child-sa: Replace reqid based marks by "unique" marks
[strongswan.git] / src / libcharon / sa / ikev1 / tasks / quick_mode.c
index 1133aab..5fe04c0 100644 (file)
@@ -156,6 +156,16 @@ struct private_quick_mode_t {
        u_int32_t reqid;
 
        /**
+        * Explicit inbound mark value to use, if any
+        */
+       u_int mark_in;
+
+       /**
+        * Explicit inbound mark value to use, if any
+        */
+       u_int mark_out;
+
+       /**
         * SPI of SA we rekey
         */
        u_int32_t rekey;
@@ -788,7 +798,8 @@ METHOD(task_t, build_i, status_t,
                        this->child_sa = child_sa_create(
                                                                        this->ike_sa->get_my_host(this->ike_sa),
                                                                        this->ike_sa->get_other_host(this->ike_sa),
-                                                                       this->config, this->reqid, this->udp);
+                                                                       this->config, this->reqid, this->udp,
+                                                                       this->mark_in, this->mark_out);
 
                        if (this->udp && this->mode == MODE_TRANSPORT)
                        {
@@ -972,6 +983,10 @@ static void check_for_rekeyed_child(private_quick_mode_t *this)
                                        {
                                                this->reqid = child_sa->get_reqid(child_sa);
                                                this->rekey = child_sa->get_spi(child_sa, TRUE);
+                                               this->mark_in = child_sa->get_mark(child_sa,
+                                                                                                                       TRUE).value;
+                                               this->mark_out = child_sa->get_mark(child_sa,
+                                                                                                                       FALSE).value;
                                                child_sa->set_state(child_sa, CHILD_REKEYING);
                                                DBG1(DBG_IKE, "detected rekeying of CHILD_SA %s{%u}",
                                                         child_sa->get_name(child_sa), this->reqid);
@@ -1097,7 +1112,8 @@ METHOD(task_t, process_r, status_t,
                        this->child_sa = child_sa_create(
                                                                        this->ike_sa->get_my_host(this->ike_sa),
                                                                        this->ike_sa->get_other_host(this->ike_sa),
-                                                                       this->config, this->reqid, this->udp);
+                                                                       this->config, this->reqid, this->udp,
+                                                                       this->mark_in, this->mark_out);
 
                        tsi = linked_list_create_with_items(this->tsi, NULL);
                        tsr = linked_list_create_with_items(this->tsr, NULL);
@@ -1307,6 +1323,13 @@ METHOD(quick_mode_t, use_reqid, void,
        this->reqid = reqid;
 }
 
+METHOD(quick_mode_t, use_marks, void,
+       private_quick_mode_t *this, u_int in, u_int out)
+{
+       this->mark_in = in;
+       this->mark_out = out;
+}
+
 METHOD(quick_mode_t, rekey, void,
        private_quick_mode_t *this, u_int32_t spi)
 {
@@ -1334,6 +1357,8 @@ METHOD(task_t, migrate, void,
        this->dh = NULL;
        this->spi_i = 0;
        this->spi_r = 0;
+       this->mark_in = 0;
+       this->mark_out = 0;
 
        if (!this->initiator)
        {
@@ -1372,6 +1397,7 @@ quick_mode_t *quick_mode_create(ike_sa_t *ike_sa, child_cfg_t *config,
                                .destroy = _destroy,
                        },
                        .use_reqid = _use_reqid,
+                       .use_marks = _use_marks,
                        .rekey = _rekey,
                },
                .ike_sa = ike_sa,