vici: Make interface ID configurable
This commit is contained in:
parent
07166ce25e
commit
18ed5a07db
|
@ -528,6 +528,8 @@ static void log_child_data(child_data_t *data, char *name)
|
||||||
DBG2(DBG_CFG, " tfc = %d", cfg->tfc);
|
DBG2(DBG_CFG, " tfc = %d", cfg->tfc);
|
||||||
DBG2(DBG_CFG, " priority = %d", cfg->priority);
|
DBG2(DBG_CFG, " priority = %d", cfg->priority);
|
||||||
DBG2(DBG_CFG, " interface = %s", cfg->interface);
|
DBG2(DBG_CFG, " interface = %s", cfg->interface);
|
||||||
|
DBG2(DBG_CFG, " if_id_in = %u", cfg->if_id_in);
|
||||||
|
DBG2(DBG_CFG, " if_id_out = %u", cfg->if_id_out);
|
||||||
DBG2(DBG_CFG, " mark_in = %u/%u",
|
DBG2(DBG_CFG, " mark_in = %u/%u",
|
||||||
cfg->mark_in.value, cfg->mark_in.mask);
|
cfg->mark_in.value, cfg->mark_in.mask);
|
||||||
DBG2(DBG_CFG, " mark_in_sa = %u", has_opt(OPT_MARK_IN_SA));
|
DBG2(DBG_CFG, " mark_in_sa = %u", has_opt(OPT_MARK_IN_SA));
|
||||||
|
@ -1220,6 +1222,21 @@ CALLBACK(parse_set_mark, bool,
|
||||||
return mark_from_string(buf, MARK_OP_SAME, out);
|
return mark_from_string(buf, MARK_OP_SAME, out);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Parse interface ID
|
||||||
|
*/
|
||||||
|
CALLBACK(parse_if_id, bool,
|
||||||
|
uint32_t *out, chunk_t v)
|
||||||
|
{
|
||||||
|
char buf[32];
|
||||||
|
|
||||||
|
if (!vici_stringify(v, buf, sizeof(buf)))
|
||||||
|
{
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
return if_id_from_string(buf, out);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Parse TFC padding option
|
* Parse TFC padding option
|
||||||
*/
|
*/
|
||||||
|
@ -1688,6 +1705,8 @@ CALLBACK(child_kv, bool,
|
||||||
{ "copy_df", parse_opt_copy_df, &child->cfg.options },
|
{ "copy_df", parse_opt_copy_df, &child->cfg.options },
|
||||||
{ "copy_ecn", parse_opt_copy_ecn, &child->cfg.options },
|
{ "copy_ecn", parse_opt_copy_ecn, &child->cfg.options },
|
||||||
{ "copy_dscp", parse_copy_dscp, &child->cfg.copy_dscp },
|
{ "copy_dscp", parse_copy_dscp, &child->cfg.copy_dscp },
|
||||||
|
{ "if_id_in", parse_if_id, &child->cfg.if_id_in },
|
||||||
|
{ "if_id_out", parse_if_id, &child->cfg.if_id_out },
|
||||||
};
|
};
|
||||||
|
|
||||||
return parse_rules(rules, countof(rules), name, value,
|
return parse_rules(rules, countof(rules), name, value,
|
||||||
|
|
|
@ -916,6 +916,24 @@ connections.<conn>.children.<child>.mark_out = 0/0x00000000
|
||||||
An additional mask may be appended to the mark, separated by _/_. The
|
An additional mask may be appended to the mark, separated by _/_. The
|
||||||
default mask if omitted is 0xffffffff.
|
default mask if omitted is 0xffffffff.
|
||||||
|
|
||||||
|
connections.<conn>.children.<child>.if_id_in = 0
|
||||||
|
Inbound XFRM interface ID.
|
||||||
|
|
||||||
|
XFRM interface ID set on inbound policies/SA. This allows installing
|
||||||
|
duplicate policies/SAs and associates them with an interface with the same
|
||||||
|
ID. The special value _%unique_ sets a unique interface ID on each CHILD_SA
|
||||||
|
instance, beyond that the value _%unique-dir_ assigns a different unique
|
||||||
|
interface ID for each CHILD_SA direction (in/out).
|
||||||
|
|
||||||
|
connections.<conn>.children.<child>.if_id_out = 0
|
||||||
|
Outbound XFRM interface ID.
|
||||||
|
|
||||||
|
XFRM interface ID set on outbound policies/SA. This allows installing
|
||||||
|
duplicate policies/SAs and associates them with an interface with the same
|
||||||
|
ID. The special value _%unique_ sets a unique interface ID on each CHILD_SA
|
||||||
|
instance, beyond that the value _%unique-dir_ assigns a different unique
|
||||||
|
interface ID for each CHILD_SA direction (in/out).
|
||||||
|
|
||||||
connections.<conn>.children.<child>.set_mark_in = 0/0x00000000
|
connections.<conn>.children.<child>.set_mark_in = 0/0x00000000
|
||||||
Netfilter mark applied to packets after the inbound IPsec SA processed them.
|
Netfilter mark applied to packets after the inbound IPsec SA processed them.
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue