated by _/_. The
default mask if omitted is 0xffffffff.
connections.<conn>.children.<child>.if_id_in = 0
Inbound XFRM interface ID.
XFRM interface ID set on inbound policies/SA. This allows installing
duplicate policies/SAs and associates them with an interface with the same
ID. The special value _%unique_ sets a unique interface ID on each CHILD_SA
instance, beyond that the value _%unique-dir_ assigns a different unique
interface ID for each CHILD_SA direction (in/out).
connections.<conn>.children.<child>.if_id_out = 0
Outbound XFRM interface ID.
XFRM interface ID set on outbound policies/SA. This allows installing
duplicate policies/SAs and associates them with an interface with the same
ID. The special value _%unique_ sets a unique interface ID on each CHILD_SA
instance, beyond that the value _%unique-dir_ assigns a different unique
interface ID for each CHILD_SA direction (in/out).
connections.<conn>.children.<child>.set_mark_in = 0/0x00000000
Netfilter mark applied to packets after the inbound IPsec SA processed them.