Define a special XFRM mark_t.value that dynamically uses the CHILD_SA reqid
authorMartin Willi <martin@revosec.ch>
Wed, 21 Mar 2012 14:41:45 +0000 (15:41 +0100)
committerMartin Willi <martin@revosec.ch>
Thu, 22 Mar 2012 08:05:56 +0000 (09:05 +0100)
src/libcharon/sa/child_sa.c
src/libhydra/kernel/kernel_ipsec.h

index 2130a59..ee3733a 100644 (file)
@@ -1079,6 +1079,15 @@ child_sa_t * child_sa_create(host_t *me, host_t* other,
                this->reqid = rekey ? rekey : ++reqid;
        }
 
+       if (this->mark_in.value == MARK_REQID)
+       {
+               this->mark_in.value = this->reqid;
+       }
+       if (this->mark_out.value == MARK_REQID)
+       {
+               this->mark_out.value = this->reqid;
+       }
+
        /* MIPv6 proxy transport mode sets SA endpoints to TS hosts */
        if (config->get_mode(config) == MODE_TRANSPORT &&
                config->use_proxy_mode(config))
index 7af76a3..852f056 100644 (file)
@@ -172,6 +172,11 @@ struct mark_t {
 };
 
 /**
+ * Special mark value that uses the reqid of the CHILD_SA as mark
+ */
+#define MARK_REQID (0xFFFFFFFF)
+
+/**
  * Interface to the ipsec subsystem of the kernel.
  *
  * The kernel ipsec interface handles the communication with the kernel